Man Accused of Masterminding the Hacks That Shook Wall Street

[MikeWB]

Yeah, he's a jеw.



Through the dark world of cybercrime, its tentacles spread everywhere: stock manipulation, money laundering, gambling and more.

Nothing in the annals of corporate hacking compares to the portrait U.S. authorities painted Tuesday of a vast, global crime syndicate -- a mob for the digital age. As described by federal prosecutors, it was an operation of breathtaking scale, involving more than 100 people in a dozen countries, with illicit proceeds stretching into the hundreds of millions of dollars.

At its head is a mysterious Israeli, Gery Shalon -- a 31-year-old from the Republic of Georgia who prosecutors said used aliases, fake passports and banking havens to turn hacking into the backbone of his criminal enterprise.

Much as the mafia gained footholds in construction, shipping, trucking and gambling, Shalon's organization was a conglomerate that allegedly ran illegal Internet casinos and elaborate pump-and-dump stock schemes, while dabbling in credit-card fraud and fake pharmaceuticals.
Biggest Attacks

His group is the thread that runs through many of the biggest cyber-attacks of recent years, including the largest bank breach on record, involving the theft of information relating to 83 million customer accounts from JPMorgan Chase & Co.

Along with JPMorgan, Fidelity Investments Ltd., E*Trade Financial Corp., Scottrade Financial Services Inc. and Dow Jones & Co., a unit of News Corp., confirmed they had been among the victims of hackers who worked for the group. The indictment unsealed Tuesday against Shalon and two other men didn't name those institutions, saying only that hackers linked with the group had breached banks and other financial firms, stealing information on 100 million of their customers.

"The conduct alleged in this case showcases the brave new world of hacking for profit," U.S. Attorney Preet Bharara in Manhattan said Tuesday in announcing two of the indictments that laid out parts of the scheme.

"It is no longer hacking merely for a quick payout," Bharara said. "It is hacking as a business model."

The allegations are perhaps the starkest illustration yet that even the most sophisticated computer networks, run by companies at the heart of the global financial system, may be vulnerable in the age of the Digital Don. The latest revelations come just three months after U.S. authorities arrested several men they accuse of lurking inside servers where corporate press announcements were awaiting release, in order to trade on the information before it went public.
Fake Names

Shalon's alleged ring processed payment information for fake pharmaceuticals and fake anti-virus software. Its members sent misleading stock pitches to clients of banks and brokerages, whose e-mail addresses they'd stolen. They profited by using trading accounts set up under fake names and used dozens of shell companies and bank and brokerage accounts around the world to launder money. They also tried to extract nonpublic information from financial corporations, prosecutors said.

Shalon -- also known as Garri Shalelashvili, Phillipe Mousset and Christopher Engeham -- was the self-described "founder" of the enterprise, according to an indictment unsealed in Manhattan that also named Joshua Aaron and Ziv Orenstein. Shalon directed hacks to further his market-manipulation and Internet gambling schemes, the indictment said, concealing at least $100 million in Swiss and other bank accounts.

Shalon and Orenstein were arrested in Israel in July, and the U.S. is seeking their extradition to New York for trial. Aaron remains at large.

Alan Futerfas, a lawyer for Orenstein, didn't immediately return a voice-mail message left at his office seeking comment. Shalon and Aaron couldn't be reached for comment.

A separate indictment outlined the case against Anthony Murgio, who was arrested in Florida in July. He was accused of crimes related to a bitcoin-exchange service owned by Shalon, as well as the takeover of a New Jersey credit union, all used to launder proceeds from the criminal enterprise.

Gregory Kehoe, a lawyer for Murgio, didn't immediately return a voicemail message left at his office seeking comment.
FSU Friendships

Outlines of the government's case against the men began emerging with the arrests last summer, when Shalon, Orenstein and Aaron were implicated in a pump-and-dump scheme. That began raising questions about the links between Shalon and a group of men, including Murgio and Aaron, whose friendship dated back more than a decade to their days at Florida State University.

Another mystery: Who did the hacking? A clue emerged in an indictment over the E*Trade attack, which was unsealed Tuesday in federal court in Atlanta. It names Shalon, Aaron and a third person -- "a computer hacker who is believed to have resided in Russia" -- who it alleges infiltrated computer networks under Shalon's direction, located customer databases and exported the profile information to computers overseas.

Among the ring's early hacking targets was Dow Jones. The hackers located some 10 million e-mail addresses of customers and stole millions of those from Dow Jones, identified as Victim 8 in the indictment.

In October, the company disclosed that its computer systems had been hacked. As part of that disclosure, Dow Jones chief executive officer William Lewis said that some customer payment information may have been compromised -- on no more than 3,500 accounts -- and that it was unknown whether other information had been taken.

