Cybercrimes and Computer Security Systems

Name:

Date of submission:

JP Morgan Cyber Attack

Introduction

In 2014, JPMorgan Chase became a victim of cyber-attack which has been rated as one of the biggest intrusions into an American bank. The attack began in the spring of 2014 after hackers came into possession of the login credentials for a certain JPMorgan employee. Thereafter they used these details to access their systems (Silver-Greenberg, Goldstein And Perlroth, 2014). Normally, many banks use a double authentication scheme but JPMorgan had failed to implement this system. The system left the bank very vulnerable to hacking and intrusion. The origin of the attack is not known but much speculative evidence indicates that it could have been from Russia. The attack on the bank affected about76, 000 households. Bank officials indicate that the damage caused on the customers was limited to the theft of the company’s emails, home addresses and their phone numbers (Silver-Greenberg, Goldstein And Perlroth, 2014). The attackers also cold called the customers and enticed them to buy near worthless shares. The price of the alleged securities would the n rise and enable these fraudsters to make profit very easily. Among the computers used was a server located in Egypt and other rented computers in South Africa and Brazil. Money was laundered through Cyprus and illegal credit card payments were made in Azerbaijan (Silver-Greenberg, Goldstein And Perlroth, 2014).

Impact of the fraud

The attack that occurred at JPMorgan Chase affected quite a number of families who were customers to the bank. Their personal information was stolen by the hackers including their home addresses, phone numbers and other personal details. The hackers thereafter created dodgy shares which they contacted the customers advising them to buy. At the price that they sold them, they were just worthless. As more customers bought the shares, the hackers made a lot of money through the sale of non-existent shares. JPMorgan Chase customer’s lost a lot of money through these transactions. Approximately 83 million Americans and small businesses were affected by the breach.

JPMorgan Chase Bank is one of the largest banks in the United States and any attack on its operations is likely to affect the economy of the entire country. The breach of data protection details could have been detrimental if the hackers gained access to classified information (Shackelford, 2012). After JPMorgan Chase Bank ceased operations for a certain period of time and the impact of the absence of this financial giant in the financial market was felt across the country. The credibility of the bank was also dented. This was evidenced in the stock market when the company’s hit the lowest minimum ever in the company’s trading history. It took some time for it to recover and reassure the shareholders and traders that their money is indeed safe. In fact, security experts say that this attack was one of the greatest cyber-attacks that have occurred in the history of a US financial institution (Glazer and Yadron, 2014). Not because of the sophistication and complexity of the attack but due to the impact it had on the economy.

Role of financial forensic investigation

Financial forensic investigators play a very important role in the detection of cases of fraud that may have occurred in an organization. They are tasked with gathering of irrefutable evidence of guilt for the persons suspected to have engaged in cyber fraud. The methodology used by these experts to gather evidence is based on the investigation of classic crimes. They have to take into consideration the fact that digital evidence changes over time. In cyber-crime investigations, it is almost impossible to secure direct evidence but investigators can gather strong and irrefutable evidence that can be produced in a court of law. This is because they mostly have to rely on digital evidence stored in a network of computers.

The team of officials that would have engaged in the investigation of this fraud would have been led by the company’s network administrators. He would also have been assisted by data transfer and protection officers. The investigation would have been geared towards elimination of the obvious issues, formation of the hypothesis for the fraud, reconstruction of the criminal activities, tracing the origin of the attack, source analysis, and preparation of evidence and submission of the findings made. The standard procedure that is used in corporate investigation is comprised of several phases which are carried out by a team of IT expert and corporate officers.

However, it is the duty of forensic officers together with the company’s IT department to put into place a system that will ensure that the company operations are protected from any intrusion. However, these officers failed to enact such a system and as a result, hackers were able to infringe into the system. Forensic audits indicated that the failure of the IT team to implement a more secure system would have prevented the attack and the losses that were incurred thereafter. However, after the attack had occurred, the forensic team would have assisted in te investigation by tracking of the computer records and analysis of the paths used. This information would have later been pieced together to produce concrete evidence of what actually transpired.

Economic losses incurred by JPMorgan Chase

The cyber-attack at JPMorgan Chase affected about 76 million households in the United States. About 7 million small businesses were also affected. Economic expert’s project that this attack was one of the worst to ever hit the country’s banking sector. JPMorgan Chase is the largest national bank and holds financial information of computer systems that run beyond the card numbers of their employees. They have a lot of sensitive information stored in their databases which can be detrimental if leaked out to the public. The hackers obtained a list of applications that are used by JPMorgan Chase in their computers which can be a roadmap to cross checking the vulnerability of each one of them. If any flaw is discovered by the hackers, it can be used as an entry point into the computer systems.

