The JPMorgan hackers committed 'securities fraud on cyber steroids'


preet bharara

REUTERS/ Lucas Jackson

One of the biggest financial data breaches in history was "securities fraud on cyber steroids."


That's according to US Attorney for the Southern District of New York, Preet Bharara, who has charged Gery Shalon, Joshua Samuel Aaron, and Ziv Orenstein in connection to "the largest theft of customer data from a U.S. financial institution in history."

The defendants took a "classic stock fraud scheme" and brought it into the cyberspace, Bharara said in a Tuesday press conference.

He said they hacked 12 financial institutions, including JPMorgan, and stole personal information for over 100 million customers, targeting people engaged in significant stock trading.

They then used that private information to blast emails and tout penny stocks in multimillion-dollar "pump and dump" schemes, Bharara said.


They also allegedly performed "reverse mergers" of private companies with public shell corporations that Shalon controlled.

Payments processing for criminals and other charges

The three defendants were charged in a 23-count indictment.

In addition to the market manipulation scheme, Bharara accused Shalon and Orenstein of operating unlawful internet casinos and engaging in "massive hacks and cyberattacks against other internet gambling businesses to steal customer information, secretly review executives' emails, and cripple rival businesses."

Separately, Bharara accused the same two men of operating illicit payment processing schemes for criminals.

Users included "unlawful pharmaceutical distributors, purveyors of counterfeit and malicious purported 'anti-virus' computer software, their own unlawful internet casinos," and an illegal United States-based Bitcoin exchange owned by Shalon.


Another charge is related anti-money laundering laws that Shalon's Bitcoin exchange violated.

Hacking banks, brokerages, and business news

In October 2014, JPMorgan, revealed in an SEC filing that more than 70 million households and seven million small businesses may have had their private data compromised in a cyberattack.

Bharara put the total number of customers affected from that incident at 83 million and called it "the single largest theft of data from a US financial institution."

At the time, the bank said, it hadn't seen "any unusual customer fraud related to this incident." It has since invested heavily in security and built a digital security team with ex-military cybersecurity experts.

Last month, Dow Jones, which publishes The Wall Street Journal and Barron's, said that hackers had intruded their networks, seeking contact and payment information for 3,500 customers.


Also last month, retail brokerage Scottrade said it had been the victim of a cyberattack in late 2013 and early 2014 that affected a system with data on 4.6 million clients.

Aaron is a fugitive and wanted by the FBI. Shalon and Orenstein arrested in Israel in July and Bharara is seeking extradition.

NOW WATCH: Researchers have discovered 3 ways to tell if computer chips are counterfeit