Earlier in October, Scottrade disclosed that it had been hacked and that information on 4.6 million customers had been taken.
'Interesting Info'

According to the indictment, Shalon and a co-conspirator expanded their efforts to seek material non-public information from firms they were hacking. In one e-mail, they referred to seeking "interesting info" from top managers at Victim 5, a St. Louis brokerage firm now confirmed as Scottrade.

A spokeswoman for Dow Jones said in a statement: "The indictment unsealed today refers to the public disclosure we made on October 9. The government's investigation is ongoing, and we continue to cooperate with law enforcement."

The hack of Fidelity has been previously reported. The company said it has no indication that any customer accounts, customer information or related systems were affected. E*Trade confirmed it was attacked in late 2013 but declined to provide more information.

"We continue to cooperate with law enforcement in fighting cybercrime," JPMorgan spokeswoman Trish Wexler said in a statement.
Since 2007

Shalon began building his criminal conglomerate in 2007 with Internet casinos and capped it off with stock and credit-card schemes years later, according to the 68-page indictment against Shalon and others in Manhattan.

Shalon and his associates operated at least a dozen online "real money" casinos in the U.S. from 2007 until this year, raking in hundreds of millions of dollars in revenue and, in some months, millions in profit. By December 2013, Shalon was paying 270 casino employees in Hungary and Ukraine, the indictment said.

"Casino turnover" in October 2013 alone was $78.9 million, Shalon's associate Orenstein said in an e-mail. Profit for February 2015 totaled $7.29 million, another e-mail said.

To attract bettors, Shalon used "massive" e-mail campaigns. He also arranged to send promotional material through the regular mail to as many as 100,000 U.S. residents in more than 30 states.
Customer Data

All the while, Shalon was bent on crippling his rivals, the government said. He and his accomplices allegedly broke into other Internet gambling operations to steal customer data and orchestrated the hack of two firms that supplied software to online casinos.

By 2012, the government said, Shalon had grown so aggressive he was engineering cyber-attacks to incapacitate rival gambling sites "in response to perceived misconduct" directed at his own casinos.

Another part of Shalon's 21st-century cyberfraud was a classic 20th-century pump-and-dump scheme, which authorities said netted tens of millions of dollars in illicit profits.

Teaming with two allegedly crooked stock promoters who are now cooperating with prosecutors, Shalon, Aaron and sometimes Orenstein selected publicly traded companies or private firms they could take public through reverse mergers with listed shell corporations.
Aliases, Passports

Using aliases and phony passports, the five opened trading accounts and then bought on the cheap almost all of a company's shares, driving its price higher -- in one instance, more than 1,800 percent higher.

In the first phase, they and their accomplices executed prearranged trades that spurred a modest price rise on successive days. Next, prosecutors wrote, Shalon and Aaron sent spam e-mails touting the stock and its price rise to millions of potential investors they'd identified in their earlier hacks of banks and brokerages.

Is it "popular in America -- buying stocks?" an accomplice not named in the indictment asked Shalon at one point.

"It's like drinking freaking vodka in Russia," Shalon answered, according to the indictment. "We buy them" -- stocks -- "very cheap, perform machinations, then play with them."
Dumped Shares

With the price inflated, Shalon, Aaron and the promoters began dumping their shares in coordinated fashion, often generating millions of dollars in profit per stock. Their sales eventually put downward pressure on the stock, and unsuspecting investors suffered big losses, prosecutors said.

The profits, Shalon boasted, were "a small step towards a larger empire."

In all, Shalon, Aaron and Orenstein manipulated dozens of stocks, prosecutors said. They made more than $2 million in 2012 when they pushed up the price of Mustang Alliances Inc., a purported mining company with operations in Honduras, according to a Securities and Exchange Commission lawsuit filed against the three in July.

By telling investors that the company was "sitting on at least $1.7 billion worth of gold," the group raised the price of Mustang by 65 percent.

"In a way, it was securities fraud on cybersteroids," Bharara said.
Credit-Card Challenge

There was more than a fair amount of ingenuity involved.

Criminals seeking to accept payments by credit and debit cards face a big problem -- how to steer money through a global financial system where card networks, banks and regulators doggedly prowl for suspicious transactions. Prosecutors said Shalon and conspirators offered a solution.

They allegedly set up a sophisticated processing system that funneled hundreds of millions of dollars for criminals while charging a fee for each transaction -- more than $18 million total. Tactics described in the indictment ranged from old-fashioned bribery to other strategies requiring more creativity.

First, Shalon set up a bogus pet-supply store and dress shop. Then, every time a card was used by a U.S. gambler, he and his accomplices made it look like payments went to fake stores selling pet supplies and wedding dresses.

When card networks caught the ring's illegal payments, they imposed millions of dollars in penalties on banks that let transactions slip through. Shalon and his accomplices allegedly feigned shock, reimbursed the banks, then set up more accounts, according to prosecutors.
Hacking the Watchdogs

When all else failed, they hacked the watchdogs.

