US prosecutors announced today that criminal charges are pending against three men who ran a hacking and fraud scheme. This included a 2014 attack against JP Morgan Chase and Co. that led to hundreds of millions of dollars in illicit profits. It also led to a major public relations debacle for JP Morgan that it is continuing to deal with to this day.
Gery Shalon, Joshua Samuel Aaron and Ziv Orenstein were charged on a 23 count indictment that included alleged crimes against 9 financial organizations and media companies. The schemes involved online casinos, processing payments for criminals and a bitcoin exchange that was illegal.
JP Morgan stated after the federal indictment was announced that the company appreciates the partnership with law enforcement to bring the alleged criminals to justice. It further stated that the company continues to cooperate with state and federal law enforcement to fight all kinds of cybercrime.
The charges announced this week were the first ones that were tied to the JP Morgan attack. Those alleged crimes compromised the private information of 83 million customer accounts. Prosecutors referred to it as the biggest theft of consumer data from any US financial organization. The indictment paints a disturbing picture of an international criminal enterprise that is built on stolen data that is acquired through major hacking schemes.
Federal authorities stated that the men executed the crimes using a server in Egypt that was rented under an alias. The men were under observation by federal authorities for several months.
E*Trade Financial Corp, Scottrade Inc and News Corp’s Dow Jones unit all were targeted by the defendants.
The charges announced this week expand the criminal case that was announced last summer. The alleged wrongdoing goes back to 2007.
Shalon and Orenstein are both Israeli citizens who were first arrested in July. Aaron is a US citizen who has lived in Tel Aviv and Moscow.
9 Hacking Incidents
The new federal charges portray Shalon as the leader of the group. The federal complaint claims that there were nine hackings that involved in the stealing of the data of 100 million people. Shalon and Orenstein have been accused of running 12 illegal casinos. They also are accused of collecting $18 million of fees through the payment processors ID Pay and Todur.
The indictment also stated that the illegal profits included tens of millions of dollars resulting from manipulating stock prices that were sold to customers whose data had been illegal stolen.
The federal indictment also includes several counts of securities fraud, computer hacking, ID theft, and illegal gambling on the Internet. All of the men face at least 10 years in federal prison if they are convicted of all the charges.
How the Scams Worked
The three men ran an allegedly fraudulent investment company. Law enforcement stated that the group would send out deceptive emails that would trick people into buying stock in the company, which would drive up the price. Then they would cash out before the crash happened.
Threat of Computer and Internet Fraud Growing
Computer and Internet fraud refers to any fraud that is done using electronic communications, including the Internet. While most states have laws against Internet fraud, note that most fraudulent acts online will be considered a federal crime. The reason for this is because the technological infrastructure that hackers use online is distributed all through the US. Most acts of fraud involving electronics by their nature will cross state lines.
Accessing any computer or network without proper authorization to get another person’s financial records or any information from a protected computer device.
Accessing any computer device intentionally without authorization that involves the business of the US government. It does not matter if that information was removed or changed when you accessed that computer device.
Causing damage to a protected computer device through the the transmission of computer programs, information, code or any other agents that can cause damage.
Computer and Internet fraud is taken very seriously by the federal government, and punishment can include a prison sentence of up to 20 years. Even if you do not have a past criminal record involving computer hacking, you still can get a prison sentence of 10 years.
Fines also can be levied based upon how much the damage cost that wa done to the computer system, and also the value of the data that was stolen. The person may need to surrender Internet access for years at a time, or serve probation.
The sentencing guidelines for these crimes are based upon the differences of value in the data that is stolen or compromised. More serious penalties are considered when the value of the data is more than $5000.
However, there is a statute of limitations for these crimes, which is five year according to 18 USC 3282.