Some of the masterminds behind attacks on a number of financial institutions may be behind bars. U.S. authorities arrested four people in Israel and Florida this week who are allegedly involved in the hacks of JPMorgan Chase and other financial institutions, according to reports.
In October, JPMorgan revealed the accounts of 76 million households were compromised in a cyberattack. On top of that, another 7 million small businesses were compromised. But that was not the end of the story. Those same hackers also hit Fidelity Investments and 12 other financial institutions. Information, including names, addresses, phone numbers and e-mail addresses, was compromised.
Big Time Schemers?
Two men, Anthony R. Murgio and Yuri Lebedev, arrested in Florida, have been tied to an underground bitcoin exchange, according to the FBI. The duo allegedly operated the bitcoin exchange through a phony front company and, at times, a federal credit union that had been acquired by Murgio, the FBI said.
The FBI connected three other men to a multimillion-dollar stock manipulation scheme. Gery Shalon, and Ziv Orenstein were arrested in Israel and charged with orchestrating a scheme to manipulate the price and volume of traded shares in numerous publicly traded stocks “by means of deceptive and misleading e-mail campaigns and pre-arranged stock trading.” Joshua Samuel Aaron was charged but has not been captured. The FBI has not publicly connected any of the five men to the hack on JPMorgan Chase and the other financial institutions. But news reports are making that connection.
“As alleged, [Shalom, Aaron, and Orenstein] manipulated trading in U.S. securities from overseas, using fake identities to funnel millions of dollars in unlawful proceeds through a web of international shell companies,” Manhattan U.S. Attorney Preet Bharara said. “Using false and misleading spam e-mails sent to millions of people, these defendants allegedly directed their pump-and-dump scheme from their computers halfway around the world.”
Complexity of Digital Crime
We reached out to Igor Baikalov, former head of security intelligence for Bank of America, and now chief scientist for security analytics firm Securonix, to get his thoughts on the arrest. He told us there’s a clear trend of increasing complexity of digital crime.
“It’s no longer a simple hit-and-run, like account hijacking or indiscriminate spam. Now it’s an elaborate multi-layered, multi-stage fraud scheme that requires a team of criminal specialists to carry out,” Baikalov said. “With the fully functioning underground market for malware kits, botnet rental, money mules, and exploit-as-a-service offerings, bank robbers of digital age enjoy collaboration, component reuse, and division of labor.” The latter makes it even more difficult to solve attacks like the ones carried out on the financial institutions, he said.
“The fact that the network connections originated in one geographic locale or that financial transactions were traced to another one does not necessarily point to the perpetrators, but most likely to various parts of the distributed infrastructure whose legitimate owners might not be even aware of the attack,” Baikalov said.
