Gery Shalon, Joshua Samuel Aaron and Ziv Orenstein, all from
Israel, were charged in a 23-count indictment with alleged crimes
targeting 12 companies, including nine financial services companies
and media outlets including The Wall Street Journal.
Prosecutors said the enterprise dated from 2007, and caused the
exposure of personal information belonging to more than 100 million
people.
"By any measure, the data breaches at these firms were breathtaking
in scope and in size," and signal a "brave new world of hacking for
profit," U.S. Attorney Preet Bharara said at a press conference in
Manhattan.
The alleged enterprise included pumping up stock prices, online
casinos, payment processing for criminals, an illegal bitcoin
exchange, and the laundering of money through at least 75 shell
companies and accounts around the world.
Tuesday's charges expand a case first announced in July, and
according to U.S. Attorney General Loretta Lynch target "one of the
largest thefts of financial-related data in history."
The charges are also the first tied to the JPMorgan attack, which
prosecutors said involved the stealing of records belonging to more
than 83 million customers, the largest theft of customer data from a
U.S. financial institution.
Authorities said Shalon and Aaron executed that hacking, using a
computer server in Egypt that they had rented under an alias that
Shalon often used.
E*TRADE, TD AMERITRADE, NEWS CORP
A separate indictment unveiled in Atlanta against Shalon, Aaron and
an unnamed defendant said the brokerages E*Trade Financial Corp and
Scotttrade Inc were also targets, and personal information of more
than 10 million customers was compromised.
TD Ameritrade Holding Corp and News Corp's Dow Jones unit, which
publishes The Wall Street Journal, said they were also targets.
Fidelity Investments was also a target, a person familiar with the
matter said.
Other targets could not be immediately verified.
Shalon, 31, of Savyon, Israel, and Orenstein, 40, of Bat Hefer,
Israel, were arrested in July. Aaron, 31, a U.S. citizen who lives
in Moscow and Tel Aviv, remains at large and is the subject of an
FBI "wanted" poster.
Another defendant, Anthony Murgio, 31, of Tampa, Florida, was
charged separately over the bitcoin exchange, Coin.mx. He was
originally charged in July, and faces an arraignment on Friday. A
co-defendant in that case, Yuri Lebedev, is in "discussions" with
prosecutors, Bharara said.
Lawyers for the defendants were not immediately available for
comment.
JPMorgan on Tuesday confirmed that the latest charges relate to the
2014 attack, and said it continues to cooperate with law enforcement
efforts to fight cybercrime.
It also said that only contact information such as names, addresses
and emails was accessed, and that account information, passwords or
Social Security numbers were not compromised.
E*Trade said it has contacted 31,000 customers who may have been
affected. News Corp said the indictment relates to a breach that
targeted subscribers, and which was disclosed on Oct. 9.
LIKE DRINKING VODKA
The new charges portray Shalon as the ringleader, having
orchestrated hackings since 2012 against nine companies, and along
with Orenstein having since 2007 run at least 12 illegal Internet
casinos.
[to top of second column] |
Prosecutors said Shalon and Orenstein also ran payment processors
IDPay and Todur, through which they collected $18 million of fees to
process hundreds of millions of dollars of transactions for
criminals.
Shalon was also accused of running the illegal bitcoin exchange
Coin.mx with Murgio, and concealing at least $100 million in Swiss
and other accounts.
Prosecutors said the illegal proceeds included tens of millions of
dollars from manipulating the prices of stocks sold to customers
whose information had been stolen, and who the defendants arranged
to be cold-called.
According to prosecutors, Shalon was sure this would work because
Americans liked buying stocks. "It's like drinking freaking vodka in
Russia," he allegedly told an accomplice.
Meanwhile, the Atlanta indictment said that after Scottrade's
computers were breached in late 2013, Shalon expressed a desire in
an online chat to see credit card and trade data for customers, so
"they will know that we know info about them for real, and they will
trust us more."
Aaron was identified in the FBI poster as the "front-man" in the
scheme where, using the alias "Mike Shields," he conspired to drive
up stock prices and dump shares at inflated prices.
"Securities fraud on cyber steroids," as Bharara put it.
The indictment against Shalon, Orenstein and Aaron includes counts
of computer hacking, securities and wire fraud, identity theft,
illegal Internet gambling and conspiring to commit money laundering.
Not all counts were brought against all defendants.
Murgio faces seven counts including wire fraud, money laundering and
operating an unlicensed money transmitter.
The U.S. Securities and Exchange Commission previously filed civil
charges against Shalon, Aaron and Orenstein.
The cases are U.S. v. Shalon et al, U.S. District Court, Southern
District of New York, No. 15-cr-00333; U.S. v. Murgio in the same
court, No. 15-cr-00769; and U.S. v. Shalon et al, U.S. District
Court, Northern District of Georgia, No. 15-cr-00393.
(Reporting by Jonathan Stempel and Nate Raymond in New York;
Additional reporting by Jim Finkle and Ross Kerber in Boston, and
David Henry, Olivia Oran and Jessica Toonkel in New York; Editing by
Chizu Nomiyama and Meredith Mazzilli)
[© 2015 Thomson Reuters. All rights
reserved.]
Copyright 2015 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
|