WASHINGTON, October 23 (RIA Novosti) — The mainstream western media jumped to conclusions and exercised "bad media reporting" in covering the data breach at JPMorgan and laying the blame on Russia, CrowdStrike Co-founder and CTO Dmitri Alperovitch said.
"The amount of bad media reporting I have seen on that specific case exceeds anything I have seen in years," said Alperovitch at a Wednesday discussion of cybersecurity at the Atlantic Council. "There was a lot of jumping to conclusions… that occurred very, very rapidly in the media."
Alperovitch referred to the blame placed on Russia by the western media for the late August hacking incident at JPMorgan, which compromised over 76 million accounts, impacting 7 million small businesses.
Media reports asserted that Russia had conducted the attacks in retaliation for Western sanctions.
"The only people commenting on it are people, who are far removed from the investigation, and that's what gets out in the press," the cyber security expert said.
On Monday, the FBI Cyber Division Assistant Director Joseph M. Demarest told the press that there was no evidence that the financial giant had been hacked by Russians in retaliation for western sanctions. Further, officials from both the FBI and the Secret Service stated that they are still not sure if the attack was conducted by a foreign government or cybercriminals.
When the cyberattack was reported late in August, many media outlets asserted that Russia bore responsibility since the financial institute was hit at the same time the West was ramping up sanctions against Russia.
According to Alperovitch, attribution in the case of cyberattacks is actually less difficult than some reports lead the public to believe.
"If you actually look through most of the big, major events we have seen in this field, they've all been attributed," Alperovitch added, noting that even cases of espionage have been attributed, even if the attribution "may not have come out publicly."
While attribution for these attacks may be traceable, determining the entity, government or rogue agent directing the attack is still a challenge.
"That's true in the physical world," Alperovitch asserted. "We don't know who's giving the order, but we know who is executing it."
CrowdStrike is an NSA-certified cyber incident responder.