Three charged in massive hack scheme against JP Morgan Chase, others

US prosecutors on Tuesday announced charges against three men accused of running a cyberfraud enterprise that targeted 12 companies and led to the exposure of personal information of more than 100 million people.

Mike Segar/Reuters/File
A view of the exterior of the JP Morgan Chase & Co. Corporate headquarters in the Manhattan borough of New York City in this May 20, 2015 photo. US prosecutors on Tuesday unveiled charges against three men accused of running a cyberfraud enterprise that targeted JP Morgan Chase and other companies, and caused the exposure of personal information of more than 100 million people.

U.S. prosecutors on Tuesday unveiled criminal charges against three men accused of running a sprawling computer hacking and fraud scheme that included a huge attack against JPMorgan Chase & Co and generated hundreds of millions of dollars of illegal profit.

Gery Shalon, Joshua Samuel Aaron, and Ziv Orenstein, all from Israel, were charged in a 23-count indictment with alleged crimes targeting 12 companies, including nine financial services companies and media outlets including The Wall Street Journal.

Prosecutors said the enterprise dated from 2007, and caused the exposure of personal information belonging to more than 100 million people.

"By any measure, the data breaches at these firms were breathtaking in scope and in size," and signal a "brave new world of hacking for profit," U.S. Attorney Preet Bharara said at a press conference in Manhattan.

The alleged enterprise included pumping up stock prices, online casinos, payment processing for criminals, an illegal bitcoin exchange, and the laundering of money through at least 75 shell companies and accounts around the world.

Tuesday's charges expand a case first announced in July, and according to U.S. Attorney General Loretta Lynch target "one of the largest thefts of financial-related data in history."

The charges are also the first tied to the JPMorgan attack, which prosecutors said involved the stealing of records belonging to more than 83 million customers, the largest theft of customer data from a U.S. financial institution.

Authorities said Shalon and Aaron executed that hacking, using a computer server in Egypt that they had rented under an alias that Shalon often used.


A separate indictment unveiled in Atlanta against Shalon, Aaron and an unnamed defendant said the brokerages E*Trade Financial Corp and Scotttrade Inc were also targets, and personal information of more than 10 million customers was compromised.

TD Ameritrade Holding Corp and News Corp's Dow Jones unit, which publishes The Wall Street Journal, said they were also targets. Fidelity Investments was also a target, a person familiar with the matter said.

Other targets could not be immediately verified.

Shalon, 31, of Savyon, Israel, and Orenstein, 40, of Bat Hefer, Israel, were arrested in July. Aaron, 31, a U.S. citizen who lives in Moscow and Tel Aviv, remains at large and is the subject of an FBI "wanted" poster.

Another defendant, Anthony Murgio, 31, of Tampa, Florida, was charged separately over the bitcoin exchange, He was originally charged in July, and faces an arraignment on Friday. A co-defendant in that case, Yuri Lebedev, is in "discussions" with prosecutors, Bharara said.

Lawyers for the defendants were not immediately available for comment.

JPMorgan on Tuesday confirmed that the latest charges relate to the 2014 attack, and said it continues to cooperate with law enforcement efforts to fight cybercrime.

It also said that only contact information such as names, addresses and emails was accessed, and that account information, passwords or Social Security numbers were not compromised.

E*Trade said it has contacted 31,000 customers who may have been affected. News Corp said the indictment relates to a breach that targeted subscribers, and which was disclosed on Oct. 9.


The new charges portray Shalon as the ringleader, having orchestrated hackings since 2012 against nine companies, and along with Orenstein having since 2007 run at least 12 illegal Internet casinos.

Prosecutors said Shalon and Orenstein also ran payment processors IDPay and Todur, through which they collected $18 million of fees to process hundreds of millions of dollars of transactions for criminals.

Shalon was also accused of running the illegal bitcoin exchange with Murgio, and concealing at least $100 million in Swiss and other accounts.

Prosecutors said the illegal proceeds included tens of millions of dollars from manipulating the prices of stocks sold to customers whose information had been stolen, and who the defendants arranged to be cold-called.

According to prosecutors, Shalon was sure this would work because Americans liked buying stocks. "It's like drinking freaking vodka in Russia," he allegedly told an accomplice.

Meanwhile, the Atlanta indictment said that after Scottrade's computers were breached in late 2013, Shalon expressed a desire in an online chat to see credit card and trade data for customers, so "they will know that we know info about them for real, and they will trust us more."

Aaron was identified in the FBI poster as the "front-man" in the scheme where, using the alias "Mike Shields," he conspired to drive up stock prices and dump shares at inflated prices.

"Securities fraud on cyber steroids," as Bharara put it.

The indictment against Shalon, Orenstein and Aaron includes counts of computer hacking, securities and wire fraud, identity theft, illegal Internet gambling and conspiring to commit money laundering. Not all counts were brought against all defendants.

Murgio faces seven counts including wire fraud, money laundering and operating an unlicensed money transmitter.

The U.S. Securities and Exchange Commission previously filed civil charges against Shalon, Aaron and Orenstein.

The cases are U.S. v. Shalon et al, U.S. District Court, Southern District of New York, No. 15-cr-00333; U.S. v. Murgio in the same court, No. 15-cr-00769; and U.S. v. Shalon et al, U.S. District Court, Northern District of Georgia, No. 15-cr-00393. (Reporting by Jonathan Stempel and Nate Raymond in New York; Additional reporting by Jim Finkle and Ross Kerber in Boston, and David Henry, Olivia Oran and Jessica Toonkel in New York; Editing by Chizu Nomiyama and Meredith Mazzilli)

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to

QR Code to Three charged in massive hack scheme against JP Morgan Chase, others
Read this article in
QR Code to Subscription page
Start your subscription today