Shalon's alleged victims included a risk-intelligence firm in Bellevue, Washington, that flagged merchants accepting payments for "unlawful goods or services," according to the indictment.

Prosecutors said the defendants hacked into the company's computer network to read e-mails and keep tabs on its efforts. The hackers figured out which credit and debit cards the company used to detect bogus merchants, then blacklisted those card numbers from Shalon's network.

With hundreds of millions rolling in from their global enterprise, the gang needed a way to process and launder its cash, prosecutors said.

Shalon, Orenstein and others used Shalon's bitcoin-exchange company, Coin.mx, to process transactions and hide their origins, while charging fees on each deal. Murgio, the ex-Florida State University student arrested over the summer, operated Coin.mx.

The group set up a front company, Collectibles Club –- supposedly a platform for hobbyists to chat and sell treasures like stamps and sports memorabilia –-  to disguise the unlicensed money-transmitting business. They then took over the New Jersey credit union -- with Murgio allegedly paying over $200,000 to two accounts at the direction of an unidentified bank executive between May and December 2014 -- and installing accomplices on the board of directors. They then moved Coin.mx's banking operations there, making it "a captive bank for their unlawful business," the U.S. said.

The money-laundering operation was as complex as other parts of the vast scheme. Using phony documents and aliases, the ring used accounts and at least 75 shell companies to wash its proceeds and moved gambling proceeds from account to account to account.

"They colluded with corrupt international bank officials who willfully ignored its criminal nature in order to profit from, as a co-conspirator described it to Shalon, their payment processing 'casino/software/pharmaceutical cocktail'," according to the indictment of the three.

The outfit may have had grander ambitions -- stealing inside information about companies to win a leg up in the market -- Bharara said Tuesday.

"The conduct alleged in this case also may signal next frontier in securities fraud, sophisticated hacking to steal material non-public information," he said. The defendants discussed this "as the next stage of their sprawling criminal enterprise."
http://www.bloomberg.com/news/articles/2015-11-10/digital-don-accused-of-hacks-at-jpmorgan-dow-jones-over-8-years

[MikeWB]

https://krebsonsecurity.com/tag/gery-shalon/

10
Nov 15
Arrests in JP Morgan, eTrade, Scottrade Hacks


U.S. authorities today announced multiple indictments and arrests in connection with separate hacking incidents that resulted in the theft of more than 100 million customer records from some of the nation's biggest financial institutions and brokerage firms, including JP Morgan Chase, E*Trade and Scottrade.

Prosecutors in Atlanta and New York unsealed indictments against four men and one unnamed alleged co-conspirator in connection with a complex, sprawling scheme to artificially manipulate the price of certain publicly traded U.S. stocks.

The defendants are accused of hacking into JPMorgan Chase in 2014, stealing the names, addresses, phone numbers and email addresses of the holders of some 83 million accounts at the financial institution –a breach that the Justice Department has dubbed the "largest theft of customer data from a U.S. financial institution in history." Scottrade announced a similar breach of 4.6 million customer records in October 2015. Etrade last month warned 31,000 customers that their contact information may have been breached.

The men allegedly laundered hundreds of millions of dollars from the scheme via a vast cybercrime network that included illegal online pharmacies, fake antivirus or "scareware" schemes, Internet casinos and even a Bitcoin exchange.

Indictments from Atlanta U.S. Attorney John Horn name Gery Shalon, 31, a resident of Tel Aviv and Moscow, who was arrested by Israeli law enforcement in Savyon, Israel in July 2015 and remains in custody there pending extradition proceedings. Another man, Joshua Samuel Aaron, also 31, is a U.S. citizen and resident of Israel, but currently a fugitive. The Atlanta indictments referenced a third, as yet-unnamed accomplice.

Separately, the U.S. Attorney's Office for the Southern District of New York unsealed its own charges against Shalon and Aaron, as well as a third Israeli citizen, 40-year-old Ziv Orenstein. In addition, prosecutors there announced indictments against Anthony R. Murgio, alleging he fraudulently operated the Florida-based Coin.mx Bitcoin exchange along with Shalon and through it further helped the conspiracy launder its illicit proceeds. Murgio was arrested in July 2015 and is facing prosecution in New York.

According to the Justice Department, between approximately 2007 and July 2015, Shalon owned and operated unlawful internet gambling businesses in the United States and abroad, and that he owned and operated multinational payment processors for illegal pharmaceutical suppliers, counterfeit and malicious software ("malware") distributors. The government further alleges that Shalon owned and controlled Coin.mx, an illegal United States-based Bitcoin exchange that operated in violation of federal anti-money laundering laws.

"Through their criminal schemes, between in or about 2007 and in or about July 2015, Shalon and his co-conspirators earned hundreds of millions of dollars in illicit proceeds, of which Shalon concealed at least $100 million in Swiss and other bank accounts," reads a statement issued by Preet Bharara, the United States Attorney for the Southern District of New York.

The government alleges that Shalon, Aaron and Orenstein operated their criminal schemes and laundered their criminal proceeds through at least 75 shell companies and bank and brokerage accounts around the world.  "The defendants controlled these companies and accounts using aliases, and by fraudulently using approximately 200 purported identification documents, including over 30 false passports that purported to be issued by the United States and at least 16 other countries," the Justice Department wrote.

The indictments charge that the defendants orchestrated a complex scheme to acquire substantial stakes in targeted companies, buying up large amounts of (low-priced) stocks. The government says the conspiracy tried to capitalize on price changes in those stocks prompted by events allegedly set in motion by the accused — such as so-called "reverse mergers" with shell companies that the men alleged set up, or via spam email blasts to customer lists stolen from the hacked brokerage firms that falsely touted the stocks in a bid to trick others into buying it.

Authorities say Murgio and Shalon tricked banks and credit card issuers into authorizing debit and credit card payment transactions to purchase Bitcoins through Coin.mx, by deliberately miscoding customer transactions as something else — such as purchases for wedding dresses and pet supply stores. Prosecutors also allege that Murgio and Shalon paid a small credit union in New Jersey $100,000 to install one of his co-conspirators on the bank's board of directors.

If all of this sounds like the script of a Hollywood movie, it should be a familiar script by now. The cybercrime kingpins whose work I detailed in my 2014 book Spam Nation were involved in all of the crimes alleged today by prosecutors in Atlanta and New York, including spamming rogue pharmaceutical sites, running scareware rackets, conducting pump-and-dump stock scams, and laundering illicit profits through huge networks of shell companies.

[rmstock]

this reads like :

Runner Runner (2013)
http://www.imdb.com/title/tt2364841/
  "Director: Brad Furman
   Writers: Brian Koppelman, David Levien
   Stars: Ben Affleck, Justin Timberlake, Gemma Arterton
   imdb rating 5.6/10 from 49,204 users  "

Rotten TOMATOMETER 8%
  "Critics Consensus: It has an impressive cast and an intriguing
   premise, but Runner Runner wastes them on a bland,
   haphazardly assembled thriller with very little payoff."

Critic Reviews for Runner Runner
  "The movie mostly wants to look timely and seem topical. Instead,
   it feels irrelevant.   Full Review... | October 4, 2013
   -- Rafer Guzman  Newsday * Top Critic   
   Five years from now, I can see this movie constantly
   slotted on networks like USA and TNT to fill the
   programming gaps. Full Review... | October 30, 2013
   -- Robert Kojder  What Culture"

Audience Reviews for Runner Runner
  "(**** out of 5) Good movie and interesting plot. Justin needs money
   for his Masters degree at Princeton. He uses an online casino but
   loses his money. He realises he has been cheated out of his money.
   He goes to Costa Rica to confront the casino tycoon Ben. Who
  offers him a job. Movie produced by Leonardo DiCaprio.
  -- Candy Rose * Super Reviewer"

[rmstock]

[ ... ]
Since 2007

Shalon began building his criminal conglomerate in 2007 with Internet casinos and capped it off with stock and credit-card schemes years later, according to the 68-page indictment against Shalon and others in Manhattan.

Shalon and his associates operated at least a dozen online "real money" casinos in the U.S. from 2007 until this year, raking in hundreds of millions of dollars in revenue and, in some months, millions in profit. By December 2013, Shalon was paying 270 casino employees in Hungary and Ukraine, the indictment said.

"Casino turnover" in October 2013 alone was $78.9 million, Shalon's associate Orenstein said in an e-mail. Profit for February 2015 totaled $7.29 million, another e-mail said.

To attract bettors, Shalon used "massive" e-mail campaigns. He also arranged to send promotional material through the regular mail to as many as 100,000 U.S. residents in more than 30 states.

Customer Data

All the while, Shalon was bent on crippling his rivals, the government said. He and his accomplices allegedly broke into other Internet gambling operations to steal customer data and orchestrated the hack of two firms that supplied software to online casinos.

By 2012, the government said, Shalon had grown so aggressive he was engineering cyber-attacks to incapacitate rival gambling sites "in response to perceived misconduct" directed at his own casinos.
[ ... ]
http://www.bloomberg.com/news/articles/2015-11-10/digital-don-accused-of-hacks-at-jpmorgan-dow-jones-over-8-years

All the above can be seen in Runner Runner.

[MikeWB]

rmstock, interesting! never heard of this movie. I guess fiction imitates reality, and vice versa.

[MikeWB]

After reading the criminal complaint, these guys were the closest thing to a real-word "Spectre" criminal  organization from James Bond films! Their reach was quite something and the level of rashness was over the top.