Wednesday, November 11, 2015

Massive Big Bank Cyberfraud: Jaw Dropping in Scale And Largely Unnoticed

This is quite a crime. Quite a crime!  I'm surprised this story hasn't garnered way more attention then the handful of news items I saw this morning. Huge operation. Multi layered.
But, Israeli based criminals? You know if they would have been Chinese or Russians the coverage would be over the top! 

 So let's read about the largest data hack in US financial history:

Cybercrime: Largest data hack & more in US financial history
"Two men held in Israel and one U.S. citizen believed to be living in Moscow have been charged with stealing the contact information of more than 100 million customers of U.S. financial institutions to generate hundreds of millions of dollars in illegal profits, authorities said Tuesday.
The summer 2014 theft of data such as names, addresses, emails and phone numbers of more than 83 million customers of JPMorgan Chase & Co., the nation's biggest bank by assets, was described at a news conference by U.S. Attorney Preet Bharara as "the single largest theft of customer data from a U.S. financial institution ever."
In a release, Attorney General Loretta E. Lynch said the defendants "perpetrated one of the largest thefts of financial-related data in history.

Pump and dump scheme

Since 2007, one or more of the defendants also engaged in other criminal schemes, including U.S. securities market manipulation schemes and the operation of at least a dozen Internet casinos that violated U.S. laws, the indictment said.
"In our view, the conduct alleged in this case showcases a brave new world of hacking for profit," Bharara said. "In short, it is hacking as a business model."
The indictment said some of the massive computer hacks and cyberattacks occurred as the men sought to steal the customer base of competing Internet gambling businesses or to secretly review executives' emails in a quest to cripple rivals.
Authorities said they used about 200 fake identity documents, including over 30 fake passports supposedly issued by the United States and at least 16 other countries, as they operated their criminal schemes and laundered the proceeds through at least 75 shell companies and bank and brokerage accounts worldwide."

Gery Shalon (C) is accused of engaging in a stock manipulation scheme and more
Charged in the indictment were Gery Shalon, 31, of Savyon, Israel; Ziv Orenstein, 40, of Bat Hefer, Israel; and Joshua Samuel Aaron, 31, a U.S. citizen living in Moscow and Tel Aviv, Israel. All three men were charged in July with related crimes, though the hacking crimes were not specified then. Aaron was labeled a fugitive while Orenstein and Shalon were arrested in Israel in July. Bharara said the U.S. was seeking their extradition.
 So, three  'chosenites' involved.  All, actually charged months ago. One still free. And very little news coverage. Oh yah, there is a fourth criminal.

 Market Watch

By the numbers

100 million people had their sensitive information stolen.
12 companies, including J.P. Morgan Chase & Co. JPM, -0.49% online brokerages like E*Trade Financial Corp. ETFC, -0.47%  were allegedly hacked. Also on the list is News Corp.’s NWSA, -0.42%  Dow Jones unit, which publishes MarketWatch and The Wall Street Journal.
$100 million earned in illicit proceeds by alleged mastermind Gery Shalon, with the haul stashed in Swiss and other bank accounts. Overall, Shalon and his co-conspirators are believed to have taken in hundreds of millions of dollars through alleged wrongdoing.
75 shell companies around the world were used by those charged as they “operated their criminal schemes” and “laundered their vast criminal proceeds,” prosecutors allege.
30 false passports from 17 nations were among the “approximately 200 purported identification documents,” including fake U.S. credentials, used by the crime ring in its operations.
270 employees in Ukraine and Hungary appear to have worked for the illegal online casino business.
10 publicly traded stocks got a boost from the conglomerate’s “email promotional campaigns,” a New York company was told in around June 2011. The conglomerate said the emails — thought to have used stolen addresses — resulted in “substantial trading volume in ten particular publicly traded stocks,” the indictment says. That’s just part of the alleged pump-and-dump activity.
30 U.S. states: Shalon in January 2010 arranged to mail out advertisements promoting the Internet casinos to up to 100,000 U.S. residents in more than 30 states, the indictment says.

 Charges Announced in J.P. Morgan Hacking Case
Three men allegedly hacked 12 companies, including J.P. Morgan and Dow Jones

Ziv Orenstein, center, in a Jerusalem court in July
 Indictments unsealed Tuesday in Manhattan and Atlanta accused the men and hundreds of their accomplices of carrying out last year’s big data breach at J.P. Morgan Chase & Co. and a host of other crimes around the world—involving computer networks in South Africa and Brazil, money laundered through Cyprus and illegal credit-card payments processed in Azerbaijan.

