Caught in the crossfire of a cyber Cold War

Fears are mounting that Vladimir Putin has instructed hackers to target banks like JP Morgan

A few weeks ago, America’s biggest bank was hacked. Nimble computer whizzes scaled JP Morgan’s complex digital ramparts and found themselves sitting at the heart of a US institution with assets worth $2.5 trillion. Several gigabytes of data were taken, though the bank insists it has not yet seen unusual levels of fraud.

The FBI is investigating the attack, revealed yesterday, with at least one other bank reportedly affected.

Hacking is nothing new for a company of JP Morgan’s size. As Dave Palmer, head of technology at the cyber security firm Darktrace, put it: “Being an organisation on the internet is like having someone constantly banging on your door and rattling your windows.”

But what made this attack different, investigators  believe, was the possible identity of the perpetrator: the Russian state.

The sophistication, origin and target have led experts to conclude that the incursion may have been the work of hackers either directly instructed or at least supported by Vladimir Putin’s Government, with speculation that it could be in retaliation for the West’s involvement in Ukraine. It is not the first time Russia has been accused of using such tactics: Georgia and Estonia both faced cyber attacks during periods of conflict with Russia.

But the prospect of Western businesses coming under attack not only from cyber bandits but hostile nations is a worrying one. The Sun newspaper, Microsoft and eBay have all already been targeted by the Syrian Electronic Army, while five Chinese military officers were indicted in the US earlier this year on corporate hacking charges.

In July, the Chinese businessman Su Bin was arrested for allegedly hacking into Boeing and other defence contractors’ IT systems in an attempt to obtain information on jets, military cargo, aircraft and weapons to sell to Chinese companies.

 “Right now there is a huge cold war happening on the internet,” said Costin Raiu, director of global research and analysis at the cyber security firm Kaspersky Lab. “In such an environment, where nation states are fighting each other, businesses are in danger of becoming collateral damage.”

Details on the JP Morgan attack are scant but Joe Hancock, a cyber-security expert at the insurer Aegis, said: “State-sponsored attackers tend to be looking for economically sensitive data, intellectual property and things that are more directly useful to the country.”

State-sponsored or endorsed cyber attacks are nothing new, with the earliest example dating back to 1998. But Mr Raiu said incidents have exploded since the detection in 2010 of Stuxnet, a computer worm that infected Iran’s nuclear systems and was believed to have been created by the US and Israel. The American oil giant Chevron suffered collateral damage in  that attack after its computers were infected with the virus.

Mr Raiu estimates that there are now between 100 and 1,000 state-backed cyber attacks annually, but certainty is elusive. “Attribution is nearly impossible,” said Mr Palmer. “It’s easy for someone with knowledge and resources to make it look like it was someone else.”

Much of what security experts believe to be state-backed hacking has in essence been cyber espionage. But there is a danger of it escalating. “What we worry about most is someone being able to carry out a real-world action based on a cyber attack – being able to cause a problem with the electricity grid or stopping a business being able to function,” said Mr Hancock.

Sources indicate that the JP Morgan attack was isolated to its US operations, but the UK is just as vulnerable and several big European banks have reportedly been targeted in recent months. Cyber security is one of the Bank of England’s biggest priorities – it has already run two “war game” scenarios with lenders to test defences and has put in place a cross-company network for reporting attacks. In June the Bank also introduced CBEST, a framework for assessing cyber risk.

At the moment, much of the focus is on detection rather than protection, in part because of the difficulty stopping state-backed attacks. The JP Morgan breach used a so-called “zero day vulnerability” – a flaw in a system that had not yet been discovered. Mr Hancock said: “There’s always a way to get into any organisation if you have enough money and enough time, which ultimately state-sponsored efforts have.”

However, Mr Palmer stressed that state-backed hacks still only represent a “tiny fraction of a per cent” of total attacks, many of which are amateurish and easy to thwart. Businesses are advised to use “ethical hackers” to test for vulnerabilities before criminals spot them.

But Mr Hancock warned: We are seeing an uptick in cyber attacks across all industries.” He added: “There’s a quote from Robert Mueller [head of the FBI at the time] from 2012: ‘There are two types of businesses – those who have been hacked and those who will be.’”

