November 10, 2015

U.S. authorities today announced multiple indictments and arrests in connection with separate hacking incidents that resulted in the theft of more than 100 million customer records from some of the nation’s biggest financial institutions and brokerage firms, including JP Morgan Chase, E*Trade and Scottrade.

jpmchaseProsecutors in Atlanta and New York unsealed indictments against four men and one unnamed alleged co-conspirator in connection with a complex, sprawling scheme to artificially manipulate the price of certain publicly traded U.S. stocks.

The defendants are accused of hacking into JPMorgan Chase in 2014, stealing the names, addresses, phone numbers and email addresses of the holders of some 83 million accounts at the financial institution –a breach that the Justice Department has dubbed the “largest theft of customer data from a U.S. financial institution in history.” Scottrade announced a similar breach of 4.6 million customer records in October 2015. Etrade last month warned 31,000 customers that their contact information may have been breached.

The men allegedly laundered hundreds of millions of dollars from the scheme via a vast cybercrime network that included illegal online pharmacies, fake antivirus or “scareware” schemes, Internet casinos and even a Bitcoin exchange.

Indictments from Atlanta U.S. Attorney John Horn name Gery Shalon, 31, a resident of Tel Aviv and Moscow, who was arrested by Israeli law enforcement in Savyon, Israel in July 2015 and remains in custody there pending extradition proceedings. Another man, Joshua Samuel Aaron, also 31, is a U.S. citizen and resident of Israel, but currently a fugitive. The Atlanta indictments referenced a third, as yet-unnamed accomplice.

Separately, the U.S. Attorney’s Office for the Southern District of New York unsealed its own charges against Shalon and Aaron, as well as a third Israeli citizen, 40-year-old Ziv Orenstein. In addition, prosecutors there announced indictments against Anthony R. Murgio, alleging he fraudulently operated the Florida-based Bitcoin exchange along with Shalon and through it further helped the conspiracy launder its illicit proceeds. Murgio was arrested in July 2015 and is facing prosecution in New York.

According to the Justice Department, between approximately 2007 and July 2015, Shalon owned and operated unlawful internet gambling businesses in the United States and abroad, and that he owned and operated multinational payment processors for illegal pharmaceutical suppliers, counterfeit and malicious software (“malware”) distributors. The government further alleges that Shalon owned and controlled, an illegal United States-based Bitcoin exchange that operated in violation of federal anti-money laundering laws.

“Through their criminal schemes, between in or about 2007 and in or about July 2015, Shalon and his co-conspirators earned hundreds of millions of dollars in illicit proceeds, of which Shalon concealed at least $100 million in Swiss and other bank accounts,” reads a statement issued by Preet Bharara, the United States Attorney for the Southern District of New York.

The government alleges that Shalon, Aaron and Orenstein operated their criminal schemes and laundered their criminal proceeds through at least 75 shell companies and bank and brokerage accounts around the world.  “The defendants controlled these companies and accounts using aliases, and by fraudulently using approximately 200 purported identification documents, including over 30 false passports that purported to be issued by the United States and at least 16 other countries,” the Justice Department wrote.

The indictments charge that the defendants orchestrated a complex scheme to acquire substantial stakes in targeted companies, buying up large amounts of (low-priced) stocks. The government says the conspiracy tried to capitalize on price changes in those stocks prompted by events allegedly set in motion by the accused — such as so-called “reverse mergers” with shell companies that the men alleged set up, or via spam email blasts to customer lists stolen from the hacked brokerage firms that falsely touted the stocks in a bid to trick others into buying it.

Authorities say Murgio and Shalon tricked banks and credit card issuers into authorizing debit and credit card payment transactions to purchase Bitcoins through, by deliberately miscoding customer transactions as something else — such as purchases for wedding dresses and pet supply stores. Prosecutors also allege that Murgio and Shalon paid a small credit union in New Jersey $100,000 to install one of his co-conspirators on the bank’s board of directors.

If all of this sounds like the script of a Hollywood movie, it should be a familiar script by now. The cybercrime kingpins whose work I detailed in my 2014 book Spam Nation were involved in all of the crimes alleged today by prosecutors in Atlanta and New York, including spamming rogue pharmaceutical sites, running scareware rackets, conducting pump-and-dump stock scams, and laundering illicit profits through huge networks of shell companies.

The indictment against Shalon et. al is available here (PDF). Murgio’s indictment is here (PDF).

36 thoughts on “Arrests in JP Morgan, eTrade, Scottrade Hacks

  1. Tyler


    Looks like you may be missing a name (Shalon, I think) in this statement:

    “Prosecutors also allege that Murgio and paid a small credit union in New Jersey $100,000…”

    1. Brian S.

      Based on the context, I’d guess it should say “had paid”

  2. Barry

    It doesn’t sound like the script for a Hollywood movie, because no one has made that particular movie yet.

    But someone should.

    So Brian, have you sold the movie rights for SPAM NATION? Maybe get Mike Judge to write the script….

    1. Mahhn

      Can I be in the movie? I’m willing to be a Russian muscle guy, I look and can play the part “Soh, Midsta Kdrebbs” 😉 or an Agent from the US (they won’t want their picture up anyways)
      Casting call for your regular readers! lol

  3. jerry

    It would be interesting to know what tools and techniques were used to track these guys down……

    1. Barry

      Yes.. i very much like to know how it was detected as well.

  4. Alex

    I think that sooner or later all notable carders will be caught and sent to jail.

    1. Bruce Hobbs

      Sure, if you define “notable” as “caught and sent to jail.” Otherwise, no. I doubt more than 10% of cyber crooks are ever indicted. Crime does pay, and rather well. It’s just you run the risk of going to prison, which is why honest work is preferable.

