Careers & People

12/15/2016
11:24 AM

American Hacker Arrested For 2014 JP Morgan Chase Breach

Joshua Aaron and his two accomplices are charged with massive hacking of US financial organizations, securities fraud and money laundering.



Joshua Samuel Aaron, one of three men indicted for allegedly masterminding the massive 2014 JP Morgan Chase breach and a variety of other criminal enterprises, was arrested by US authorities at John F. Kennedy International Airport in New York yesterday.

Aaron, along with Israeli citizen Gery Shalon, has been charged with computer hacking, securities fraud, wire fraud, identity theft, and conspiracies to commit these crimes.

According to a US Department of Justice (DoJ) release, Aaron, who is a US citizen living in Moscow, and Shalon, perpetrated massive computer hacking crimes against US financial organizations, brokerage firms, and financial news publishers. The two allegedly carried out the largest theft of customer data from an American financial company in history.

Along with co-defendant Ziv Orenstein, the three were also involved in a multi-million dollar stock manipulation plot, says the DoJ release.

Charges against the three men were announced in November 2015. Shalon and Orenstein were arrested in Israel last year and extradited to the US in June 2016.

Read the full DoJ release here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
MikeJefferson
50%
50%
MikeJefferson,
User Rank: Apprentice
7/27/2017 | 2:53:41 AM
bullet force
securities fraud and money laundering.
Rent A Car
50%
50%
Rent A Car,
User Rank: Apprentice
6/24/2017 | 3:34:14 PM
Re: Hi
It's going to be the big fight coming up, hackers aren't all good or bad, but security on networks is the new challenge of years coming
Shantaram
50%
50%
Shantaram,
User Rank: Ninja
4/9/2017 | 1:27:59 PM
Re: 192.168.1.1
Better or not, there is no reason for pride
Maisons pierre
50%
50%
Maisons pierre,
User Rank: Apprentice
3/19/2017 | 4:33:23 PM
Hacker
Amaerican hacker are always the bests ! More than Russian :D
gifamerica
50%
50%
gifamerica,
User Rank: Apprentice
1/18/2017 | 7:31:54 PM
https://gifamerica.com/
I agree with you
Elose
50%
50%
Elose,
User Rank: Apprentice
1/17/2017 | 9:12:49 AM
Re: Thank you for post
Thank you for article from french people !
Row3n
50%
50%
Row3n,
User Rank: Strategist
1/4/2017 | 1:03:56 AM
Hi
Don't people know enough about the internet and how to manipulate technology that they should be smart enough not to attempt finance fraud online? There is always a trail! And if you think you're smart enough to have covered it, there's always someone smarter than you who can sniff you out anyway! Why bother!
6 Ways Greed Has a Negative Effect on Cybersecurity
Joshua Goldfarb, Co-founder & Chief Product Officer, IDRRA ,  6/11/2018
Weaponizing IPv6 to Bypass IPv4 Security
John Anderson, Principal Security Consultant, Trustwave Spiderlabs,  6/12/2018
'Shift Left' & the Connected Car
Rohit Sethi, COO of Security Compass,  6/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Surviving the IT Security Skills Shortage
Surviving the IT Security Skills Shortage
Cybersecurity professionals are in high demand -- and short supply. Find out what Dark Reading discovered during their 2017 Security Staffing Survey and get some strategies for getting through the drought. Download the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12026
PUBLISHED: 2018-06-17
During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning communication directory with symlinks. This then could result in arbitrary reads and writes, which in tur...
CVE-2018-12027
PUBLISHED: 2018-06-17
An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said ...
CVE-2018-12028
PUBLISHED: 2018-06-17
An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger's process manager. If the malicious application then generates an e...
CVE-2018-12029
PUBLISHED: 2018-06-17
A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but befor...
CVE-2018-12071
PUBLISHED: 2018-06-17
A Session Fixation issue exists in CodeIgniter before 3.1.9 because session.use_strict_mode in the Session Library was mishandled.