Federal prosecutors on Tuesday charged three men with an array of cyber-crimes connected to a widespread hacking scheme targeting some of the largest banks, brokerage houses and business media companies.
Continue Reading Below
One of the targets was J.P. Morgan Chase (JPM), a victim of a high-profile breach that led to millions of dollars in ill-gotten profits, prosecutors charged.
Charged in the indictment handed down in Manhattan were Gery Shalon, the alleged ring-leader, and his co-conspirators Joshua Samuel Aaron and Ziv Orenstein, facing allegations of “orchestrating massive computer hacking crimes against U.S. financial institutions, brokerage firms, and financial news publishers, including the largest theft of customer data from a U.S. financial institution in history,” U.S. investigators said in a statement.
Also announced Tuesday were separate charges against Anthony R. Murgio for operating an illegal bitcoin exchange.
“As set forth in the indictment, these three defendants perpetrated one of the largest thefts of financial-related data in history – making off with the sensitive information of literally thousands of hard-working Americans,” said U.S. Attorney Loretta Lynn.
Also participating in the investigation were investigators and prosecutors for the Southern District of Manhattan, the F.B.I. and the U.S. Secret Service.
Continue Reading Below
“Today, we have exposed a cybercriminal enterprise that for years successfully and secretly hacked into the networks of a dozen companies, allegedly stealing personal information of over 100 million people, including over 80 million customers from one financial institution alone,” said Preet Bharara, U.S. Attorney for the Southern District of New York.
According to the allegations included in the indictment, from 2012 to mid-2015, Shalon, working with Aaron and others, ran the U.S. Financial Sector Hacks, stealing the personal information of over 100 million customers of the victim companies.
Among these, their network intrusion at one unnamed bank , presumably J.P. Morgan, resulted in the theft of personal information of over 80 million customers, making it the largest theft of customer data from a U.S. financial institution in history, the charges allege.
The three indicted men committed these crimes to help them commit other crimes, namely an effort to artificially manipulate the price of certain publicly traded U.S. stocks.
In addition to directing the U.S. Financial Sector Hacks, Shalon directed computer network hacks and cyberattacks against numerous companies outside of the financial sector, prosecutors said.
Shalon and the others also owned and operated unlawful internet gambling businesses in the U.S. and abroad; owned and operated multinational payment processors for illegal pharmaceutical suppliers, counterfeit and malicious software (“malware”) distributors, and unlawful internet casinos; and owned and controlled Coin.mx, an illegal U.S.-based Bitcoin exchange that operated in violation of federal anti-money laundering laws.
Through their criminal schemes, from about 2007 to July 2015, the suspects earned hundreds of millions of dollars in illicit proceeds, according to prosecutors, of which Shalon allegedly concealed at least $100 million in Swiss and other bank accounts.
JPMorgan on Tuesday confirmed that the latest charges relate to a well-publicized attack in 2014. The firm, the largest U.S. bank by assets, said it is still cooperating with investigators. E*Trade (ETFC) said it has contacted 31,000 customers who may have been affected.
News Corp's (NWSA) Dow Jones & Co, which publishes the Wall Street Journal, said in a statement that the indictment relates to a data breach the company revealed on Oct. 9. At the time Dow Jones said the attack was designed to glean contact information of current and former subscribers.