Logging into his system, he went through his initial checklist of things he usually performed when he arrived at work. He perused the incident logs and incident reports, looking for anything suspicious that one of his other teammates might have found. He immediately spotted a red flag in something that one of the analysts had posted a couple just a few minutes ago. Seeing that no one had fully looked into it yet, he grabbed the incident report to see what was going on.
As he read the report more closely, he noticed something unusual. An employee from the credit card side of the bank had gained access to the bank’s records system.
“Hmm… you’re not allowed to be in there,” he thought. He immediately searched to see what the unauthorized person was looking for. Following the trail of the intrusion, he shadowed each click the person had made, taking him deeper and deeper into the credit card records — from records of individual credit card programs, to individual state records, to entire branch records. Then, to his horror, he discovered that the individual was systematically deleting millions of credit card records.
Dennis tried to intervene at once. However, as he tried to put a wrench into the intruder’s actions, he saw that they had moved from the current live records to the backup files stored at Iron Mountain, their off-site backup vendor. “How the hell is this guy accessing all of these records?” he wondered. No one should have that level of access.
Dennis reached for his phone and hit the speed dial button to call the corporate security desk, which was manned twenty-four hours a day.
“Security, this is Jim,” came a stern voice on the other end.
“Jim, this is Dennis at the insider threat desk. We have an emergency, and I need you to physically stop an employee who is currently inside the New York city office at once! He’s sitting at desk 18E 12W.”
“Oh, wow. OK, we’ll send a couple of people up there now and lock his access card out,” replied Jim. He immediately started to talk to a few other people nearby.
“Jim, you have to make sure this guy doesn’t escape the building, and call the police,” said Dennis urgently, praying the man on the other end could still hear him. “I’m calling the FBI and Secret Service. This is huge. Don’t let him get away!” He stayed on the phone just long enough to make sure his message had been received, and then he hung up the phone and prepared to place an additional call to his own boss.
Standing at his desk, he waved for one of the other employees manning the twenty-four-hour office to come over. While talking to his boss, he pointed at his monitors. The employee bent down and looked at what was going on, and her eyes grew wide as saucers.
“Holy crap!” she exclaimed.
Dennis desperately tried to cut the guy’s access to the system off, but nothing was working.
“What do you mean, you can’t cut his access off?” his boss shouted angrily over the phone.
“He’s got admin level access. I have no idea how he obtained it, but his access is above my own. I think it’s even above yours,” Dennis explained.
“I’m heading into the office now. Make sure security detains this guy, you understand?” The call ended abruptly.
A few minutes went by, and then Jim from security in New York called him. “Dennis, we’ve got a security team at that desk location, but there’s no one there. It’s empty. I’ve got my guys locking down the entire building, and the police are on the way. Can you see if he’s still on the computer? Could he have remoted into this terminal?”
Dennis’s mind was racing, trying to figure out what was happening. Maybe the intruder had hacked into this employee’s account and was remotely logging in using a stolen admin login. Dennis looked at the admin code and quickly tracked it down to a bank’s Chief Information Security Officer, his boss’s boss.
“How in the world could these hackers have gotten the CISO’s admin code?” Dennis thought. His mind was practically exploding.
“What do we know about this cyberattack taking place at JP Morgan?” asked Josh Morgan, President Foss’s Chief of Staff. He wanted to get up to speed on things before the President joined the meeting.
Kevin Hampton, the Treasury Secretary, spoke up first. “It’s a disaster is what it is. Whoever these hackers are, they managed to get inside the bank’s credit card records, and they systematically wiped them out. They not only deleted the records, they managed to destroy the backup records at Iron Mountain, which is no small feat.”
Josh looked at the Director of Homeland Security and the FBI Director for an explanation. Maria Nelson jumped in. “We’re still gathering all the facts, but what we know right now is that someone coopted a work terminal in the New York office and remoted in from an unknown location to initiate the hack. Once they had gained access to the system, the intruder used the Chief Information Security Officer’s administrative access, which gave them complete access to the entire bank’s system. They then used that access to wipe out every trace of credit data on the roughly 43 million Americans who had a Chase credit card. At the time of the hack, those accounts had balances of roughly $274 billion.”
Josh sat up a little straighter in his chair as he heard the number, then crunched his eyebrows a bit. “Are you saying JP Morgan just lost $274 billion?” he asked incredulously. “What happened to the money? Are the individuals whose accounts were affected still liable for their balance?”
“That’s what I’m talking about, yes,” Nelson confirmed. “As of three hours ago, JP Morgan effectively lost the records of $274 billion. It’s gone. With no electronic record at the bank or their off-site locations, they have no way of saying how much each individual person actually owes. When word gets out of how severe this hack was and how much money essentially just evaporated at the bank, it’ll collapse. Their stock will tank.”
Molly Emerson, the DHS Director, added, “This is much bigger than just JP Morgan. If this could happen to them, who’s to say it can’t or won’t happen to the other banks? For all we know, the hackers could have placed additional viruses or trojan horses in the Iron Mountain facility, just waiting to be activated. This could be the first domino to fall in the complete monetary collapse of our economy.”
Kevin Hampton, the Treasury Secretary, moaned and rubbed his head.
Nelson shot him a look as if to say, “You don’t have to be so dramatic.” She cleared her throat, then offered, “We think we might have a lead on who perpetrated the attack.”
All eyes turned to her.
“You’d better be absolutely sure about that before you tell the President,” Josh asserted. “He’s going to want to respond to whoever did this to us, and I’m pretty certain he’ll be using the military to do it.”
Before Maria Nelson had a chance to reply, the President walked in, along with Secretary of Defense Jim Castle and Admiral Meyer, the Chairman of the Joint Chiefs.
Signaling for everyone to take their seats, the President said, “I assume the news about this hack is pretty bad for you to have called everyone in like this.”
Josh looked at the President and nodded. “I’m afraid it is, Mr. President. I believe Secretary Hampton should probably give you the initial brief before Homeland and the FBI present what they know.”