There is a growing acceptance that the online criminal element is evolving faster than legitimate cyber sources. This has been made more apparent now that the JP Morgan Chase data debacle is being unbundled in court. One of the world's biggest and most storied banks has been identified as the primary victim in a case related to cyber-criminals. The bank headquartered in New York City reportedly had the details of over 80 million of its clients stolen from its data systems, making it one of the largest data breaches in history.
Three of the four men in the criminal indictment are named as Israeli citizens Gery Shalon, Ziv Orenstein and Joshua Samuel Aaron, an American. Anthony Murgio was charged with running an illicit cryptocurrency trading operation. Prosecutors claim that the defendants were conducting 'security fraud on steroids'. The trio used the stolen data to source victims. Joshua Aaron had a legitimate account with JP Morgan, this was used as an entry-point to gain access to details pertaining to other customers who invested in stocks. Three of the men charged are alleged to be experienced criminals but not versed in computer hacking techniques. They were able to purchase malware that was necessary for their goals on the darknet. The trio took their time to harness the information but it proved profitable as they were able to extract information relating to over 100 million people, from multiple sources with the bulk coming from JP Morgan Chase.
They made use of their social engineering skills to cold-call their victims (of whom there were many to choose from, courtesy of their 100 million person haul) and pressured them into purchasing otherwise worthless shares. The gang banked on their ability to force enough people to purchase their shares, thus increasing the value of their holdings, at which point they would cash out. News outlets were also manipulated in order to create a buzz (and increase profit) for the group's securities.
The alleged criminals are said to have used the proceeds from the securities fraud scheme to fund other ventures, including an online casino.
This latest revelation of a vast and diversified criminal conglomerate once again exemplifies how lucrative centralized systems of consumer data are to hackers and opportunists looking for easy profits. Many banks seemingly struggle to maintain counter-party risk systems, this puts consumer information at risk. The internet makes it easier for illicit remote access to happen, cross-border crime is now as easy as breaking into the house next door. The alleged fraudsters in this case made use of a server in Egypt that was rented under an alias and computers in South Africa and Brazil. While not being computer experts, they were savvy enough to launder their money in Cyprus via the internet. There were also some illegal credit card payments in Azerbaijan, also processed online. Prosecutors have claimed that the criminals made hundreds of millions in profit. It has been suggested that some members of the scheme remain at large, completely undetected by law enforcement.
0 comments:
Post a Comment