Friday 13 November 2015

U.S. charges three in huge cyberfraud targeting JPMorgan, others

Friday 13 November 2015


U.S. prosecutors on Tuesday unveiled criminal charges against three men accused of running a sprawling computer hacking and fraud scheme that included a huge attack against JPMorgan Chase & Co and generated hundreds of millions of dollars of illegal profit.

Gery Shalon, Joshua Samuel Aaron and Ziv Orenstein, all from Israel, were charged in a 23-count indictment with alleged crimes targeting 12 companies, including nine financial services companies and media outlets including The Wall Street Journal.

Prosecutors said the enterprise dated from 2007, and caused the exposure of personal information belonging to more than 100 million people.

"By any measure, the data breaches at these firms were breathtaking in scope and in size," and signal a "brave new world of hacking for profit," U.S. Attorney Preet Bharara said at a press conference in Manhattan.

The alleged enterprise included pumping up stock prices, online casinos, payment processing for criminals, an illegal bitcoin exchange, and the laundering of money through at least 75 shell companies and accounts around the world.

Tuesday’s charges expand a case first announced in July, and according to U.S. Attorney General Loretta Lynch target "one of the largest thefts of financial-related data in history."

The charges are also the first tied to the JPMorgan attack, which prosecutors said involved the stealing of records belonging to more than 83 million customers, the largest theft of customer data from a U.S. financial institution.

Authorities said Shalon and Aaron executed that hacking, using a computer server in Egypt that they had rented under an alias that Shalon often used.


A separate indictment unveiled in Atlanta against Shalon, Aaron and an unnamed defendant said the brokerages E*Trade Financial Corp and Scotttrade Inc were also targets, and personal information of more than 10 million customers was compromised.

TD Ameritrade Holding Corp and News Corp’s Dow Jones unit, which publishes The Wall Street Journal, said they were also targets. Fidelity Investments was also a target, a person familiar with the matter said.

Other targets could not be immediately verified.

Shalon, 31, of Savyon, Israel, and Orenstein, 40, of Bat Hefer, Israel, were arrested in July. Aaron, 31, a U.S. citizen who lives in Moscow and Tel Aviv, remains at large and is the subject of an FBI "wanted" poster.

Another defendant, Anthony Murgio, 31, of Tampa, Florida, was charged separately over the bitcoin exchange, He was originally charged in July, and faces an arraignment on Friday. A co-defendant in that case, Yuri Lebedev, is in "discussions" with prosecutors, Bharara said.

Lawyers for the defendants were not immediately available for comment.

JPMorgan on Tuesday confirmed that the latest charges relate to the 2014 attack, and said it continues to cooperate with law enforcement efforts to fight cybercrime.

It also said that only contact information such as names, addresses and emails was accessed, and that account information, passwords or Social Security numbers were not compromised.

E*Trade said it has contacted 31,000 customers who may have been affected. News Corp said the indictment relates to a breach that targeted subscribers, and which was disclosed on Oct. 9.


The new charges portray Shalon as the ringleader, having orchestrated hackings since 2012 against nine companies, and along with Orenstein having since 2007 run at least 12 illegal Internet casinos.

Prosecutors said Shalon and Orenstein also ran payment processors IDPay and Todur, through which they collected $18 million of fees to process hundreds of millions of dollars of transactions for criminals.

Shalon was also accused of running the illegal bitcoin exchange with Murgio, and concealing at least $100 million in Swiss and other accounts.

Prosecutors said the illegal proceeds included tens of millions of dollars from manipulating the prices of stocks sold to customers whose information had been stolen, and who the defendants arranged to be cold-called.

According to prosecutors, Shalon was sure this would work because Americans liked buying stocks. "It’s like drinking freaking vodka in Russia," he allegedly told an accomplice.

Meanwhile, the Atlanta indictment said that after Scottrade’s computers were breached in late 2013, Shalon expressed a desire in an online chat to see credit card and trade data for customers, so "they will know that we know info about them for real, and they will trust us more."

Aaron was identified in the FBI poster as the "front-man" in the scheme where, using the alias "Mike Shields," he conspired to drive up stock prices and dump shares at inflated prices.

