By Ed Silverstein, Legaltech News

The latest information links the trio to the massive 2014 hack of JP Morgan Chase & Co.

Two men are in custody—and one remains at large—in connection with what federal officials describe as “massive computer hacking crimes against U.S. financial institutions, brokerage firms, and financial news publishers, including the largest theft of customer data from a U.S. financial institution in history.”

The two under arrest were identified as Gery Shalon and Ziv Orenstein. They are awaiting extradition from Israel. The third defendant, identified as Joshua Samuel Aaron, is still at large.

The latest information links the trio to the massive 2014 hack of JP Morgan Chase & Co.

“These three defendants perpetrated one of the largest thefts of financial-related data in history—making off with the sensitive information of literally thousands of hard-working Americans,” Attorney General Loretta E. Lynch said in a statement released on Tuesday.

A 23-count indictment charged the defendants with such crimes as: computer hacking, conspiracy in connection with money laundering, internet gambling, identity theft, securities fraud and wire fraud.

In describing the far-reaching inquiry, Manhattan U.S. Attorney Preet Bharara said federal officials “exposed a cybercriminal enterprise that for years successfully and secretly hacked into the networks of a dozen companies, allegedly stealing personal information of over 100 million people, including over 80 million customers from one financial institution alone.”

“The charged crimes showcase a brave new world of hacking for profit,” Bharara added. “It is no longer hacking merely for a quick payout, but hacking to support a diversified criminal conglomerate. This was hacking as a business model. The alleged conduct also signals the next frontier in securities fraud – sophisticated hacking to steal nonpublic information, something the defendants discussed for the next stage of their sprawling enterprise.”

When asked about the charges, Brian Kudowitz, who is Bloomberg Law’s commercial product director for privacy and data security, said, “Revelations from the indictments on the scope of these breaches, with the impact spanning numerous countries and sectors, drives home the increasing complexity and severity of cyber-incidents.”

“The practical result is that companies will have to adapt not only to greater security threats, but also intensifying attention from a growing list of regulators with skin in the game,” he added. “Greater investment by boards in their privacy and security programs is absolutely essential, but realistically many companies have to bite the bullet and reshape their entire program, including adopting a bottom-up approach.”

The news comes shortly after a survey revealed that just 19 percent of banks were “highly prepared” for a cyberattack, Legaltech News has reported.

Also, Lynch noted how the charges came after victims “came forward and worked with the Department of Justice to hold the perpetrators accountable.”

Specifically, the government alleges that between 2012 to the middle of 2015, Shalon, Aaron and other suspects stole the personal information of over 100 million customers.

The defendants also artificially manipulated the price of U.S. stocks, while Shalon directed hacks and cyberattacks against several companies.

Moreover, between 2007 and July 2015, Shalon owned and operated unlawful internet gambling businesses; multinational payment processors for illegal pharmaceutical suppliers, counterfeit and malicious software (“malware”) distributors, and unlawful internet casinos; and controlled Coin.mx, an illegal United States-based Bitcoin exchange that operated in violation of federal anti-money laundering laws, the government claims. 

“Nearly all of these schemes … relied for their success on computer hacking and other cybercrimes committed by [Shalon] and his co-conspirators,” the government adds. They allegedly earned hundreds of millions of dollars in illicit proceeds, of which at least $100 million was deposited in Swiss and other bank accounts.

They also allegedly laundered their criminal proceeds, through at least 75 shell companies, and bank and brokerage accounts.

Anthony Murgio was also arrested in connection with the case.

When commenting on the case, Craig Newman, an attorney at Patterson Belknap Webb & Tyler, says the indictment reads “like a digital-era spy novel about how a global band of cybercriminals would stop at nothing to hack into the computer systems of top financial institutions.”

He adds how the government’s case shows “that we all live in digital glass houses” – even the most sophisticated organizations.

Illustration via iStock

For more on this story go to: http://www.legaltechnews.com/id=1202742158965/Three-Charged-In-Historic-Bank-Data-Breach#ixzz3rILBiL8M