Hackers burrowed into the databanks of JPMorgan Chase & Co. and deftly dodged one of the world’s largest arrays of sophisticated detection systems for months.
The attack, an outline of which was provided by two people familiar with the firm’s investigation, started in June at the digital equivalent of JPMorgan’s front door, an overlooked flaw in one of the bank’s websites. From there, it quickly developed into any security team’s worst nightmare.
The hackers unleashed malicious programs that had been designed specifically to penetrate JPMorgan’s corporate network. Using these sophisticated tools, the intruders reached deep into the bank’s infrastructure, silently siphoning off gigabytes of information, including customer-account data — uninterrupted until mid-August.
Only then did a JPMorgan team conducting a routine scan trigger an alarm. They discovered a breach, now being traced and evaluated, which investigators believe originated in Russia.