By Danny Yadron and Devlin Barrett
The Federal Bureau of Investigation hasn't found any evidence to
suggest the hacker or hackers who successfully penetrated the
computer system at J.P. Morgan Chase & Co. scored any similar
successes against other big U.S. banks, four people close to the
investigation said.
The government investigates multiple computer-security threats
against banks on a constant basis, but so far hasn't discovered
anything linking the Chase attack--which was first detected about
two months ago and which officials have described as significant
and egregious--to any similar type of penetration against other
banks.
The hackers, who employed at least one tool previously used
against financial institutions, gained access to some
account-related data. But J.P. Morgan has said it isn't
experiencing unusual amounts of fraud, and two people briefed on
the investigation said consumers likely don't face a serious
risk.
People close to the investigation said the probe is continuing
and could drag in other financial firms.
The sector also faces cyberattacks daily, and it is possible the
set of hackers behind the J.P. Morgan attack infiltrated other
banks in the past. But one person with knowledge of the
investigation said the J.P. Morgan incident was at first conflated
with suspicious activity related to other banks. As the
investigation continued, the threats appeared to be separate.
Confusion was added as numerous other financial institutions
asked investigators for details on the J.P. Morgan hack. Some took
this as an indication these banks may have faced a similar attack,
a person familiar with the matter said.
The assertion shows the difficulty investigators face after a
cyberattack first comes to light. The digital evidence trail left
after an attack often takes time to decipher. Just because two
similar organizations were attacked, doesn't mean they were hit by
the same group.
But from the beginning, several cybersecurity experts questioned
the details surrounding J.P. Morgan. Last week, some briefed on the
investigation suggested the hack against J.P Morgan may have been
retaliation for U.S. sanctions against Russia. Russian-speaking
cybercriminals often target U.S. financial firms.
On Tuesday, Dallas-based cybersecurity firm iSight Partners
Inc., which works closely with U.S. law enforcement, argued that
likely wasn't the motive and there isn't enough evidence to suggest
a coordinated attack on the U.S. financial sector.
"There is currently insufficient information to validate that
this group of banks are part of a single campaign," iSight analysts
wrote in a note to clients, which include major U.S. financial
firms. "It's more likely that this is a highly targeted criminal or
espionage campaign targeting information such as large databases or
trade secrets."
Write to Danny Yadron at danny.yadron@wsj.com and Devlin Barrett
at devlin.barrett@wsj.com
Subscribe to WSJ: http://online.wsj.com?mod=djnwires