American prosecutors say they have identified the people involved in hacking JPMorgan Chase last year.
The Justice Department announced Tuesday that four men indicted for separate crimes in July are behind the enormous JPMorgan hack. The four men allegedly stole more than 80 million customers’ personal information.
The JPMorgan hack was “the largest theft of customer data from a U.S. financial institution in history,” according to the prosecutors.
Until now, nobody knew who did it — or why.
Law enforcement officials initially said the attacks came from hackers in Russia with loose ties to the Russian government.
But today’s announcement paints a different picture. The U.S. government now alleges that the hack was orchestrated by men involved in a pump-and-dump stock manipulation scheme.
Why did they hack a bank for a pump-and-dump scheme? Data breaches are information-gathering expeditions that yield sensitive data that’s extremely valuable to criminals. It’s possible that breaking into the bank gave them information to target specific people — and extra insight into the stock market.
The four men tied to the hack are Joshua Samuel Aaron, Anthony Murgio, Ziv Orenstein, and Gery Shalon, the Justice Department said.
Aaron, Orenstein and Shalon allegedly ran a fraudulent investment business. According to law enforcement, they would blast out misleading emails to dupe others into buying a company’s stock and quickly drive up it’s price. Then they would cash out before the inevitable crash.
Orenstein and Shalon were arrested by Israeli police on July 21 and remain in that country. American prosecutors are trying to extradite them to the United States.
Police didn’t catch Aaron, who remains a fugitive.
Then there’s Murgio. He was arrested in Tampa, Florida on the same day and charged with financial crimes. He was accused of operating an unlicensed online Bitcoin exchange out of Florida. At Coin.mx, you could trade cash for the digital currency. That electronic money is hard to trace, so it’s the way hackers like to get paid for doing illegal jobs.
It’s unclear what, if anything, these four men did to take part in the JPMorgan hack. So far, federal indictments only mention these other crimes.
But JPMorgan acknowledged to CNNMoney that it is the unidentified bank mentioned in these federal documents.
And JPMorgan wasn’t the only business that was hacked. The Justice Department said the wave of cyberattacks from this group included “several financial institutions, financial news publishers, and other companies.”
Sources have told CNNMoney that the FBI investigated hacks on 7 of the top 15 banks.
The U.S. attorney in the Southern District of New York, Preet Bharara, is expected to add details at a press conference Tuesday afternoon.
