The 'victim-12' of the JPMorgan hack which occurred last year was, apparently, a fraud prevention firm, which earns its living by figuring out if a website is fraudulent. Oh, the irony.
According to a recently released federal indictment regarding the JPMorgan case, the 'victim-12' is listed as a “merchant risk intelligence firm”. Security expert Brian Krebs claims that is actually G2 Web Services LCC.
"According to multiple sources, Victim #12 is none other than Bellevue, Wash. based G2 Web Services LLC, a company that helps banks figure out if a website is fraudulent or is selling contraband," wrote Krebs on his blog.
The accused Gery Shalon and his gang allegedly monitored Victim-12’s detection efforts, including reading emails of Victim-12 employees so they could take steps to evade detection, Krebs said.
Fraud prevention companies help banks recognise when some of their corporate clients are doing illegal business, allowing them to block any transactions. The JPMorgan hackers are likely to have targeted G2 Web Services so that their payments for illicit transactions for products like pharmaceuticals and fake anti-virus software would not be blocked, Computing writes in its report.
Three men, including Gery Shalon, Joshua Samuel Aaron and Ziv Orenstein, all from Israel, have all been linked with a number of other cyber-attacks and online fraud: they have been charged on 23 counts and accused of targeting 12 companies, including nine financial services organisations.
"By any measure, the data breaches at these firms were breathtaking in scope and in size," signalling a "brave new world of hacking for profit," US Attorney Preet Bharara told a press conference in New York earlier this month.