data breach, Data Security
Leave a Comment

Chasing The Breach

written by Pierluigi Stella

http://online.wsj.com/articles/j-p-morgan-says-about-76-million-households-affected-by-cyber-breach-1412283372?mod=djemalertNEWS

Contact information for 76 million families and 7 million businesses.

Let’s assume the number is taken by name, address, phone number – should we approximate 100 bytes each?  That makes it 8.3 billion bytes (i.e. GB), or 66.4 Giga Bits.  Hackers don’t use large pipes, though they may be using multiple sources of attack.  To transfer that much data takes time – a lot of time.

We keep talking about security.  I, for one, cannot begin to imagine how much money Chase invests in cyber security every year.  And yet, these hackers were able to transfer 8.3 Giga Bytes of data away from the bank without anyone noticing. To put it into perspective, it’s as though you walked out of the grocery with the entire ice cream refrigerator and no one noticed.  That’s what happened here.  It’s simply baffling.  I don’t know else to express my disbelief.  Intrusion prevention, monitoring, intrusion detection, SIEMs and log management systems that should reveal anomalies and raise alerts – I know Chase has them all and so much more.

None of those worked? 

How is that even possible?

With all that’s been happening, we need to investigate if what we’re currently doing in the name of security isn’t completely wrong. And, as a result of that, hackers have identified ways to circumvent our defenses so easily they make us look like fools.

When the Target crisis exploded in January, I was outraged that the company barely had security to speak of, and whatever little they had, was circumvented because of a third party having too much access.

In the case of Chase, I am_positive_they have plenty of security measures in place. I’m certain they used every trick in the books to stay safe. I’m certain they take security very seriously because they are a Financial Institution. In fact, the largest Financial Institution in the US, and they _know_ they’ll always be a target.  This then begs the question – what happened?

It would be truly interesting, and, very enlightening, if we found out for sure what really happened and learn from this lesson because if Chase was breached, the war against cybercrime is close to being lost.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s