Manhattan U.S. Attorney Preet Bharara on Tuesday said this “diversified criminal conglomerate” was “breathtaking” in the size and scope of its hacking.
The indictments allege the three defendants and their associates hacked into banks and other companies to obtain customer information that they later used in a pump-and-dump stock scheme. Meanwhile, the computer-hacking operation made possible a network of other criminal activity, including illegal Internet casinos, a payment processing service for other criminals and an unlicensed bitcoin exchange, prosecutors alleged.

Among the most lucrative was a pump-and-dump scheme, where the men would artificially inflate prices of penny stocks and then trick investors into buying them by sending spam to the email addresses they had stolen during the hacks. To further the scheme, the defendants sometimes engineered mergers with shell companies to create publicly traded stocks that could be manipulated, prosecutors said.  
The mastermind of the enterprise, prosecutors allege, was Gery Shalon, a 31-year-old Israeli citizen and resident. The indictment described moments where he bragged about the success of his schemes, including the pump-and-dump one, which he allegedly called “a small step towards a large empire.”
Although a criminal complaint had already been filed against the defendants earlier this year, Tuesday’s indictments were the first time officials named the suspected hackers and linked them publicly to the J.P. Morgan hack.

In total, the men are accused of breaching 11 other companies, spanning online brokerages to software-development companies. The companies included Dow Jones & Co., the parent company of The Wall Street Journal. Ashley Huston, a spokeswoman for Dow Jones, said: “The indictment unsealed today refers to the public disclosure we made on Oct. 9. The government’s investigation is ongoing, and we continue to cooperate with law enforcement.”
Mr. Orenstein and Mr. Shalon were arrested this summer in Israel and are awaiting extradition to the U.S. Mr. Aaron remains a fugitive. Lawyers for Messrs. Shalon and Orenstein in Israel didn’t comment, and an attorney representing Mr. Orenstein in the U.S. wasn’t immediately available for comment. Neither Mr. Aaron nor his lawyer could be reached.

The breach of J.P. Morgan, described as “Victim 1” in one of the indictments, made use of a computer server based in Egypt that had been rented under an alias from a third-party company, prosecutors said, adding that the rental was abruptly canceled the day after the J.P. Morgan hack was first reported in the media in August 2014.

A J.P. Morgan spokeswoman said the bank has joined with law enforcement “in bringing the criminals to justice,” and it continues to cooperate with them on cybercrime.

The investigation into the three men began when J.P. Morgan came forward “early on” to share information with the government, prosecutors said. That led investigators to uncover a broader network of criminal activity with computer hacking at its center. They built their case partly with the help of two cooperating witnesses, described in the indictment as “promoters” who identified companies for the defendants to target in the pump-and-dump scheme.
The company, identified in the indictment as Victim 5, is Scottrade. A Scottrade spokeswoman said the company was continuing to work closely with the authorities. An E*Trade representative said the company is continuing to focus “significant time and energy” to keep customer data safe

Don't Miss!

Canadian fighting alongside YPG, single gun shot wound/bleeds to death


  1. Curious from the NYT calling out PKK alliance
    Yazidis’ sympathies now lie strongly with the P.K.K., creating tensions over who will control the territory in the event that it is liberated from the Islamic State

    1. This story is worth exploring. Does ISIS have UUV fleet too?

      IFX: Nord Stream resumes normal operation after 'munitions object'

      May explain the Sweden Sub incident Oct 2014

  2. "But many Yazidis — a tiny religious minority that was almost entirely based around Mount Sinjar before the Islamic State’s advance — blame the pesh merga and the Kurdistan Democratic Party"

    The Yazidi sympathies must have been always with the PKK, how else to explain the presence of KurdIShIS in that part of Iraq- conveniently gaining access into Syria with the US airdropping supplies at the time

  3. I seem to remember way back when this bank story first broke USG did try to blame it on Russia but a quick search only turned up other hacking stories. It was proposed as a reason to apply sanctions on Russian banks at one time. But as usual, once the lie has come out the stories miraculously disappear from the web.