Three men charged for the attack on the JPMorgan Chase

U.S. Authorities have charged other three men in huge cyber fraud targeting JPMorgan, and at least another nine financial institutions.

The US authorities have charged three individuals over the hack of the JPMorgan Chase and other financial institutions. The data breach suffered by the JPMorgan Chase is considered the largest ever hacking case in financial history, data related nearly 76 million households and seven million small business accounts were exposed in the hack.

According to Bloomberg, the cyber thieves have stolen details of “over 100 Million customers,” meanwhile the spokeswoman for JPMorgan Chase Patricia Wexler confirmed the number of affected customers was around 80 Million.

“We appreciate the strong partnership with law enforcement in bringing the criminals to justice,” Wexler said in an email statement. “As we did here, we continue to cooperate with law enforcement in fighting cybercrime.” explained Wexler.

Now the US Court of the Southern District of New York has charged three men, Gery Shalon, Ziv Orenstein, and Joshua Samuel Aaron, accusing them of hacking into a number of financial institutions, including JPMorgan Chase.

The three hackers are added to another alleged criminal, Anthony Murgio, which was subjected to a separate indictment. Murgio was previously arrested for a cyber attack on JPMorgan as well as for operating an illegal Bitcoin exchange.

The Israeli Shalon, 31, and Orenstein, 40 were arrested in July, meanwhile American Murgio was arrested in the same period. Aaron, 31, is a U.S. citizen who has lived in Moscow and Tel Aviv.

“The new charges portray Shalon as the ringleader, having orchestrated hackings since 2012 against nine companies in which personal information for more than 100 million customers was stolen. He and Orenstein were accused of having since 2007 run at least 12 illegal Internet casinos, generating millions of dollars of profit each month.” states the Reuters. 

“They allegedly also ran IDPay and Todur, through which they collected $18 million of fees to process hundreds of millions of dollars of transactions for criminals. According to the indictment, the illegal proceeds included tens of millions of dollars from manipulating the prices of stocks sold to customers whose information had been stolen.”

The three alleged cyber criminals targeted at least nine financial organizations between 2012 and mid-2015,  they were charged with 23 counts, including hacking, identity theft, securities fraud, and money laundering, among others.

Authorities said Shalon and Aaron exploited server located in Egypt to launch the attacks. The machines were rented under an alias that Shalon in all the hacking attacks.

E*Trade Financial Corp, TD Ameritrade Holding Corp and News Corp’s Dow Jones unit were among the victims of the hackers, a long list that includes also the Fidelity Investments and Scotttrade Inc.

The U.S. Attorney Preet Bharara explained at a press conference that “By any measure, the data breaches at these firms were breathtaking in scope and in size.”

Pierluigi Paganini

(Security Affairs – JPMorgan Chase, cybercrime)