Hacking the banks

ROBBING a bank used to require a gun and a getaway car. Now hackers can attack financial institutions with a few clicks of a computer mouse. According to reports on August 27th from Bloomberg, America’s Federal Bureau of Investigation (FBI) is now investigating a series of cyber-intrusions at several American banks, including JPMorgan Chase, one of the biggest.

The attackers are said to have siphoned off large amounts of data, including customers' bank-account details. Quite what their motive is remains a mystery. One theory is that the attacks are the work of Russian hackers retaliating against international sanctions imposed as a result of Russia’s involvement in the ongoing conflict in Ukraine. Another suggests that they are the work of criminals trying to profit from the data they pilfer.

The notion that this is a form of retaliation is hard to take seriously. There are more spectacular and well-tested ways to generate publicity for a cause, such as launching denial of service attacks, which involve directing large amounts of web traffic at banks’ sites in order to slow them down or knock them offline. Over the past few years big American banks have faced repeated volleys of such attacks, which have grown in intensity.

The idea that the intrusions are motivated by a desire to steal data that could be exploited for profit, is more plausible. In the nether regions of the “dark net”— the huge swathe of the internet that is not tracked by popular web browsers such as Google and Bing—there are black markets in everything from stolen credit-card data to bank-account details. Criminal hackers could sell stolen data there quite easily.

Another possibility is that the attacks are the handiwork of people backed by a foreign power interested in gathering financial intelligence of various kinds. Big American banks do not just hold details of their customers' personal transactions. They are also involved in everything from financing trade deals to advising on big mergers and acquisitions.

Given all of the sensitive data they handle, financial institutions tend to spend far more than most other firms on computer security. So breaking into their systems typically demands a great deal of effort and resources. Some criminal groups in Russia and elsewhere have now developed the scale and sophistication to be able to crack even the most robust cyber-defences. But it is also possible that the hackers were supported by a foreign government interested in using the data collected to inform its own intelligence efforts.

More details of the attacks are likely to emerge soon, as a result of investigations being conducted by specialist cyber-security firms called in by the banks and the FBI. The government gumshoes and their consultants are likely to be kept busy. In a brief statement on the matter, JPMorgan Chase said that companies of its size “experience cyber attacks nearly every day”. Unfortunately, that is unlikely to change soon.