"Securities fraud on cyber steroids," as Bharara put it.

The indictment against Shalon, Orenstein and Aaron includes counts of computer hacking, securities and wire fraud, identity theft, illegal Internet gambling and conspiring to commit money laundering. Not all counts were brought against all defendants.

Murgio faces seven counts including wire fraud, money laundering and operating an unlicensed money transmitter.

The U.S. Securities and Exchange Commission previously filed civil charges against Shalon, Aaron and Orenstein.

The cases are U.S. v. Shalon et al, U.S. District Court, Southern District of New York, No. 15-cr-00333; U.S. v. Murgio in the same court, No. 15-cr-00769; and U.S. v. Shalon et al, U.S. District Court, Northern District of Georgia, No. 15-cr-00393.

(Reporting by Jonathan Stempel and Nate Raymond in New York; Additional reporting by Jim Finkle and Ross Kerber in Boston, and David Henry, Olivia Oran and Jessica Toonkel in New York; Editing by Chizu Nomiyama and Meredith Mazzilli)

- That massive big-bank cyberfraud, in jaw-dropping numbers
3 men charged over massive cyberfraud that hit J.P. Morgan© Provided by MarketWatch 3 men charged over massive cyberfraud that hit J.P. Morgan
By Victor Reklaitis,
November 11, 2015
It’s been called one of the biggest cybercrimes in history, involving the theft of data from millions upon millions of people, and requiring a massive worldwide ring of accomplices.
Federal prosecutors say a “diversified criminal conglomerate” of fraudsters hacked into companies, including banks such as J.P. Morgan, to steal customers’ personal details that they then used to carry out pump-and-dump stock schemes. The data theft also made it possible for the criminals to run illegal Internet casinos and even an unlicensed bitcoin exchange.
The range of hacking was “breathtaking,” Manhattan U.S. Attorney Preet Bharara said Tuesday.
Three men have been charged in the case. Take a look at these eye-popping numbers from the the indictment to get a glimpse at the scope of the cybercrime empire:
100 million people had their sensitive information stolen.
12 companies, including J.P. Morgan Chase & Co. , online brokerages like E*Trade Financial Corp. were allegedly hacked. Also on the list is News Corp.’s Dow Jones unit, which publishes MarketWatch and The Wall Street Journal.
$100 million earned in illicit proceeds by alleged mastermind Gery Shalon, with the haul stashed in Swiss and other bank accounts. Overall, Shalon and his co-conspirators are believed to have taken in hundreds of millions of dollars through alleged wrongdoing.
75 shell companies around the world were used by those charged as they “operated their criminal schemes” and “laundered their vast criminal proceeds,” prosecutors allege.
30 false passports from 17 nations were among the “approximately 200 purported identification documents,” including fake U.S. credentials, used by the crime ring in its operations.
270 employees in Ukraine and Hungary appear to have worked for the illegal online casino business.
10 publicly traded stocks got a boost from the conglomerate’s “email promotional campaigns,” a New York company was told in around June 2011. The conglomerate said the emails — thought to have used stolen addresses — resulted in “substantial trading volume in ten particular publicly traded stocks,” the indictment says. That’s just part of the alleged pump-and-dump activity.
30 U.S. states: Shalon in January 2010 arranged to mail out advertisements promoting the Internet casinos to up to 100,000 U.S. residents in more than 30 states, the indictment says

Home | Contact | Site Map | | Site statistics | Visitors : 12 / 7912

Follow site activity en  متابعة نشاط الموقع لغات أخرى  Follow site activity English   ?    |    titre sites syndiques OPML   ?

Site powered by SPIP 3.1.3 + AHUNTSIC

Creative Commons License

"تصدر عن الاعلام المركزي_ مفوضية الشؤون الفكرية والسياسية والاعلامية - تيار المقاومة والتحرير - قوّات العاصفة_ حركة التحرير الوطني الفلسطيني "فتح

الموادالصحفية الواردة في الموقع لا تعبّر بالضرورة عن رأي الصحيفة وجميع الحقوق محفوظة للموقف- تشرين ثاني -2010