Skip to main content

Are you a legal professional? Visit our professional site

Search for legal issues
For help near (city, ZIP code or county)
Please enter a legal issue and/or a location

US Charges Hackers Who Targeted JP Morgan

Article Placeholder Image
By Jonathan R. Tung, Esq. on November 11, 2015 12:59 PM

Federal Prosecutors finally unsealed an indictment of criminal charges against three men who orchestrated what has been described as the "largest theft of customer data from a U.S. financial institution in history." The formal indictment does not name the financial institutions directly, but a Reuters report confirms that JP Morgan Chase and ETrade were amongst the targeted companies.

The indictment alleges that three men -- two Israelis and one American -- co-conspired over the course of years to electronically hack, con, and illegally traffic goods profiting in hundreds of millions. In the words of Manhattan U.S. Attorney Preet Bharara, "The charged crimes showcase a brave new world of hacking and profit ... This was hacking as a business model." The range and extent of their crimes is too massive to list here.

Hacking for Profit

Isreali defendants Gery Shalon (31) and Ziv Orenstein (40) and American co-defendant Joshua Aaron (31) were accused of a range of crimes in connection with massive security hacking over the course of years and the running of illegal gambling operations.

The intrusion into the networks is a study in the security flaws at some of the most trusted financial institutions in America. Aaron set up customer accounts at several financial institutions and gave his login information to Shalon, who promptly used his skills as a hacker to analyze the security flaws of each target company.

Shalon and another co-conspirator then systematically infected the networks with malware in order to extract customer information from the network over the course of months. With access to over 100 million customer's profiles, the men used the information to market stocks and manipulate prices in a systematic "pump-and-dump" operation.

Using the Heartbleed Vulnerability

Shalon and Aaron then moved on to a company with even more financial clout, described in the indictment only as "one of the world's largest financial services corporations, providing [various financial services] with headquarters in Boston Massachusetts." The two men infiltrated the victim's network by utilizing the Heartbleed vulnerability that had been the security scare of 2014. By the time the company in question had addressed and taken care of the vulnerability, Shalon and crew had already made off with a fortune.

Scary Horizons

The operation finally came to an end largely in part because Shalon was too eager to pat himself on the shoulder rather than keep quiet. But the reach and expanse of Shalon and company's criminal enterprise is impressive and frightening. No doubt, there are legions of other potential hackers on the planet who aspire to Shalon's impact and greatness.

If there was ever an incident that should convince financial institutions that cyber-security should be given the highest priority, this is it.

Related Resources:

Find a Lawyer

More Options