Copyright 2015 NPR. To see more, visit http://www.npr.org/.

Transcript

KELLY MCEVERS, HOST:

Federal prosecutors have charged three men in a sprawling international cybercrime spree. The indictment alleges the defendants hacked JPMorgan Chase and other financial firms, and they did it to get basic contact information, like customer emails and phone numbers, information they could then use to build a target list for other crimes. NPR's Aarti Shahani has been following the story.

AARTI SHAHANI, BYLINE: The defendants are Gery Shalon and Ziv Orenstein, citizens of Israel, and Joshua Aaron, a U.S. citizen. Prosecutors in the Southern District of New York say that from 2012 to mid-2015, these men orchestrated a massive computer hacking scheme, a scheme so big it resulted in the largest theft of customer data from a U.S. financial institution in history.

(SOUNDBITE OF PRESS CONFERENCE)

PREET BHARARA: The defendants allegedly stole personal information for over 100 million customers, including any 83 million customers from one bank alone.

SHAHANI: U.S. Attorney Preet Bharara speaking at a press conference in New York this afternoon.

(SOUNDBITE OF PRESS CONFERENCE)

BHARARA: That bank was JP Morgan Chase, and it has disclosed itself.

SHAHANI: Defendants allegedly took advantage of the infamous Heartbleed Bug, a gaping hole in a really popular online software. They rented servers around the world - in the Czech Republic, South Africa, Brazil, Egypt - as a launch pad. Defendant Aaron allegedly had his own account, a customer account, with one of the companies he hacked. When his team wanted to use that account from Egypt, the company's cybersecurity system got suspicious and locked the account. Then Aaron just called customer service and asked them to unlock it. It was that simple.

(SOUNDBITE OF PRESS CONFERENCE)

BHARARA: The conduct alleged in this case showcases a brave new world of hacking for profit. It is no longer hacking merely for a quick payout. Rather, it is hacking in support of a diversified criminal conglomerate.

SHAHANI: What Bharara means is that defendants weren't just amassing emails for their own sake, they were doing it to build a list of targets for a classic pump-and-dump scheme. The defendants allegedly got a bunch of penny stocks, drove up the price, and then they mass emailed tens of millions of people whose contact they'd stolen and told them buy, buy, buy. So the point of hacking, Bharara says, was to feed this other criminal enterprise.

(SOUNDBITE OF PRESS CONFERENCE)

BHARARA: To get personal information for tens of millions of customers, people most likely to be engaged in significant stock trading.

SHAHANI: According to the indictment, an unidentified co-conspirator asked defendant Shalon if buying stock was really a popular thing to do in the U.S., and he responded, quote, "it's like drinking freaking vodka in Russia." The crime ring also allegedly lied to victims who asked hey, how'd you get my email or number, anyway? The criminals would say oh, it was in our investors' database.

(SOUNDBITE OF PRESS CONFERENCE)

BHARARA: In a way, it was securities fraud on cyber-steroids.

SHAHANI: Today's news conference was orchestrated in part to show how different law enforcement agencies can actually work together. The FBI and Secret Service both had spokespeople there. They got evidence from 11 countries. The Israeli National Police and Ministry of Justice were key partners. And for private companies, prosecutor Bharara says, this case is proof that you've got to do more than protect just bank account numbers and credit card numbers.

(SOUNDBITE OF PRESS CONFERENCE)

BHARARA: Companies need to do a better job of protecting all the information that they have because even information like email addresses and location information can be used for devious purposes and mischievous purposes.

SHAHANI: Defendants Shalon and Orenstein are in custody in Israel, facing extradition to the U.S. Defendant Aaron is at large. Aarti Shahani, NPR News. Transcript provided by NPR, Copyright NPR.

300x250 Ad

Support quality journalism, like the story above, with your gift right now.

Donate