Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

JPMorgan Hackers Plead Guilty

Two Israeli citizens, arrested in Israel in July 2015 and extradited to the US this week pleaded guilty Thursday to orchestrating a computer hacking and fraud scheme that included, but was not limited to, the theft of personal information on 83 million customers from

Two Israeli citizens, arrested in Israel in July 2015 and extradited to the US this week pleaded guilty Thursday to orchestrating a computer hacking and fraud scheme that included, but was not limited to, the theft of personal information on 83 million customers from JPMorgan.

Gary Shalon and Ziv Orenstein entered their pleas in Manhattan federal court. A third defendant, Joshua Aaron, was not present.

Prosecutors said that the current whereabouts of Aaron is unknown, although the Wall Street Journal has suggested, “Mr. Aaron, a U.S. citizen, has since been arrested in Russia and is expected to be brought to the U.S., according to people familiar with the matter.” WSJ is one of 12 companies allegedly targeted by the defendants.

The best known of the attacks was against JPMorgan, which announced in October 2014 that it had been breached with the loss of personal information on 76 million household customers and seven million businesses. In all, more than 100 million people’s personal information was stolen by the gang allegedly led by the defendants. At the time, JPMorgan thought there may have been Russian government involvement.

This data was used to further other illegal practices, including pump & dump emails scams, online casinos and the operation of an unlicensed money laundering bitcoin exchange. The charges brought in New York carry possible prison sentences of between two and 20 years each.

A separate but related indictment unveiled in Atlanta against Shalon, and Aaron claims that the brokerages E*Trade and Scottrade were also targeted; and that the information of 10 million customers was compromised.

At the time of the arrests in Israel, Anthony Murgio and Yuri Lebedev were arrested and charged in New York for operating the Coin.mx bitcoin exchange, and using it to launder bitcoin proceeds from ransomware. The FBI released a statement that said, “In doing so, Murgio, and his co-conspirators knowingly enabled the criminals responsible for those attacks to receive the proceeds of their crimes, yet, in violation of federal anti-money laundering laws, Murgio never filed any suspicious activity reports regarding any of the transactions.”

Although these are separate indictments, it is generally considered that they are related. Murgio and Aaron were apparently friends at Florida State university. Both made frequent trips to Russia, and it has been suggested that there was involvement with the Russian underground. It may have been this Russian connection that led JPMorgan to initially link its breach with the Russian government.

Advertisement. Scroll to continue reading.

*Updated

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Software giant Atlassian has named David Cross as its new CISO.

Dan Pagel has been named the new CEO of risk management and remediation firm Brinqa.

The City of Phoenix has promoted Mitch Kohlbecker to the role of Chief Information Security Officer.

More People On The Move

Expert Insights