Cybersecurity Insight

JP Morgan Hackers Arrested: Dangers of Phishing

22 Jul

Authorities recently arrested four people in Israel and Florida revealing a complex securities fraud scheme. If the accused crimes of the individuals are true, then a multi-layered organization joining unlikely alliances between Moscow, Tel Aviv and West Palm Beach was dramatically uncovered.

Officials in Israel this morning picked up two men charged in the U.S. with running a multimillion-dollar stock manipulation scheme. In a separate case in Florida, officials arrested two men for operating an unlicensed money-transfer business using bitcoins.

These two individuals from Florida are also identified in a previously unreported FBI memo that connects them to the investigation of the hack of JPMorgan as well as to incidents at Fidelity Investments Ltd. and E*Trade Financial Corp. JPMorgan officials initially stated that one of the largest U.S. bank hacks in history was the work of the Russian government. But now we see that it’s not as simple as that.

None of the documents outlining the charges mention the JPMorgan hack, nor do prosecutors tie the securities fraud and money-transfer schemes together but a source familiar with the investigation stated that data stolen from JPMorgan, which included tens of millions of e-mails and names of customers, may have been sought for promoting stocks through a massive spam campaign, phishing.

Their scheme was a classic pump-and-dump operation which involved artificially raising the value of low-volume stocks and then selling them at an inflated price to easy target buyers which they attracted through spam e-mail from 2011-2012.

One of the largest U.S bank hacks in history seems to be thanks to a phishing scheme. This is a situation where educating employees about cyber security and the dangers of trusting unverified sources becomes critical. Had JPMorgan, and the other financial institutions hacked, been more proactive in their cyber security efforts then this hack may have been prevented.

One of the most effective ways you can minimize a phishing scheme devastation, like the JPMorgan hack, is through employee awareness and training. Companies need better email filtering before the recipient receives it in order to lessen the chance of malicious content being downloaded or acquiring  important credentialing. After this basic filtering, the need to develop and execute an engaging and thorough security awareness program that involves improved detection and response capabilities is key.