Hackers who stole gigabytes of data from JPMorgan Chase & Co. may have been trying to send a message that U.S. financial institutions can be disrupted, the former director of the National Security Agency said.
The FBI is investigating the cyberattack on JPMorgan and whether other banks were penetrated in retaliation for U.S.- backed sanctions on Russia, according to people familiar with the investigation who asked not to be identified because the probe is still underway.
Keith Alexander, the NSA director from 2005 until last March, said he had no direct knowledge of the attack though it could have been backed by the Russian government in response to sanctions imposed by the U.S. and EU over the crisis in Ukraine.
“How would you shake the United States back? Attack a bank in cyberspace,” said Alexander, a retired U.S. Army general who has started his own cybersecurity company to sell services to U.S. banks. “If it was them, they just sent a real message: ‘You’re vulnerable.'”
As NSA chief and head of the U.S. Cyber Command, Alexander tracked and tried to thwart international hackers, giving him knowledge of their tactics. He was head of the NSA in 2008 when the country of Georgia was invaded by Russia and experienced a series of disruptive cyberattacks believed to be the work of Russian hackers.
The hackers who attacked JPMorgan, the biggest U.S. bank, were “a group with exceptional skills or a nation-state backed group,” Alexander said in an interview yesterday at Bloomberg’s Washington bureau.
The attack occurred last month and resulted in the loss of gigabytes of sensitive data, said the people familiar with the investigation. Authorities are investigating whether recent infiltrations of major European banks using a similar vulnerability are linked to the attack, one of the people said.
Security experts say the sophistication of the attacks appeared to be beyond the capability of ordinary criminal hackers. The incidents occurred at a low point in relations with Russia as the West tightens sanctions aimed at crippling Russian companies, including some of the country’s most important banks, over its suspected support for Ukrainian rebels.
JPMorgan spokeswoman Patricia Wexler declined to comment on Alexander’s claims. She noted that the company in statements it issued last week said it is cooperating with investigators, has enhanced its security and hasn’t seen any unusual fraud levels. FBI spokesman Joshua Campbell declined to comment on Alexander’s assessment.
The attack could have been intended to give U.S. policymakers pause as they are making international and economic decisions, Alexander said.
“If you can steal the data — if you can reach in that far and steal it — you can do anything else you want,” he said. “You collapse one bank and our financial structure collapses.”
JPMorgan Chief Executive Officer Jamie Dimon, 58, has warned shareholders in annual letters that hackers’ efforts to breach the bank’s computers were growing more frequent, sophisticated and dangerous. The bank expects to boost annual spending on cybersecurity by 25 percent to about $250 million by the end of the year from 2013 levels, he wrote in April.
“If you wanted to send a message, do you think that was significant enough for the U.S. government to say one of the best banks that we have from a cybersecurity perspective was infiltrated by somebody?” Alexander asked. “And if they could get in to do that, even if they never use it, they could get in and collapse it. Does that cause you concern?”
–With assistance from Carter Dougherty, Susan Decker and Jordan Robertson in Washington.