Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

11/10/2015
06:30 PM
Connect Directly
Twitter
RSS
E-Mail
100%
0%

JP Morgan Breach Only One Piece Of Vast Criminal Enterprise, Indictments Reveal

Three men at the head of 'diversified criminal conglomerate' used hacking to commit and enhance their securities fraud, illegal online gambling, illegal Bitcoin exchange, and illegal payment processing businesses, 23-count indictment alleges.

A 23-count indictment unsealed today shows that the 2014 JP Morgan Chase breach -- which resulted in the theft of 83 million customers' data -- wasn't just the work of talented cyber attackers. The breach was just one of the myriad illegal activities conducted by a "diversified criminal conglomerate" fueled by hacking.

The charges against Israeli citizens Gery Shalon and Ziv Orenstein, arrested in July, and U.S. citizen Joshua Samuel Aaron, who is still at large, include hacking, securities fraud, wire fraud, identity theft, illegal Internet gambling, and conspiring to commit money laundering. In a separate but related indictment unsealed today, Florida resident Anthony Murgio was charged for operating an unlicensed Bitcoin exchange service. The maximum sentences for the charges against Shalon alone, who is considered the "ringleader," add up to over 200 years in prison.

"The charged crimes showcase a brave new world of hacking for profit," Manhattan U.S. Attorney Preet Bharara said in a statement. "It is no longer hacking merely for a quick payout, but hacking to support a diversified criminal conglomerate. This was hacking as a business model."

Cybercrime was used to commit, support, or enhance all of the group's other illegal endeavors.

Between 2012 and 2015, Shalon and Aaron stole personally identifiable information from JP Morgan Chase, and eight other businesses operating within the financial services sector. They then used that stolen data to "artificially manipulate" the price of certain stocks, by marketing those stocks to the customer lists in a "deceptive and misleading manner," according to the Department of Justice release. 

"The alleged conduct also signals the next frontier in securities fraud," said Bharara, "sophisticated hacking to steal nonpublic information, something the defendants discussed for the next stage of their sprawling enterprise. Fueled by their hacking, the defendants’ criminal schemes allegedly generated hundreds of millions of dollars in illicit proceeds."

The attackers owned and operated unlawful Internet gambling businesses, and used cybercrime to protect those shadowy companies' interests. Shalon broke into the networks of software providers the gambling businesses used, and monitored the emails of those software companies' executives to make sure their work with other gambling businesses didn't compromise Shalon's.

They owned and operated payment processors, IDPay and Todur, for illegal businesses -- taking cuts of the profits from illegal pharmaceutical suppliers, malware distributors, and unlawful online casinos. They used cybercrime to protect that operation as well. Shalon and his co-conspirators hacked into an organization that monitors merchants and payment processors for trading in unlawful goods and services. The criminals then monitored that organization's emails and detection efforts in order to prevent their own payment processors' illicit activity from being detected.

All told, 14 companies were breached.

Idan Tendler, CEO of FortScale and former commander of the 8200, the cyberwarfare division of the Israeli Defense Forces, says, "The shocking size and reach of this cyber breach underscores the sophistication of today’s cyber criminal enterprises and shows what security teams across all industries are up against. Today’s hackers aren’t necessarily looking for a quick payday. Once the initial data theft is completed, there are countless opportunities for cyber criminals to conduct targeted campaigns."

"The theft of data from [JP Morgan Chase] and the breaches at financial news outlets provided the ingredients to execute a very scalable and very profitable cybercrime operation," says Fred Kost, senior vice president at HyTrust. "Stolen information such as that from JPMC and other financial institutions is not only valuable to cybercriminals as the identity of an individual, but they can also use it in many different second order actions to provide context for more elaborate attacks and schemes for financial gain. It was as if they were running diversified lines of business, all well orchestrated and vertically integrated."

Philip Lieberman, president of Lieberman Software, says that part of the trouble lies in whether financial services companies and stock exchanges can change their culture to adapt to new risks.

"Changing a ship designed for commerce into one suitable for both trade and warfare takes time and wisdom," says Lieberman. "The challenge is not the change in technology, but with the behavior of all involved. Those charged with movement of goods tend to obstruct the need to arrive safety by depending on their knowledge and behaviors obtained long before the warfare began."

Shalon, Aaron, and Orenstein evaded authorities as long as they did by filtering their proceeds through 75 shell companies, banks, and brokerages across the world, and by using aliase. Between the three of them, they used over 200 fake identities, and over 30 false passports purporting to be issued by the United States and 16 other countries.

"While we continue to see breaches go undetected for long periods of time, it’s unlikely operations of this magnitude will become commonplace. They are harder to carry out undetected," Kost says. Nevertheless, "We will likely see more of these creative ways of monetizing stolen information in the future as attackers evolve and look for newer ways to profit from hacking."

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
danelleau1
50%
50%
danelleau1,
User Rank: Strategist
11/11/2015 | 6:34:12 AM
Cybercrime of the future
Great story. Wow. This reads like a new era crime syndicate Sopranos movie. complete with bank heist, security fraud and money laundering. 
larryloeb
50%
50%
larryloeb,
User Rank: Apprentice
11/10/2015 | 7:59:06 PM
Bitcoin Exchange?
>In a separate but related indictment unsealed today, Florida resident Anthony Murgio was charged for operating an unlicensed Bitcoin exchange service.

This is new to me. Who licenses Bitcoin exchanges? Individual states? The FTC?
7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-3154
PUBLISHED: 2020-01-27
CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email.
CVE-2019-17190
PUBLISHED: 2020-01-27
A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe (which is running as NT AUTHORITY\SYSTEM) when AvastSecureBrowser.exe checks for new updates. When the update check is triggered, the...
CVE-2014-8161
PUBLISHED: 2020-01-27
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.
CVE-2014-9481
PUBLISHED: 2020-01-27
The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML.
CVE-2015-0241
PUBLISHED: 2020-01-27
The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric ...