Last summer, hackers managed to shock the world and break into JPMorgan Chase's computers - picking up 83 million households and small businesses' worth of mail addresses and phone numbers.
Now authorities may be on the verge of using that hack as the key to figuring out how to bust the responsible parties. Moreover, authorities are also reporting that unlike in previous cases where the suspects were outside the reach of U.S. prosecution, this batch of suspects is “gettable.”
Previous high profile breaches - Target, Home Depot, Michaels - have led to investigation but no arrests as suspects are often in nations like Russia which do not extradite to the U.S.
The JPMorgan hack, fortunately for investigators, was not as technologically advanced as initially suspected. Law enforcement was able to ID some suspects early; it has also helped that banking has been defined as critical infrastructure by the DHS, which made this investigation a top priority.
“The government has finite resources to deal with cybercrime and as a result tends to look for cases which can create maximum impact,” said Thomas Brown, a senior managing director with FTI Consulting and a former chief of the computer and intellectual property crime unit for the Feds.
JPMC, for its part, claims it protects customers with $250 million per year of security. Early assessements of the bank's efforts toward a post breach overhaul have found “significant progress” in reducing “severe patch issues” in its digital network, but still had critical issues to address.
The January report to the bank’s cybersecurity business control committee — a copy of which was reviewed by The New York Times — stated that one of the servers needs additional anti-virus protection (though it did note that work is underway).
Patching holes in the bank’s network is critical because hackers exploited such vulnerabilities by using one server's lack of two-factor authentication to gain high level access to more than 90 servers. They were stopped before customer financial information could be compromised.
A JPMorgan spokeswoman declined to comment.
“The bad news is that many of these folks are located overseas, and they are using encryption and servers all over the world,” said Leslie R. Caldwell, the assistant attorney general for the criminal division at the Justice Department. “But the good news is if we are able to jump on the breach early enough, we have an electronic trail and can get that evidence.”
In many cases, hackers also wait before they use the data they steal to evade detection.
“We’ve seen them steal and then store or secrete the data for long periods of time,” said Joseph M. Demarest, the assistant director of the FBI’s cyber division. “We see them evolve their skills and trade craft and monetizing.”