Cyber-attacks on JPMorgan Chase & Co. and 13 other financial companies may have been carried out by hackers from a foreign government moonlighting as criminals, a senior Federal Bureau of Investigation official said.
The FBI is investigating the possibility that hackers who raided the data banks of JPMorgan to steal customer information from 76 million households and 7 million small businesses did so with the knowledge and consent of a foreign government, Joseph Demarest, assistant director of the bureau’scyber division, said.
“There’s a blending,” Demarest told reporters at a news conference today in Washington. “They may be working as criminals by evening or dark of night and then during the day they’re working on behalf of some government.”
The FBI has seen a trend where agents of foreign governments work with criminals to carry out hacking attacks for financial gain, Demarest said. He didn’t identify the foreign governments suspected of being involved.
JPMorgan has told consultants working with the bank that it saw signs the Russian government may have had a hand in the attack, according to people familiar with the investigation who spoke on the condition of anonymity because they weren’t authorized to disclose details of the investigation.
Demarest said a determination hadn’t been made on who is behind the hacking, and he hasn’t seen any link that the attacks were in response to U.S. sanctions on Russia over its conflict with Ukraine.
The involvement of foreign governments — which have access to sophisticated and powerful spying tools — means hackers are are attacking companies that don’t have the resources to adequately defend themselves. JPMorgan was attacked even though it expected to boost yearly spending on cybersecurity to about $250 million by the end of 2014.
“They’re learning as they work for a government entity using tools that they’re exposed to or developing themselves,” Demarest told reporters at an event hosted by the Financial Services Roundtable, one of the banking industry’s top lobbying shops. “They’re able to go out and practice and use those tools for financial or monetary gain.”