Mystery Fingers on Keyboard in JPMorgan Hack

A key figure is missing in the court documents outlining the biggest computer attack ever of the US financial system: the actual hacker.

The Israeli mastermind of the crime syndicate with global operations -- computer servers in Egypt, online casinos in Ukraine and Hungary, Azerbaijan payment processors and a Florida bitcoin exchange -- created a digital mob without a true home country, according to prosecutors. So when the gang needed a hired gun, in this case a sophisticated computer thief, it apparently turned to a harbor known for some of the best.

The hacker, identified only as co-conspirator 1 in a sweeping indictment unsealed recently, is actually a Russian master of digital break-ins known to federal agents and US spy agencies who have tracked him for years, according to three people familiar with the investigation. Another indictment unsealed this week about the gang provides a little more, citing “a computer hacker who is believed to have resided in Russia” -- one who infiltrated computer networks, located customer databases and exported the profile information to computers overseas.

It is not unusual for prosecutors to withhold names in a continuing investigation. But talks about whether to publicly identify the hacker in this case and whether to indict him reached the upper rungs of government. The prospect was the subject of various discussions at one point by officials of the National Security Agency and the White House, according to one person familiar with the matter, who said it was part of a larger debate within the Administration over how best to confront Russia over hacking amid strained US relations.

Weighing Options
"I think the government’s weighing its options at this point," said Leo Taddeo, a former special agent in charge of the Federal Bureau of Investigation’s cyber division in New York who supervised the case before he left in August and who declined to discuss its specifics. Sometimes, the names of co-conspirators are withheld in hopes they won’t go into hiding and will be easier to apprehend, said Taddeo, now chief security officer of cybersecurity company Cryptzone Inc. in Waltham, Massachusetts.

That is less of a concern in this hacking case, since the arrest and indictment of other suspects, along with the seizure of e-mails and other communications, have already alerted the hacker that US authorities are on his trail. The FBI declined to comment on the investigation, as did the White House National Security Council. The NSA didn’t respond to requests for comment. The Justice Department, which makes decisions on criminal actions independent of the executive branch, also declined to comment.

The FBI’s assessment that the financial hack and related events were purely a criminal caper, not the act of an unfriendly government, has largely been borne out by the investigation.

Still, American intelligence agencies have produced information suggesting co-conspirator 1 may enjoy the protection of the FSB, Russia’s main intelligence agency, two people briefed on the matter said. The information is not all consistent. Some intelligence suggests merely that the FSB tried to recruit the hacker, while other information indicates he may have had a more active role in FSB-directed operations, they said.

The hacker’s profile helped feed differences of opinion early on about the attacks of some of Wall Street’s biggest names. For months after the disclosure of a big systems breach last summer, JPMorgan Chase & Co. officials maintained the attack on the bank should be treated as a national security incident.

Going Undetected
Co-conspirator 1’s shadowy talents are on display throughout the two indictments, one in federal court in New York and the other in Atlanta. He appears to infiltrate some American financial institutions with ease, operating undetected inside their heavily secured computer banks for months or years.

Targeted companies included Fidelity Investments, E*Trade Financial Corp., Scottrade Financial Services Inc., Dow Jones & Co., as well as JPMorgan Chase, which alone spends more than half a billion dollars annually to secure its computers. Fidelity is the one company in this group that has said it has no indication any customer information was taken from its network.
Some of the targets were chosen by Gery Shalon, the Israeli who was the mastermind of the criminal organization spanning bitcoin companies, Internet gambling sites and securities manipulation before his arrest last summer, according to the criminal indictments.

Specialists say co-conspirator 1 may have done more than what Shalon ordered and point out that he remained in the computers of some companies for years, even though e-mail addresses and such can be spirited away quickly.
For example, when disclosing that some customer payment information may have been compromised in October, Dow Jones said that the unauthorized access to its systems occurred at certain times over three years.

