An August cyberattack that resulted in the successful theft of gigs of data from JPMorgan Chase proves that the U.S. financial sector is dangerously “vulnerable,” according to former NSA Director Gen. Keith Alexander.
Anonymous sources told Bloomberg last week that the FBI and NSA were launching an investigation into the attack that targeted JPMorgan — the largest bank in the U.S. — and at least one additional unnamed bank. The sources said the sophistication of the attack along with evidence discovered on a bank computer indicated Russian government involvement — a possible retaliation for U.S. economic sanctions imposed against Russia for its support of pro-Russian separatists in Ukraine.
“How would you shake the United States back? Attack a bank in cyberspace,” Alexander said in a Wednesday Bloomberg report. “If it was them, they just sent a real message: ‘You’re vulnerable.’”
Alexander retired as Director of the NSA and head of U.S. Cyber Command in March, and has since started his own private cybersecurity company, IronNet Cybersecurity Inc. (RELATED: Ex-NSA Head Keith Alexander Defends Million-Dollar Cyber-Security Consulting)
In the years since Alexander’s tenure began at NSA in 2005, the former general repeatedly expressed his concern over so-called “advanced persistent threat” hacks, which can target government agencies and private companies for months or years undetected. Alexander has long considered the U.S. financial sector a prime target for such attacks, which could temporarily wipe out account balances and cripple the U.S. financial sector, resulting in significant economic damage.
One of IronNet Cybersecurity’s first and largest clients is the Securities Industry and Financial Markets Association — the financial industry’s biggest trade group, which is lobbying for federal assistance in order to create a “government-industry cyber-war council” to protect firms and the U.S. economy as a whole from such attacks. (RELATED: This Is Why Ex-NSA Chief Keith Alexander Can Charge $1 Million A Month For Cybersecurity)
“If you can steal the data — if you can reach in that far and steal it — you can do anything else you want,” Alexander said in the report. “You collapse one bank and our financial structure collapses.”
Though Alexander denied having any direct knowledge of the JPMorgan breach, he agreed with Bloomberg’s earlier source assessments of government involvement, and said the attackers were “a nation-state backed group” with “exceptional skills.”