Three men charged over the largest cyber-attack on financial firms in US history
Gery Shalon, Ziv Orenstein and Joshua Samuel Aaron were arrested in Israel in July where they remain in custody
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Three men have been charged in relation to the largest cyber-attack on financial firms in US history, which saw the personal information for 100 million people accessed between 2012 and the summer of 2015.
Calling the scheme “securities fraud on cyber-steroids”, US federal prosecutor Preet Bharara said: "In our view, the conduct alleged in this case showcases a brave new world of hacking for profit… In short, it is hacking as a business model."
Charged in the indictment were Gery Shalon, 31, of Savyon, Israel; Ziv Orenstein, 40, of Bat Hefer, Israel and Joshua Samuel Aaron, 31, a US citizen living in Moscow and Tel Aviv, Israel.
Aaron was labeled a fugitive while Orenstein and Shalon were arrested in Israel in July where they remain in custody. Bharara said the US was seeking their extradition.
Charges against the three men were expanded to include computer hacking and identity theft among 21 other counts.
The men allegedly manipulated stock prices by selling shares of companies to individuals whose contact information they had stolen, before dumping their own shares and causing the price to fall.
Described by Bharara as "the single largest theft of customer data from a US financial institution ever," the men are accused in relation to the summer 2014 of data including the names, addresses, emails and phone numbers of more than 83 million customers of JPMorgan Chase & Co – America’s biggest bank by assets.
The men were also charged with running an illegal payment processing business that they used to collect $18m (£11.9m) in fees.
An indictment unsealed in New York federal court said identifying information on millions more customers was stolen in cyber-attacks from against several other financial institutions between 2012 to last summer.
Since 2007, one or more of the defendants also engaged in other criminal schemes, including US securities market manipulation schemes and the operation of at least a dozen Internet casinos that violated US laws, the indictment said.
Some of the massive computer hacks and cyberattacks occurred as the men sought to steal the customer base of competing Internet gambling businesses or to secretly review executives' emails in a quest to cripple rivals, according to the indictment.
Authorities said they used about 200 fake identity documents, including over 30 fake passports supposedly issued by the United States and at least 16 other countries, as they operated their criminal schemes.
They added that the group laundered the proceeds through at least 75 shell companies and bank and brokerage accounts worldwide.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments