JPMorgan hackers also hacked an anti-fraud corporation

Pierluigi Paganini November 18, 2015

According to the Federal indictment about the JPMorgan case, the cyber gang also hacked an anti-fraud corporation labeled as “Victim #12” to remain hidden.

According to the Federal indictment about the JPMorgan case of 83 million stolen customer records, there is a firm labeled as “Victim #12,” that had been hacked to enable hackers to more easily push through payments for spam-advertised prescription drugs and fake antivirus schemes.

The US authorities have charged three individuals over the hack of the JPMorgan Chase and other financial institutions. The data breach suffered by the JPMorgan Chase is considered the largest ever hacking case in financial history.

According to Bloomberg, the cyber thieves have stolen details of “over 100 Million customers,” meanwhile the spokeswoman for JPMorgan Chase Patricia Wexler confirmed the number of affected customers was around 80 Million. The US Court of the Southern District of New York has charged three men, Gery Shalon, Ziv Orenstein, and Joshua Samuel Aaron, accusing them of hacking into a number of financial institutions, including JPMorgan Chase.

The Victim #12 is the G2 Web Services LLC based on many sources such as KrebsonSecurity and has the expertise in helping banks and financial institutions detect websites that are fraudulent or sell contraband.

“One of them, identified in the indictments only as “Victim #12,” is an entity that helps banks block transactions for dodgy goods advertised in spam. Turns out, the hackers targeted this company so that they could more easily push through payments for spam-advertised prescription drugs and fake antivirus schemes.” reported Brian Krebs.

Most probably, these hackers targeted the aforementioned victim to prevent blocking of the payments for the illegal transactions for fake anti-virus or pharmaceutical products. The gang that hacked also the JPMorgan has managed to monitor the detection processes of the victim and read staff emails that eventually enabled them arrange their steps to evade detection.

“Prosecutors say the ringleader of the cybercrime gang accused of breaking into JPMC,Scottrade, E-Trade and others is 31-year-old Gery Shalon, a resident of Tel Aviv and Moscow. Investigators allege Shalon and his co-conspirators monitored credit card transactions processed through their payment processing business to attempt to discern which, if any, were undercover transactions made on behalf of credit card companies attempting to identify unlawful merchants. The government also charges that beginning in or about 2012, Shalon and his co-conspirators hacked into the computer networks of Victim-12 (G2 Web Services).” continues Krebs.

In short, the hackers have blacklisted list of credit and debit cards belonging to employees of the Victim #12 used for detection of unlawful merchants and rejects all the transactions from the blacklist and as a consequence evade the detection.

“In particular, through their unlawful intrusion into Victim-12’s network, Shalon and his co-conspirators determined which credit and debit card numbers Victim-12 employees were using the make undercover purchases of illicit goods in the course of their effort to detect unlawful merchants,” reports the Shalon’s indictment. “Upon identifying those credit and debit card numbers, Shalon and his co-conspirators blacklisted the numbers from their payment processing business, automatically declining any transaction for which payment was offered through one of those credit or debit card numbers.”


The moral of this story is the depth of organized cybercrimes and how cybercriminals are trying to keep their activities and business model in a covert manner.

“It’s a cat-and-mouse game. They go from one business into another.” said Alan Krumholz, principal data scientist at G2.

In conclusion, the above news helps us understand that all the companies co-operating are chained and lack of attention to security practices and standards of one of the parties may influence others even more traumatically.

About the Author

Ali Taherian (@ali_taherian) is an enthusiastic information security Officer. He’s finished his education in information security and has recently been involved in banking software and payment security industry. Taherian is proud to be certified IBM Cloud Computing Solution Advisor and ECSA and enjoys sharing and tweeting about security advances and news.


Edited by Pierluigi Paganini

(Security Affairs – JPMorgan Chase, cybercrime)

you might also like

leave a comment