The hackers based overseas gained access to the names and private information of the customers who had accounts with them. Though forensic evidence indicates that there is no indication that the customer details were used illegal operations, the losses incurred from the subscription to the fake securities was massive. The customers who bought these securities had their money swindled from them. This was a major economic loss as the customers lost confidence in the ability of the bank to protect them together with their money. Also the credibility of the bank in dealing with such attacks was also questioned. The most important thing in the banking industry is to assure customers of the safety of their personal data as well as their finances. If this cannot be done, then the bank losses credibility among its customers and no longer operates the way it used to. This issue affected JPMorgan Chase to its core.

Accidental fraudsters and predators

Accidental fraudsters are typically first time offenders who mostly are middle aged males. They are married and well educated. In most cases, they are trusted employees of a given company. They are usually entrusted with a position of great responsibility (Lau, Xia & Li, 2012). Most of them are usually bestowed with a position of power within the communities that they live. These individuals tend to have problems that are typically non-sharable mostly financial in nature or the solution to the problem is money. This puts them in a position where they feel pressured to do something given the vast amount of money they are handling. When these people are aligned with an opportunity and the ability to rationalize their actions, they succumb to the pressure and the good citizens turn into villains (Lau, Xia & Li, 2012). They come up with a fraud scheme and end up misappropriating the assets of a company. In most jurisdictions, this is terms as a form of corruption.

Despite the provisions of the fraud act, the accidental fraudsters are normally considered to be good and law abiding people who have a very good understanding of the law and under normal circumstances would never engage themselves into acts such as theft or breaking the law in such a way that their acts would end up harming others. When these people are discovered and caught, their families are normally surprised and even shocked due to the alleged behavior of the person suspected to have been the perpetrator of the crime. The shock and disbelief can be attributed to the fact that these perpetrators are usually in positions of trust, are well educated and usually have leadership skills that are take in high regard (Lau, Xia & Li, 2012). This category of criminals is described as white collar criminals. According to Sutherland, is characteristic of the upper white collar class and is mainly done by respectable business men and women. In some economies it is referred to as economic crime carrying the notion that the perpetrator of the crime has definitely abused his power. The creation of the fraud triangle was done with the accidental fraudsters being taken into consideration (Lau, Xia & Li, 2012). The triangle helps investigators to understand the reason as to why the offenders committed the crimes and also profile them on the social scale, the economic scale and the psychological scale.

The predator on the other hand is a person who seeks out an organization which he can defraud and starts scheming on his planned fraud activity. The predator seeks to deliberately defraud the organization with very little remorse. Besides these deliberate offenders, there are also other criminals whose sole motive is to defraud an organization at their own benefit. This is a common phenomenon in organizational crimes (Walters, 2014). Organizational crimes are common in both public and private organizations. Predators are normally involved in complex case of fraud, corruption and financial schemes. Due to the fact that their activities are deliberate and aimed at a particular goal since the onset, they are better organized than the accidental fraudsters. Within the fraud triangle, investigators examine the complexity of the crime, the conversion and the judicial community that is involved in the case. Some of the commonly known complex frauds include money laundering, drug trafficking, terrorism, tax evasion among others. In the case of JPMorgan Chase, the perpetrators of the crime were predators whose aim was to defraud the bank and its customers.

Role of team work in countering cyber fraud

The protection of the banking systems is a task allocated to different employees at JPMorgan Chase bank. Through team effort, all the stakeholders could have come together and helped to prevent the fraud. The forensic officers come in handy in the analysis of the system performance, audit of the company transactions and detection of any anomaly in the transactions made. Through close monitoring of the activities that are going on, they can easily detect a fraud. The IT officers who are mandated with securing the system should work together with the top management and the forensic officials to ensure that they secure the entire system from any potential attack. The financial officers should also ensure that they carry out proper audits of the accounts and report any inconsistency noted in the system. Through team effort, the actions of each person in the team will be complementary and should help to monitor any possible fraud.

Conclusion

In summary, the attack that happed at JPMorgan Chase could have been prevented. However, the failure of the security team to implement a two way authentication system led to the infringement that occurred at the company. Team work is crucial for the prevention of fraud. It is only through the efforts of each and every member of the team that the entire system can be made secure from fraudsters.

References

Walters, R. (2014). Cyber attacks on us companies in 2014. Heritage Foundation Issue Brief, (4289).

Lau, R. Y., Xia, Y., & Li, C. (2012). Social Media Analytics for Cyber Attack Forensic. International Journal of Research in Engineering and Technology (IJRET), 1(4), 217-220.

Jessica Silver-Greenberg, Matthew Goldstein And Nicole Perlroth, 2014, JPMorgan Chase Hacking Affects 76 Million Households, New York Times. Available at http://dealbook.nytimes.com/2014/10/02/jpmorgan-discovers-further-cyber-security-issues/

Shackelford, S. J. (2012). Should your firm invest in cyber risk insurance?.Business Horizons, 55(4), 349-356.

Emily Glazer and Danny Yadron (October 2 2014). J.P. Morgan Says About 76 Million Households Affected By Cyber Breach, Wall Street Journal. Available at http://www.wsj.com/articles/j-p-morgan-says-about-76-million-households-affected-by-cyber-breach-1412283372