Last year it came to light that roughly half of the households in America had their JPMorgan Chase accounts compromised. Now, over a year later, three men have been charged with widespread hacks that include the sustained financial attack.
Yesterday, US federal prosecutors announced that they were charging three men in relation to a series of hacking events that targeted twelve different financial institutions. In total, the prosecutors claim that over 100 million people were affected by the attacks.
According to the BBC, the three men — two Israelis, Gery Shalon and Ziv Orenstein, and one US citizen, Joshua Samuel Aaron — face 21 separate charges, including computer hacking and identity theft. Aaron acted as a regular customer, while Shalon and Orenstein used his account as a conduit through which to gain access to networks. US federal prosecutor Preet Bharara referred to the attacks as “securities fraud on cyber-steroids”.
During the attacks, it’s alleged that Shalon and Aaron used access to financial networks to manipulate stock prices, using customer information to market stocks and sell them above their actual value. In turn, stock prices fells, leaving other investors at a loss. It seems the accused never actually used account details of the 100 million affected people — they simply used their personal details to send out information to encourage sales of stock.
There’s a long list of other activities, too. It’s claimed that the trio ran illegal gambling sites, processed payments for illegal malware and pharmaceuticals, and also dabbled in illegal Bitcoin exchanges.
Some of the figures involved with the hack are amazing. Ars Technica points out that it’s claimed the trio used 30 fake passports, 75 shell companies and more than 200 fake ID documents to carry out their activities. The indictment claims that they used the Heartbleed vulnerability to gain access to some of the servers they hacked.
All told, it’s claimed they hoovered up hundreds of millions of dollars.
Image by AP