U.S. prosecutors called the scheme "securities fraud on cyber-steroids," charging three men for being involved with the largest cyber attack to hit the nation.

The three men, Gery Shalon, Ziv Orenstein and Joshua Samuel Aaron, were charged in a 23-count indictment with crimes ranging from hacking, wire and securities fraud, identity theft, conspiracy to commit money laundering and illegal Internet gambling.

The indictment stated that Shalon and others used breached and stolen data to contact unsuspecting people and convince them to buy stocks which in turn allows them to manipulate the prices. Apart from JPMorgan & Chase, other institutions that were targeted by the defendants include Scottrade, Fidelity Investments, TD Ameritrade Holding Corporation, News Corp's Dow Jones and E*Trade Financial Corporation.

"By any measure, the data breaches at these firms were breathtaking in scope and in size and signal a brave new world of hacking for profit," said Preet Bharara, U.S. Attorney for the Southern District of New York, at a news conference held in Manhattan.

It was also learned that at least millions of customers' information were stolen in cyber attacks that occurred between 2012 until last summer. The men allegedly used the stolen contact information to build a fake buyer list, using the names as pseudo buyer of company shares, the prices of which they have manipulated. Afterwards, the group would decide on dumping their own shares which then cause the price to drop.

"It is no longer hacking merely for a quick payout," said Bharara. "It is hacking as a business model."

From 2007, Shalon and his cyber attacking team began operating around a dozen online "real money" casinos in the U.S. and had successfully raked in hundreds of millions in revenue. Six years later, Shalon was seen as paying employees of up to 270 casinos in Ukraine and Hungary.

JPMorgan confirmed on Tuesday that the latest charges are connected to the 2014 cyber attack. The company added they are still in cooperation with law enforcement efforts in order to thwart cyber crime.

It was said that the attack only gained access to contact information that include names, addresses and emails. Other information such as account data, passwords and Social Security numbers remained intact.

A separate indictment was also cited against Anthony Murgio, a man who hails from Florida. Murgio was accused of unlicensed operation of a bitcoin exchange service and was also linked to the data breach at JPMorgan.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion