JPMorgan CYBER-HEIST: 9 US financial firms snared by 'Russian hackers', says report Russian hackers with "loose connections" to Vladimir Putin's government were reportedly behind the massive JPMorgan cyber-heist understood to have hit 83 million households and businesses in the US. According to the New York Times, nine other Stateside financial institutions were also targeted by wrongdoers involved in the …
Why the concern around the list of apps? If you know JPM is running apache a.b.c but the current version is a.b.z then you can try known exploits against that version. If you know their desktops are running Windows ME with Office 97 then you can try emailing exploit codes that take advantage of those versions. If you know their standard database server is Lotus Notes then you can add those exploits to the payload you're emailing them.
Getting a list of apps may extend beyond the one single machine you've been able to own.
The hackers know this and so use machines based in the US (how cheap is a VPS? Or, heck, a few thousand pre-0wned desktops) or other countries to do the attack from. They use stealth techniques to make it harder for IDS systems to detect them (it gets lost in normal internet noise from the gazillion bots on the net; just look at any machine with open port 22 and the thousands of login attemps; look at any webserver and the number of bots hitting them). It's easy to protect home machines; not so easy for a megacorp or megabank. At least not without stopping customers from doing business with them! (I'm sure there are JPM customers in Russia, either permanently or just on holiday).
"I don't allow Russian IP address blocks"
I'm sure that Russian hackers are quite capable of using exploited Linux boxes from elsewhere to attack you if they are blocked from Russia...your approach provides no real additional security.
"Given that I don't plan on going to Russia, no need to allow those IP's access."
What on earth has if you go to Russia or not got to do with it?
Apparently JPMorgan spends over $200mm a year on cyber security ( http://www.reuters.com/article/2014/04/09/us-jpmorganchase-dimon-idUSBREA3822W20140409 ). However it has over 255k employees ( wikipedia ). No matter how much you spend, with that number of people someone somewhere is going to do something stupid and allow attackers in. Whether it's misconfigured firewalls, staff infected with zero-day malware, developers leaving passwords in plain text, default passwords... someone somewhere will make a mistake. Conclusion: people are a problem.
It looks like "names","address","phone number","email address" is the limit of the personal data leak. ( http://investor.shareholder.com/jpmorganchase/secfiling.cfm?filingID=1193125-14-362173&CIK=19617 ). That's bad (especially the email address) but fortunately no account numbers or SSNs or similar.
Absolutely agree 100% - exactly what I was thinking, though I was laughing, and I always laugh when the origin is "speculated" as being Russian, Chinese, or whatever nation the US is having trouble with at the time.
It always reminds me of the Iraq with weapons of mass destruction debacle. All bullshit.
"I know you can see what I'm doing with my right hand, keep looking at it." :D
The fact is, the current IT structure is ridiculously easy to hack and virtually impossible to defend.Most security comes down to making it look good when the auditors come around and keeping open access for the bosses so that they are are not inconvenienced. Big data inevitably leads to small holes everywhere.
Snowden has shown us how easily government agencies can walk in through the back door of almost any system but for some reason large corporate entities seem to think that they are not going to be targeted.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
