283 182 196 LINKEDIN 8 COMMENTMORE

The cyberattacks on JPMorgan Chase and at least four other institutions were "very sophisticated" and were likely state-sponsored, the chairman of the House Intelligence Committee said Thursday.

The nation's largest bank said earlier in the day that it was working with the FBI and other authorities to determine the scope of a hacking attack that hit financial institutions. It said it is not seeing unusual fraud activity.

The other firms involved have not been identified.

Rep. Mike Rogers, R-Mich., the Intelligence Committee chairman who has been briefed on the attacks, described the intrusions on "multiple" financial institutions as "very sophisticated.''

The level of sophistication "takes a very special skill set," he said, and indicates that "clearly, either they were aided by or conducted by a state sponsor.''

While Rogers described Russia operators as among the "most capable,'' he declined to comment on the source of the attacks nor did he identify how many institutions were involved.

However, a federal law enforcement official, not authorized to comment publicly, told USA TODAY that at least four banks were hacked recently in a series of coordinated attacks that law enforcement officials believe were carried out by Russian hackers. It's unknown whether the Russian government played a role..

"This is a very real and dangerous threat and it's only going to get worse,'' Rogers said. "We've been admiring the advanced sophistication of these actions long enough. Now, it's time to do something about it."

The Financial Times reported on its website Thursday that it interviewed people familiar with the matter who say the attacks were focused on commercial banks. Wall Street investment banks including Goldman Sachs, which have been the targets of previous attempts to steal data or disrupt services, were unaffected, the FT's story said.

Although serious, those informed sources told the Financial Times that there was nothing to suggest that this new attack achieved anything of the magnitude of last year's data breach at Target, the retailer, which saw the theft of millions of cardholders' information.

However, some sensitive data was lost in the attack, Bloomberg.com said, citing unnamed security experts.

Sophisticated cyberattacks against financial institutions have become "an everyday occurrence" and are just another part of the cost of doing business today, said Alexander Southwell, a former computer crime prosecutor who is now co-chair of the information technology group at Gibson Dunn & Crutcher, a Los Angeles-based law firm.

As a result, most banks are well-prepared. "The work of cybersecurity is often like 'Whac-A-Mole,' with new threats regularly emerging, followed by efforts to stop those threats, which then leads to threats emerging in different ways," Southwell said. "This attack may simply be another round in that 'game.' "

JPMorgan suggests that customers contact the bank if they detect any suspicious activity on their accounts. All of the bank's cards have full liability protection for consumers against fraud. "As we learn more, we will contact anyone we determine may have been impacted by this," bank spokesman Michael Fusco said.

It remains unknown whether the digital intruders were financially motivated or part of an espionage campaign.

"The ability to overcome the typical financial defense-in-depth strategy outlined by JPMorgan points to capabilities that go beyond criminal activity and are in the realm of nation-state capabilities," said security expert Phil Lieberman, CEO of Lieberman Software.

JPMorgan Chase CEO Jamie Dimon said in the firm's 2013 annual report to shareholders that it has bolstered its cyberdefenses. This year, JPMorgan Chase will spend more than $250 million and devote about 1,000 people to cybersecurity, he said. The company is also building three regional state-of-the-art cybersecurity operations centers.

"We're making good progress on these and other efforts, but cyberattacks are growing every day in strength and velocity across the globe," Dimon said. "It is going to be a continual and likely never-ending battle to stay ahead of it — and, unfortunately, not every battle will be won."

JPMorgan Chase customers were targeted in a large-scale computer attack Aug. 21 reported by computer security firm Proofpoint, but there's no indication that this and the most recent attack are linked.

The Sunnyvale, Calif.-based data security firm reported multiple examples of a credential phishing campaign in which authentic-looking e-mails encouraged users to click a link to see a secure message from JPMorgan.

When they did, they were asked to enter their credentials. The Web page was hosted on a server in Moscow and installed a so-called Trojan-program onto their computer, allowing the attackers to compromise the user's computer.

Proofpoint identified several other active campaigns that appeared to be run by the same attackers, each of which attempted to install the same Trojan software.

Contributing: Jon Swartz, Elizabeth Weise and Jessica Guynn

283 182 196 LINKEDIN 8 COMMENTMORE
Read or Share this story: http://usat.ly/1plFYil