JPMorgan Chase Got Megahacked This Summer

By Kevin Roose, New York Magazine

03 October 14

ike Target, Home Depot, and other large companies, Wall Street megabank and former sea mammal conservancy JPMorgan Chase got hacked this summer. Unlike those companies, JPMorgan Chase doesn't sell hammers or toilet plungers, but in fact manages $2.4 trillion in assets and holds the fate of the global economy in its hands, making its security protocol a wee bit more important.

The extent of the hack of JPMorgan Chase is astounding. According to the Times, the attack "compromised more than 76 million household accounts and seven million small-business accounts," and included hackers gaining root access to more than 90 servers.

Translated from hacker-speak: That's really, really bad. Anyone having root-level control of JPMorgan's servers would have the highest level of access possible and the ability to use those servers as if they were the administrators. JPMorgan Chase disclosed some details of the hack earlier this year, but the latest revelations make clear that the damage was much graver than previously thought. And it gets worse!

More disturbing still, these people say, hackers made off with a list of the applications and programs that run on every standard JPMorgan computer– a hacker’s road map of sorts — which hackers could cross check with known vulnerabilities in each program and web application, in search of an entry point back into the bank’s systems.

These people said it would take months for the bank to swap out its programs and applications and renegotiate licensing deals with its technology suppliers, leaving hackers plenty of time to mine the bank’s systems for unpatched, or undiscovered, vulnerabilities that would allow them reentry into JPMorgan’s systems.

Maybe it's time to stuff the cash under the mattress.