Report links alleged US, Israeli cybercrims with JPMorgan MEGAHACK
Pump-and-dump buck stops with arrests in Florida and Israel
Federal authorities in America have charged five men who are being indirectly connected with the attack and data breach at JPMorgan Chase last summer, after the global bank, with total assets of $2.6tn, lost the contact data for millions of customers.
The attack now appears to have been sourcing targets for a fraudulent investment scheme involving pump-and-dump (artificially inflating an item or commodity's price, normally via misleading statements) stocks, rather than an effort to steal financial data from the bank.
Authorities arrested a number of people in Israel and Florida on Tuesday over an alleged pump-and-dump scheme, and a Bitcoin money laundering operation.
According to a federal law enforcement official who spoke anonymously to USA Today, while the arrests are not being publicly tied to the JPMorgan attack, some of those arrested are also suspects in the breach and were discovered through that investigation.
The indictment charges Gery Sharon, Joshua Samuel Aaron and Ziv Orenstein "with orchestrating a scheme to manipulate the price and volume of traded shares in numerous publicly traded stocks by means of deceptive and misleading email campaigns, and manipulative, prearranged stock trading."
The United States Attorney's Office is seeking the extradition of Sharon and Orenstein, who are Israeli nationals and residents, to stand trial in the US following their arrest by Israeli police on Tuesday. Aaron, however, remains at large.
The two criminal complaints target Anthony R. Murgio and Yuri Lebedev, both of whom reside in Florida, where they attended Florida State University.
They are charged with "running an unlicensed Internet Bitcoin exchange, which they operated through a phony front-company and, at times, a federal credit union that Murgio acquired for purposes of the scheme."
It is not clear how the five men knew each other, or how the schemes were related, and no connection between them has been made other than through USA Today's source.
The indictment accuses the Israeli-based conspirators of running stock manipulation schemes to artificially inflate the price of penny stocks, enabling the gang to sell their holdings at fraudulent prices.
The Securities and Exchange Commission has filed its own civil lawsuit against Shalon, Orenstein, and Aaron.
The key tie between this scam and the attack on JPMorgan (should it appear) is likely to come through a partnership between Shalon and Aaron with "promoters" who identified the companies whose stock would be targeted for manipulation.
The worthless penny stocks would be pitched, through spam emails, to investors such as those likely to be found on JPMorgan's hacked customer list.
The attackers are believed to have gained access to the list through a hole left open by a failure to switch on two-factor authentication on an overlooked server.
Security practices at the bank were noted back in April, when Peter Persaud, a former JP Morgan employee, was charged with selling customer information to thieves.
US Secret Service Special Agent in Charge, Robert J. Sica, said: "The Secret Service, in conjunction with its many law enforcement partners across the United States and around the world, is committed to deploying cutting edge investigative practices and technology in order to bring these offenders to justice." ®