Infected: How hackers got in

2014: ‘Energetic Bear’ US and European energy companies were infected by malware that allows energy monitoring and possibly interference with real-world networks. The attack was believed to be Russian.

2014: ‘Snake’ Ukrainian computers, including those of the Kiev Government, were hit by a virus, allowing surveillance and the launching of more destructive attacks. Russia thought to be behind the attack.

2013: ‘Syrian Electronic Army’ The SEA targeted a series of high-profile websites, such as The New York Times, Twitter and the US Marine Corps, taking over the sites and posting pro-Syrian messages.

2012: ‘Izz ad-Din al-Qassam Cyber Fighters’ Hackers suspected of having links to Iran targeted the websites of US financial institutions such as Bank of America and the New York Stock Exchange.

Start your day with The Independent, sign up for daily news emails
ebooks
ebooksA celebration of British elections
  • Get to the point
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

iJobs Job Widget
iJobs Money & Business

SThree: Trainee Recruitment Consultant - Swiss Banking and Finance

£20000 - £25000 per annum + Uncapped commission: SThree: Can you speak German,...

Ashdown Group: Marketing Executive - 6 month FTC - Central London

£25000 - £30000 per annum + benefits: Ashdown Group: An exciting opportunity f...

Ashdown Group: Junior Project Manager (website, web application) - Agile

£215 per day: Ashdown Group: Junior Project Manager (website, web application ...

Guru Careers: Software Engineer / Software Developer

£40-50K: Guru Careers: We are seeking an experienced Software Engineer / Softw...

Day In a Page

Fishing for votes with Nigel Farage: The Ukip leader shows how he can work an audience as he casts his line to the disaffected of Grimsby

Fishing is on Nigel Farage's mind

Ukip leader casts a line to the disaffected
Who is bombing whom in the Middle East? It's amazing they don't all hit each other

Who is bombing whom in the Middle East?

Robert Fisk untangles the countries and factions
China's influence on fashion: At the top of the game both creatively and commercially

China's influence on fashion

At the top of the game both creatively and commercially
Lord O’Donnell: Former cabinet secretary on the election and life away from the levers of power

The man known as GOD has a reputation for getting the job done

Lord O'Donnell's three principles of rule
Rainbow shades: It's all bright on the night

Rainbow shades

It's all bright on the night
'It was first time I had ever tasted chocolate. I kept a piece, and when Amsterdam was liberated, I gave it to the first Allied soldier I saw'

Bread from heaven

Dutch survivors thank RAF for World War II drop that saved millions
Britain will be 'run for the wealthy and powerful' if Tories retain power - Labour

How 'the Axe' helped Labour

UK will be 'run for the wealthy and powerful' if Tories retain power
Rare and exclusive video shows the horrific price paid by activists for challenging the rule of jihadist extremists in Syria

The price to be paid for challenging the rule of extremists

A revolution now 'consuming its own children'
Welcome to the world of Megagames

Welcome to the world of Megagames

300 players take part in Watch the Skies! board game in London
'Nymphomaniac' actress reveals what it was really like to star in one of the most explicit films ever

Charlotte Gainsbourg on 'Nymphomaniac'

Starring in one of the most explicit films ever
Robert Fisk in Abu Dhabi: The Emirates' out-of-sight migrant workers helping to build the dream projects of its rulers

Robert Fisk in Abu Dhabi

The Emirates' out-of-sight migrant workers helping to build the dream projects of its rulers
Vince Cable interview: Charging fees for employment tribunals was 'a very bad move'

Vince Cable exclusive interview

Charging fees for employment tribunals was 'a very bad move'
Iwan Rheon interview: Game of Thrones star returns to his Welsh roots to record debut album

Iwan Rheon is returning to his Welsh roots

Rheon is best known for his role as the Bastard of Bolton. It's gruelling playing a sadistic torturer, he tells Craig McLean, but it hasn't stopped him recording an album of Welsh psychedelia
Morne Hardenberg interview: Cameraman for BBC's upcoming show Shark on filming the ocean's most dangerous predator

It's time for my close-up

Meet the man who films great whites for a living
Increasing numbers of homeless people in America keep their mobile phones on the streets

Homeless people keep mobile phones

A homeless person with a smartphone is a common sight in the US. And that's creating a network where the 'hobo' community can share information - and fight stigma - like never before