Skip to main content

Three men charged over huge cyber-attack targeting JPMorgan

Three men were charged over the largest attack against financial companies in the US. The men were charged with hacking and running a fraud scheme that included a huge attack against JPMorgan Chase & Co and generated hundreds of millions of dollars of illegal profit.

The people charged are Gery Shalon, Joshua Samuel Aaron and Ziv Orenstein, all from Israel. They were charged for targeting 12 companies, including nine financial services companies and media outlets, including The Wall Street Journal.

According to a Reuters report, the indictment has 23 charges.

Head of Malware Intelligence at Malwarebytes, Adam Kujawa, said the security community had a general idea of what the stolen data might be used for, but even they were surprised to hear the whole story.

“After learning about the breaches from JPMorgan and other organisations and the kind of customer information stolen, most of the security community assumed one of a few different scenarios in which the information would be used. These possibilities included users having their identity stolen, accessing personal accounts and then the most likely outcome of the information being used in phishing and scam attacks against the customers.”

“Finding out that the criminals were not only using the information in the kind of attack we all expected, but the fact they went a step further and used it to steal money from a larger source by manipulating stocks is very surprising. It certainly reflects the kinds of minds involved in modern day cyber-crime. We aren’t just dealing with casual criminals stealing a little money from individual users, but rather intricate minds utilising both modern technology and traditional psychological attacks to create a new kind of crime.”

"By any measure, the data breaches at these firms were breath-taking in scope and in size," and signal a "brave new world of hacking for profit," U.S. Attorney Preet Bharara said at a press conference in Manhattan.

The alleged enterprise included pumping up stock prices, online casinos, payment processing for criminals, an illegal bitcoin exchange, and the laundering of money through at least 75 shell companies and accounts around the world.