‘Brave new world’ of hacking: Feds charge 3 men for stealing data from 100 million
Federal prosecutors called it “the largest theft of financial-related data in history” when they unsealed an indictment against three men at the center of a sprawling hacking criminal enterprise. The men face decades in jail, and one is still at-large.
“The charged crimes showcase a brave new world of hacking for profit,” said Manhattan US Attorney Preet Bharara in a statement on Tuesday. “It is no longer hacking merely for a quick payout, but hacking to support a diversified criminal conglomerate. This was hacking as a business model.”
'Securities fraud on cyber steroids' https://t.co/PFcCy8jjRJpic.twitter.com/6QY5pQk8jx
— BI Finance (@clusterstock) November 10, 2015
The men, two Israelis and an American, hacked the networks of a dozen US financial institutions over an eight-year period and stole customer data from 100 million people, including 80 million from one financial institution alone, according to prosecutors. They manipulated stock prices, processed payments for other criminals and concealed over $100 million in a Swiss bank account and other accounts.
“These three defendants perpetrated one of the largest thefts of financial-related data in history – making off with the sensitive information of literally thousands of hard-working Americans,” said US Attorney General Loretta Lynch in a statement.
Digital Dons show `brave new world of hacking ... as a business model' Bharara says https://t.co/jPgR0nlHk0 via @business
— Heather Smith (@hsmithnews) November 10, 2015
Federal officials charged Gery Shalon, 31, an Israeli, who allegedly masterminding the hacks that led to the loss of personal information from US financial institutions.
“At all relevant times, Shalon was the leader and self-described ‘founder’ of a sprawling cybercriminal enterprise that encompassed criminal schemes…operated through hundreds of employees, co-conspirators and infrastructure in over a dozen countries,” said the indictment.
The charges accuse Joshua Aaron, 31, an American, of acting as a co-conspirator in the hacking, and Ziv Orenstein, 40, also an Israeli, of operating an illegal casino and payment processor, as well as controlling shell companies. The 23-count indictment includes charges for computer hacking, wire fraud, unlawful internet gambling and conspiracy to commit money laundering, among others. Each count includes a maximum prison term of anywhere from five to 20 years.
Shalon and Orenstein were arrested in July; Aaron remains at large and is the subject of an FBI "wanted" poster.
Among the allegations are that Shalon and Aaron used their unauthorized access to financial institution networks to artificially manipulate certain US stock prices and market the stocks in order to sell them at high rates and defraud investors, causing them significant losses.
Insider trading ring netted $100 million by hacking press release services http://t.co/15h899usj3pic.twitter.com/xGmrVjqamu
— RT America (@RT_America) August 11, 2015
According to prosecutors, Shalon was sure this would work because Americans liked buying stocks. "It's like drinking freaking vodka in Russia," he allegedly told an accomplice.
They are also charged with operating illegal gambling websites, an illegal US-based Bitcoin exchange, and processing payments for criminals selling anything from illegal pharmaceuticals to malware. The men are accused of using more than 200 fraudulent identification documents, including 30 false passports, to control at least 75 shell companies, as well as numerous bank and brokerage accounts around the world.
Hackers can remotely kill hospital patients with drug pumps, IT expert discovers http://t.co/G6wV8RtAO3pic.twitter.com/dFgBEdaDwq
— RT America (@RT_America) June 11, 2015
The attorney general alleges that Aaron was a customer of many of the hacked companies and gave his credentials to Shalon, who performed analysis of the companies’ networks. At this time, he placed malware that allowed them to hack data over a period of months.
The 12 victims are identified only numerically, but Reuters reported that they include JP Morgan Chase, ETrade and News Corp, among others.