      1. Nicola Savage

        UK police force units tasked with handling cyber crime are apparently now focusing on ‘resolutions’, that do not necessarily go through the Courts, according to a copper presenting at a cyber crime seminar near London today. Spares them the embarassment of failures to get jury convictions I guess, but I can’t imagine that a stern talking-to is much of a deterrence to any would-be criminal.

        1. JJ

          I’ve thought for years that a “resolution” that wouldn’t go through the courts might be effective – a visit from a Black Ops team issuing a permanent resolution.
          Extreme? Yep, but cyber crime is out of control. Perhaps reclassifying it from cyber/digital crime to cyber/digital terrorism would help.

  5. Jay

    Well, it is great these cockroaches were caught, however, the damage to us who got their info compromised, has been done and will continue to be done. I only received the usual pathetic apologies from the big three, E-trade, Scotrade and Chase, with which I had accounts. Only kept Chase/JPMorgan due to our CCards, the rest I closed.

    They caught 3 or 4…there most be a thousand out there, some already infiltrated and doing their slow to catch deeds.

  6. Mike

    OK, so the feds shut down the exchange. What happens / happened to the cryptocurrency owned by innocent customers?

  7. Feds

    Screw the banks that have taken over our country and run the Federal Reserve.

  8. Chris P Bacon

    Interesting on how it all leads to people from Israel

  9. Mike

    we’ve go arrests…….

    We’ve cleared up a few symptoms…….

    The disease goes happily on. No one seems to care about what actually caused any of this or exactly how these people go in and how to fix what is the real problem.

    1. Bruce Hobbs

      The real problem should be obvious: The tendency of many companies to make lots of money while neglecting best security practices where their software is concerned. They make money by transferring a cost to their customers, who now spend billions of dollars on additional, unnecessary protection software to try to prevent the holes in the original software from being exploited. Look how many zero-day vulnerabilities are still out there despite software companies giving lip service to cleaning up their software (well, some of them don’t even pretend their software is secure).

      It’s no different than the mining companies making millions of dollars while leaving behind pollution that costs U.S. taxpayers billions to correct.

      1. Cari

        Now that you mention it, I realized that this goes back further than just modern software being insecure. Consider the case of Frank Abagnale Jr. (there was a movie made about his escapades called Catch Me If You Can), an example of bank fraud via forged checks. There wasn’t any insecure software at the heart of the issue, rather the manual protocol of handling paper checks across banking networks that span various branches.

        The root of the problem, if you ask me, is that there needs to be better beta testing of new technology/protocols, be they physical or digital. Testers need to be of the mindset to try and break whatever they’re given, which would be a fantastic use of the talent that’s being wasted on illegal activity. Again using the case of Frank Abagnale Jr. as an example, enlisting the aide of these kinds of minds in the way the FBI enlisted him to work on fraud, we can hopefully find more exploits before launch.

  10. Vega

    I’m surprised they arrested Jews nationals as I undestood I’m surprised they really arrested I tought they are in touched?? Anyways what happened with this Ukraine zeus ring leaders are they prison? Or they driving nice bmw -s in ukraine?? Anyone knows?

  11. Disraeli Gears

    As an Israeli – note that Savyon is one of the wealthiest places in Israel so maybe this fraud wasn’t the first one of this dude…

    …or maybe it was **really** successful?

    1. Silemess

      If you really want to be cynical, consider how long they were operating these other sites. Then consider that resources weren’t really thrown at catching them until they started stealing money from the white collars.

  12. Sybil Bush

    When this story broke last summer many media outlets pointed fingers at Iran. Now we learn the culprits were Israelis.

  13. jim

    So the new banking control act opening records to the US worked? Just be a mistake there. It shouldn’t have, or they ,( the swiss banks), got a reward for turning in some lower down criminals. Maybe the black hats forgot to pay their dues?

  14. Ron G.

    What few people seem to appreciate is that the endless parade of breaches is making us all numb… and those greedy CEOs who won’t invest in security are counting on that. They know that when they get hacked they can just shrug and say “Yea. So? Read the papers! EVERYBODY gets hacked.”

    It’s the same thing with all of the Snowden revelations which, if there were actually anything like the rule of law in this country, would have stopped all of those programs in their tracks and caused both Clapper and Hayden to have been immediately arrested. But as a society, we have all been trained now to be be numb to all this crap. We shrug it off, say to ourselves that we can’t do anything about it, and then get on with our work week.

    Brian, it is getting to the point where this stuff… all these hacks and breaches… won’t even qualify as “news” anymore. Instead, in a few years we may see news headlines like:

    FLASH UPDATE: News today: XYZ Corporation announced that within the past 12 months it HAS NOT been hacked! You saw it here first folks! Amazing!

  15. BobCov

    Greedy guys. I wonder if they would have been caught if they hadnt embarked on the stock fraud idea….

  16. AWC

    The secret of a successful cyber criminal is not to get greedy.

    If someone steels 1, 2 or 3 million then disappears their pursuit is less likely. These stories are almost always about theft in the 10’s or hundreds of millions.

  17. tulasi

    The name of the article is no where related to the body of it..
    The name more suggests that employees within the companies were involved into the hacking..

  18. Yorday I. Scomming

    I am surprised at the anti-semitic comments. No people group is perfect, but why are you throwing them all under the bus? I see more Russian/Ukranian, Chinese, Korean, Islamic Jihadist-type, and American names in these forums than any others…especially folks from Israel, specifically Jewish ones. I’d certainly trust a Jewish politician over an Amercan one. And you won’t find an Israeli shooting people in San Bernadino, or blowing up world trade centers. Stop looking for reasons to hate them and look at who the real bad guys are.

Comments are closed.