What you need to know about the JPMorgan Chase cyberattack http://on.mash.to/ZD8eCO
Sky News
JPMorgan Cyber-Attack Hits 83m Bank Accounts http://news.sky.com/story/1346762/jpmorgan-cyber-attack-hits-83m-bank-accounts …
Huffington Post
JPMorgan data breach hit more than half of all households in America http://huff.to/1rQRxOW
MarketsTicker
J.P. Morgan doesn’t plan to inform victims of cyber attack http://on.mktw.net/1vwCJUd
http://www.businessinsider.com/jpmorgan-cyber-attack-russian-breach-sanctions-2014-10
REPORT: 'Russians' Behind Huge JPMorgan Cyberattack
AP/Mikhail KlimentyevRussian President Vladimir Putin.
US officials are far more concerned than they are publicly acknowledging about the gigantic cyberattack against JPMorgan that affected as many as 76 million households.
And they believe Russians with at least loose connections to the country's government are behind the attack, according to a new report from The New York Times.
JP Morgan revealed Thursday that as many as 76 million households and 7 million small businesses may have had private data compromised in the breach, one of the largest and most serious into a US corporation.
Data that may have been compromised in the breach include contact information and "internal JPMorgan Chase information" relating to the users, according to an SEC filing from the company.
They weren't alone, according to the new report. The Times says that "about" nine other financial institutions were infiltrated by the same group of hackers, though the breadth and scope of those breaches aren't known.
One US official speculated that the hack may be in retaliation for US sanctions against Russia amid the ongoing crisis in Ukraine.
****
But according to the new report in the Times, the hackers got access to one file that has unsettled company executives.
"That file contained a list of every application and program deployed on standard JPMorgan computers that hackers can crosscheck with known, or new, vulnerabilities in each system in a search for a backdoor entry," the report said. Remedying the applications and the program affected by the hack will be costly and time-consuming.
It is, one former employee told the paper, as if "they stole the schematics to the Capitol — they can’t just switch out every single door and window pane overnight."
****
http://www.lawfareblog.com/2012/10/the-significance-of-panettas-cyber-speech-and-the-persistent-difficulty-of-deterring-cyberattacks/
The Significance of Panetta’s Cyber Speech and the Persistent Difficulty of Deterring Cyberattacks
Secretary of Defense Leon Panetta’s speech last week on cyber is more significant than has been reported. Most of the coverage focused on Panetta’s grave warnings about cyber threats facing the nation, but the speech’s real significance, I think, concerns DOD’s evolving deterrence posture. (The speech has other significant elements, but I focus here on deterrence.)
Panetta had two main messages related to deterrence. First, because the USG’s attribution skills have improved, “[p]otential aggressors should be aware that the United States has the capacity to locate them and to hold them accountable for their actions that may try to harm America.” Second, “If we detect an imminent threat of attack that will cause significant, physical destruction in the United States or kill American citizens,” then on the orders of the President, DOD can “conduct effective operations to counter threats to our national interests in cyberspace.” (This second point echoes earlier USG statements, including one made earlier this month by DRNSA Keith Alexander, who said, somewhat less cautiously than Panetta, that DOD must be able to “stop [an attack] before it happens. . . . Part of our defense has to consider offensive measures like that to stop it from happening.”)
Here is what I think is significant about Panetta’s speech.
First, DOD has previously said that it is trying to improve is attribution capabilities, and in conversation officials have noted some success. Panetta goes further, saying concretely and definitively that DOD has “made significant advances in solving” the attribution problem, presumably through a combination of tracing back the source of a cyber attack and identifying the attacker through “behavior-based algorithms” and human and electronic intelligence. Panetta does not tell us how good or fast DOD is at attribution, and he may to some unknown degree be puffing. Nonetheless, this is a potentially big deal for cyber deterrence.
Second, Panetta was more aggressive than DOD has been in the past about the trigger for a self-defensive cyberattack by the United States. Previously, DOD has stated that adversaries would face a “grave risk” if they launched a “crippling” or “significant” cyberattack on the homeland. Panetta’s speech changes this posture in two ways. He is less definitive about the high threshold of a “significant” or “crippling” attack as a trigger for a USG response, and indeed implies that the threshold is (or can be) lower. And more importantly, he makes plain that the DOD has the capabilities and desire to engage in a preemptive attacks against imminent cyber threats. This possibility has been hinted at before (most recently, in Alexander’s comment above and in Harold Koh’s NSA Cyber Command legal conference speech last month). But Panetta was more definitive about DOD’s capacity and desire to engage in such attacks. (Herb Lin, chief scientist at the National Research Council’s Computer Science and Telecommunications Board, noted to me that Panetta referred to the need to “take action” with “effective operations” against imminent cyberthreats, and pointedly did not state that such actions or operations would necessarily involve cyber means or cyber targets. This is consistent with DOD’s prior claims that it would use “cyber and/or kinetic capabilities” to redress large-scale cyberattacks.) Panetta was ambiguous, however, about whether DOD currently has the authorities to engage in such preemptive attacks (by cyber means or other means) in the face of cyber threats. He said that “we need to have the option to take action against those who would attack us to defend this nation when directed by the president” (emphasis added), and he emphasized DOD capabilities while several times calling for more DOD authorities.
****
http://www.cnn.com/2013/03/12/us/threat-assessment/
Washington (CNN) -- Cyberattacks pose more of a threat to the United States than a land-based attack by a terrorist group, while North Korea's development of a nuclear weapons program poses a "serious threat," the director of national intelligence told Congress on Tuesday.
The warning by Director of National Intelligence James Clapper came in his annual report to Congress on the threats facing the United States.
"Attacks, which might involve cyber and financial weapons, can be deniable and unattributable," Clapper said in prepared remarks before the Senate Select Committee on Intelligence. "Destruction can be invisible, latent and progressive."
The Internet is increasingly being used as a tool both by nations and terror groups to achieve their objectives, according to Clapper's report.
However, there is only a "remote chance" of a major cyberattack on the United States that would cause widespread disruptions, such as regional power outages, the report says. Most countries or groups don't have the capacity to pull it off.
****
'Cyberespionage and cyberattacks'
For the first time, the emphasis of Clapper's report was on cyberthreats, in the form of cyberattacks or cyberespionage.
Already, foreign intelligence and security services have "penetrated numerous computer networks" in the United States belonging to the government and private sector alike, the report says.
Although classified networks have been targeted, the majority of these attacks have involved unclassified networks, it states.
The United States has enjoyed a technological edge over other nations, but advances in information technology and business practices are evening the playing field, according to the report.
"This is almost certainly allowing our adversaries to close the technological gap between our respective militaries, slowly neutralizing one of our key advantages in the international arena," it said.
However, there is only a "remote chance" of a major cyberattack on the United State that would cause widespread disruptions, such as regional power outages, the report says. Most countries or groups don't have the capacity to pull it off.
The report names China and Russia as two of the most "advanced cyber actors," but says they are unlikely to launch an attack.
****
No comments:
Post a Comment