Four Men Indicted for Massive, Multi-Million Dollar Hack

November 12, 2015, Written By Bill Hardekopf

Four men have been indicted on charges that they hacked into financial institutions across the globe and used stolen information to manipulate stocks, commit credit card fraud and operate illegal online casinos. The hackers and their conspirators generated over $100 million from these unlawful operations, which took place from 2012 to 2015.

Federal authorities allege the men are responsible for hacking JPMorgan Chase, E*Trade Financial, Scottrade, Dow Jones and at least five other institutions. The data of more than 100 million victims was stolen.

Gery Shalon, the alleged leader, Joshua Samuel Aaron and Zic Orenstein were charged on 23 counts, including unauthorized access of computers, identity theft, securities and wire fraud and money laundering. The fourth hacker has not yet been named.

This unidentified hacker used many methods to enter networks, including the “Heartbleed vulnerability,” which was discovered last year. Also, Aaron was able to trick a victim in the United States into providing the E*Trade and Scottrade network login credentials, which the hackers used to locate customer databases on the networks.

According to online chats between the criminals, they stole customer information in the hopes of establishing their own brokerage business. They wanted to model their business after Merrill Lynch and hoped this stolen customer data would give them an advantage over competitors.

The cyber criminals hacked JPMorgan in 2014 and compromised the data of 76 million personal accounts and more than seven million small business accounts. The financial institution filed reports with the Securities and Exchange Commission that stated only names, addresses and emails were taken in that breach. Money, credit cards, passwords and social security numbers were not compromised.

However, the information that was obtained was enough to make the hackers millions of dollars. They were able to manipulate stock prices, operate dozens of Internet gambling sites and start a Bitcoin exchange.

The information contained within this article was accurate as of November 12, 2015. For up-to-date
information on any of the terms, cards or offers mentioned above, visit the issuer's website.