by Greg Farrell and Patricia Hurtado
The U.S. described a vast, multi-year criminal enterprise centering on hacks of at least nine big financial and publishing firms and the theft of information on 100 million of their customers that fueled a web of stock manipulation, credit-card fraud and illegal online casinos.
Two indictments, unsealed this week, tied three of four suspects to previously reported hacks of JPMorgan Chase & Co., E*Trade Financial Corp., Scottrade Financial Services Inc. and Dow Jones & Co., a unit of News Corp.
Hackers and conspirators in more than a dozen countries generated hundreds of millions of dollars in illicit proceeds on pump-and-dump stock schemes and particularly lucrative online gambling, prosecutors said.
From 2012 to mid-2015, the suspects and their co- conspirators successfully manipulated dozens of publicly traded stocks, sent misleading pitches to clients of banks and brokerages whose e-mail addresses they’d stolen, and profited by using trading accounts set up under fake names, prosecutors said.
Along the way, members of the ring tried to extract nonpublic information from financial corporations, processed payment information for fake pharmaceuticals and fake anti-virus software, falsified passports and took control of a New Jersey credit union, said prosecutors. They used 75 companies and bank and brokerage accounts around the world to launder money, prosecutors wrote. Other alleged offenses include hacking, securities fraud, wire fraud and identity theft.
The global network stretched from Israel to the U.S., with a dozen online casinos and payments that ran through Cyprus, Azerbaijan and Switzerland.
The co-conspirators deceived financial institutions into processing and authorizing payments to and from the casino companies and others, prosecutors wrote in their latest indictment of Gery Shalon, Joshua Aaron and Ziv Orenstein, who they say are at the center of the scheme. Shalon and Orenstein were arrested in Israel in July. Aaron remains at large.
“They colluded with corrupt international bank officials who willfully ignored its criminal nature in order to profit from, as a co-conspirator described it to Shalon, their payment processing ‘casino/software/pharmaceutical cocktail’,” according to the indictment of the three.
Anthony Murgio, who was arrested in Florida in July, was indicted separately for crimes related to a Bitcoin-exchange service and the takeover of a New Jersey credit union to further the business.
Shalon was the leader and self-described “founder” of the sprawling cybercriminal enterprise, which the indictment describes as having hundreds of employees and co-conspirators. In one case, according to the indictment, he boasted that a profitable stock sale was a “small step towards a large empire.”
“We buy them [i.e., stocks] very cheap, perform machinations, then play with them,” Shalon is cited as explaining to a co-conspirator. Responding to the co- conspirator’s rhetorical question about whether buying stocks was popular among Americans, he said: “It’s like drinking freaking vodka in Russia.”
Shalon -- an Israeli citizen who also went by the names Garri Shalelashvili, Phillipe Mousset and Christopher Engeham -- directed hacks to further his market-manipulation and Internet gambling schemes, the indictment said. Shalon concealed at least $100 million in Swiss and other bank accounts, it said.
The new allegations against the four broaden dramatically the scope of a wide-ranging criminal enterprise with hacking at its core. Outlines of the government’s case against the men emerged with their arrest in July, when Shalon, Orenstein and Aaron were implicated in a pump-and-dump scheme.
The three men were linked to hacks of JPMorgan, Fidelity Investments Ltd. and E*Trade, Bloomberg News reported at the time.
The hackers located some 10 million e-mail addresses of customers and stole millions of those from Dow Jones, identified as Victim 8 in the indictment. In October, the company disclosed that its computer systems had been hacked. As part of that disclosure, Dow Jones chief executive officer William Lewis said that some customer payment information may have been compromised -- on no more than 3,500 accounts -- and that it was unknown whether other information had been taken.
A week earlier, Scottrade disclosed that it had been hacked and that information on 4.6 million customers had been taken.
According to the indictment, Shalom and a co-conspirator expanded their efforts to seek material non-public information from firms they were hacking. In one e-mail, they referred to seeking "interesting info" from top managers at Victim 5, a St. Louis brokerage firm now confirmed as Scottrade.
A spokeswoman for Dow Jones said in a statement: "The indictment unsealed today refers to the public disclosure we made on October 9. The government’s investigation is ongoing, and we continue to cooperate with law enforcement."
The hack of Fidelity has been previously reported. The company said it has no indication that any customer accounts, customer information or related systems were affected. E*Trade confirmed it was attacked in late 2013 but declined to provide more information.
“We continue to cooperate with law enforcement in fighting cybercrime,” JPMorgan spokeswoman Trish Wexler said in a statement.