Dead End
Data stolen from the targets might also have been shared with others in Russia, if that is where the hacker is working, for his own protection, said Tom Kellermann, chief cybersecurity officer for Trend Micro Inc. "This is not over," Kellermann said. "The real question now is how many backdoors are still in these systems that have yet to be detected."
US authorities almost always hit a dead end, Taddeo said, when an investigation leads to Russia.

With Shalon and some other suspects in custody, however, prosecutors may be able to plumb the inner workings of Russia’s elite cyber underground. At least two of Shalon’s alleged associates, Joshua Aaron and bitcoin operator Anthony Murgio, traveled extensively to Russia and could have met the hacker in person.

The two people familiar with the case said it is unclear if prosecutors are still considering charges against co-conspirator 1 for hacking and related crimes. He could be indicted even though Russia does not extradite its citizens to the West. 

President Barack Obama could also use new executive powers to seize assets and impose other sanctions on foreign nationals involved in cybercrime, measures the White House has yet to tap despite a run of high-profile hacks on companies and agencies.

Information-Management

 

« State-sponsored Cyberspies
Cyber War and Real War Coincide In Ukraine »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Infinigate UK

Infinigate UK

Infinigate is a value-added distributor of IT security solutions to protect and defend IT networks, servers, devices, data, applications, as well as the cloud.

RCMP Cybercrime Strategy

RCMP Cybercrime Strategy

The RCMP Cybercrime Strategy sets out in an Operational Framework and Action Plan to combat cybercrime.

Cyberbit

Cyberbit

Cyberbit empowers cybersecurity teams to be fully prepared with a product portfolio ready to detect and respond effectively across both IT and OT networks.

Avira

Avira

Avira provide a portfolio of antivirus, security and performance applications for Windows, Android, Mac, and iOS.

J2 Software

J2 Software

J2 Software is a leading African Information Security and ICT business providing information security, governance, risk and compliance solutions.

National Center for Manufacturing Sciences (NCMS)

National Center for Manufacturing Sciences (NCMS)

NCMS is a cross-industry technology development consortium, dedicated to improving the competitiveness of the US industrial base. Strategic initiatives include industrial cyber security.

Uppsala Security

Uppsala Security

Uppsala Security built the first crowdsourced Threat Intelligence platform known as the Sentinel Protocol, which is powered by blockchain technology.

Incognito Forensic Foundation Lab (IFF Lab)

Incognito Forensic Foundation Lab (IFF Lab)

IFF Lab is a premier cyber and digital forensics lab in India that offers forensic services and solutions, cyber security analysis and assessment, IT support, training and consultation.

GM Security Technologies

GM Security Technologies

GM Security Technologies provides leading managed security services of the highest quality to every type of individual and organization in Puerto Rico, Caribbean and Latin America.

WebSec B.V.

WebSec B.V.

WebSec is a Dutch Cybersecurity firm mainly focused on offensive security services such as pentesting, red teaming and security awareness and phishing campaigns.

Networks Unlimited

Networks Unlimited

Networks Unlimited is a leading value-added distributor in Africa, providing technology solutions with a focus on security, networking, enterprise systems management and cloud technologies.

IPKeys Technologies

IPKeys Technologies

IPKeys delivers innovative cybersecurity and technology solutions focused on helping the federal government reduce risk and protect the US from cyberattacks.

Cenobe Cyber Security

Cenobe Cyber Security

Cenobe provides customized solutions to keep you ahead of potential threats and ensure the security of your organization's systems and data.

Omdia

Omdia

Omdia is a technology research and advisory group. Our deep knowledge of tech markets combined with our actionable insights empower organizations to make smart growth decisions.

Chorus

Chorus

Chorus are a leading Managed Security Service Provider (MSSP), and member of the Microsoft Intelligent Security Association (MISA), with three Microsoft Advanced Specialisations in security.

Assurestor

Assurestor

Assurestor's singular focus is delivering leading cloud-based backup and disaster recovery designed to increase levels of IT resilience.