"More charges levied in big cyberattack" by Liz Moyer New York Times November 10, 2015
NEW YORK — Federal prosecutors in Manhattan on Tuesday announced additional criminal charges against three men accused of being part of a huge cyberattack against JPMorgan Chase, as well as other banks, brokers, and financial information publishing companies.
Gery Shalon, Joshua Aaron, and Ziv Orenstein were charged with 23 counts related to wire and securities fraud as well as unlawful Internet gambling and securities market manipulation in a superseding indictment unsealed Tuesday. An indictment this summer included 11 counts of wire and securities fraud and money laundering.
Shalon and Orenstein, both Israeli citizens, are in custody awaiting extradition. Aaron, a US citizen, is believed to be in Russia. The FBI has a wanted notice out for him “for his alleged involvement in a scheme to hack major American companies in order to acquire customer contact information.”
Prosecutors say the scheme lasted from 2007 to mid-2015, earning “hundreds of millions of dollars in illicit proceeds,” some of it hidden in Swiss accounts and other bank accounts.
A separate indictment on Tuesday outlined seven charges against Anthony Murgio, a Florida man previously accused of running an unlicensed Bitcoin exchange. He has been mentioned in connection with the JPMorgan hack.
JPMorgan confirmed it was “Victim 1” in the superseding indictment.
“We appreciate the strong partnership with law enforcement in bringing the criminals to justice,” the bank said in a statement. “As we did here, we continue to cooperate with law enforcement in fighting cybercrime.”
The hacking involved contact information and e-mail addresses tied to 83 million JPMorgan customer accounts, though prosecutors said the attack also affected brokerage and financial firms in Boston; Omaha, Neb.; New York; St. Louis; and Charlotte, N.C.
E-Trade Financial said it was attacked in 2013 but found no evidence sensitive financial information was compromised. It added that access may have been obtained to contact information for roughly 31,000 customers. JPMorgan has said it discovered the attack last year and blocked the hackers before they could access the most sensitive customer data.
Fidelity Investments, of Boston, said, “We have confirmed with the FBI that there is no indication that our customers were affected.”