Cyberthieves seeking payment card data have a tendency to sniff out a weak link, the softest way to enter a secure site. With Target, it found credentials to get in through a refrigeration, heating and air conditioning subcontractor. New word is that J.P. Morgan Chase’s attackers used a similar method, sneaking in through the relatively unprotected site promoting a foot race Chase was sponsoring.
The investigation of the attack, which stole contact information for 76 million households and 7 million small businesses, made key progress when it started “looking at data not on its own system but stolen from another website and shuttled to servers on the other side of the world. Armed with information about the hackers’ activity on the outside website, (Chase) was able to mitigate the damage before hackers were able to break into more sensitive bank data like customers’ passwords or Social Security numbers,” according to a story in The Wall Street Journal.
As corporate sites today link to an ever-increasing number of third-party services for a huge range of services, such backdoor attacker are likely to become more common.
“In August, bank executives led by Chief Operating Officer Matt Zames and Chief Information Security Officer Greg Rattray linked the race website breach back to several overseas I.P. addresses. Then they queried J.P. Morgan’s own network logs to see if there had been any communication with those addresses. There were. The bank discovered that (attackers) had been in its system since at least June. The investigators ultimately linked the attack to 11 I.P. addresses that were distributed anonymously to other banks in mid-August,” the story reported. “In recent weeks, the investigation by multiple federal agencies into the matter has been hampered, people familiar with the matter said, because (the attackers) deleted many of the log files that tracked their movements through the bank’s network. Several of those I.P. addresses, viewed by The Wall Street Journal, link back to Eastern Europe, including Russia. Other addresses could be linked to Egypt and Brazil, according to a search of public Internet records.”