5 thoughts on “What Really Caused the JPMorgan Chase Breach?”

  1. What exactly do you mean when you say that the cause of the breach “was the theft of that one employee’s login credentials?” If the login credential that was stolen was a password, wouldn’t two factor authentication have prevented the breach? Or do you mean that the employee was the victim of a man-in-the-middle attack, where the employee provided his/her one-time password to a phishing site, which then turned around and used it to access the bank’s records? If the latter, then I agree that two factor authentication based on OTP would not have prevented the breach.

    1. The article I cited mentions that username and password combinations were stolen from the Corporate Challenge website using a compromised certificate: http://dealbook.nytimes.com/2014/10/31/discovery-of-jpmorgan-cyberattack-aided-by-company-that-runs-race-website-for-bank/

      The combinations were then tested against other sites by hackers. It sounds like someone reused the same username/password combination on two different sites; a receipe for disaster.

      Just to be clear, I’m not trying to say two-factor authentication wouldn’t have helped. It might have stopped this particular line of attack. My remarks were mainly directed towards articles that made it sound like the data breach had only one cause. We simply don’t know enough about how the attack was carried out. The bank itself was reluctant to disclose details on this.

      A JPMorgan spokeswoman said “the hackers were unable to go directly from the Corporate Challenge website into the bank’s network.” If not, then how did the attackers get in? It would help if we knew more about how the attack was carried out.

      Ultimately, I think the New York Times got the specific issue of TFA correct: the attack might have been thwarted if TFA had been enabled. Without more information, it’s difficult to draw more conclusions.

      If I’ve missed some information, please let me know in the comments.

  2. You really make it seem so easy with your presentation but I find this matter to be actually something which I think I would never understand. It seems too complex and very broad for me. I’m looking forward for your next post, I will try to get the hang of it!

  3. My Partner And I really wish to tell you which I’m really new to having a blog and incredibly liked your information. Very possible I am likely to store your site post . You definitely have outstanding article topic. Admire it for share-out with us your blog document.

  4. “Thanks for ones marvelous posting! I actually enjoyed reading it, you can be a great author.
    I will remember to bookmark your blog and may come back later in life.
    I want to encourage continue your great work,
    have a nice afternoon!”

Leave a Reply

Your email address will not be published. Required fields are marked *