НОВИЯ СВЯТ НА КИБЕР ПРЕСТЪПЛЕНИЯТА – КОГАТО ХАКЕРСТВОТО СТАВА ГОЛЯМ БИЗНЕС
В ранните си
години хакерството наподобяваше Дивия запад.
В тези времена, отделни хакери предизвикваха
хаос, където, когато и както могат – напр. чрез „открадване” на номерата
на кредитни карти или информация / данни
за банковите сметки на нищо неподозиращите жертви.
В днешно време
хакерството е доста по сложно и усъвършенствано. В последно време се
наблюдава значително разнообразяване в подходите
за постигане на печалби чрез хакерство – тази нова тенденция на практика
съпровожда изцяло кибер престъпленията в последните години.
НАЙ-ГОЛЕМИЯ СЛУЧАЙ НА КИБЕР ХАКЕРСТВО ВЪВ ФИНАНСОВИЯ
СЕКТОР НА САЩ
През м. ноември, 2015, Министерството на
правосъдието на САЩ публикува съобщение, относно предявяването на обвинение към
трима души, в което се съобщава за най-големия случай на кибер хакерство във
финансовия сектор на САЩ. (Обвинението
представено по-долу)
В съответсвие с
предявеното обвинение, в периода 2012 до 2015, тримата предполагаеми престъпни
конспиратори Гери Шалон, Зив Оренщейн и Джошуа Самуел Аарон (на свобода, към
момента на публикуване на съобщението на Министерството на правосъдието на
САЩ) са приложили хакерска схема,
насочена към финансовия сектор – като най-голямата им цел е била JP Morgan. За тях се
предполага, че са откраднали персонална информация за повече от 100 милиона потребители, чрез пробиви с
системите за данни, като впоследствие са използвали тази информация в интерес на различни
престъпни организации.
В допълнение към
хакерските действия към различни големи банки, тримата нападатели също са
„прали” пари, организирали са нелегални търговски операции с Bitcoin, а също са
пуснали в действие нелегални online игрални
домове (казина). Те са използвали откраднатите
имената и e-mail адресите
им, придобити от финансови институции, за да се свържат с неволни жертви и да
ги убедят да купуват акции (с изкуствено
надути стойности) по класическата измамна схема "помпай и зарязвай".
НОВИТЕ КИБЕР ПРЕСТЪПНИЦИ
В много случаи,
съвременните кибер престъпници не са
хакери с високо технологични познания. Вместо това, те използват своите бизнес знания, с цел усъвършенстване на хакерските
схеми. На практика те предпочитат да прехвърлят „чисто” хакерските действия от
себе си на други, неизвестни изпълнители. По този начин хакерството се превръща
от просто, бързо печелене на пари в действие за поддръжка на различни престъпни
групировки.
Едно от доказателствата за новия свят на кибер престъпленията е
повдигнатото обвинение от Министъра на правосъдието на САЩ и Областния прокурор
на Манхатън за проникване в мрежите на финансови институции на САЩ и др.
компании (публикувано по-долу)
Department
of Justice
Office
of Public Affairs
FOR IMMEDIATE RELEASE
Tuesday, November 10, 2015
Attorney
General and Manhattan U.S. Attorney Announce Charges Stemming from Massive
Network Intrusions at U.S. Financial Institutions, U.S. Brokerage Firms, Major
News Publications and Other Companies
Breaches Included the Largest Theft of Customer Data from a U.S.
Financial Institution in History
Defendants Hacked in Furtherance of Securities Market
Manipulation Schemes, and Vast Gambling and Payment Processing Schemes
Attorney General
Loretta E. Lynch, U.S. Attorney Preet Bharara of the Southern District of New
York, Assistant Director in Charge Diego Rodriguez of the FBI’s New York Field
Office and Special Agent in Charge Robert J. Sica of the U.S. Secret Service
(USSS) New York Field Office announced today the unsealing of a superseding
indictment charging Gery Shalon, aka “Garri Shalelashvili,” “Gabriel,” “Gabi,”
“Phillipe Mousset” and “Christopher Engeham,” with orchestrating massive
computer hacking crimes against U.S. financial institutions, brokerage firms
and financial news publishers, including the largest theft of customer data
from a U.S. financial institution in history (the U.S. Financial Sector
Hacks). Shalon is charged with committing these crimes with Joshua Samuel
Aaron, aka “Mike Shields,” in furtherance of securities market manipulation
schemes that Shalon and Aaron perpetrated with defendant Ziv Orenstein, aka
“Aviv Stein” and “John Avery” in the United States.
As alleged, Shalon also
orchestrated computer network hacks and cyberattacks in furtherance of other
major criminal schemes, including unlawful internet casinos and illicit payment
processors which Shalon operated with Orenstein. Shalon also owned and
controlled an illegal U.S.-based Bitcoin exchange known as Coin.mx.
Shalon and Orenstein were arrested in July 2015 by the Israel Police on an
indictment that charged the underlying securities fraud, and they remain in
custody in Israel pending extradition on those charges. The U.S.
Attorney’s Office will seek their extradition to stand trial in the United
States on the additional charges announced today. Aaron remains at
large. Also announced today is the unsealing of a separate indictment
charging Anthony R. Murgio with operating Coin.mx in the United States, and
related crimes. Murgio, who was arrested on a complaint in July 2015,
will be arraigned before the Honorable Alison J. Nathan.
“As set forth in
the indictment, these three defendants perpetrated one of the largest thefts of
financial-related data in history – making off with the sensitive information
of literally thousands of hard-working Americans,” said Attorney General
Lynch. “These charges were made possible in large part because those
victims came forward and worked with the Department of Justice to hold the
perpetrators accountable. In an age when enormous quantities of vital
information are stored in digital format on potentially vulnerable
Internet-connected devices, public-private partnerships and information-sharing
are more critical than ever. The Department of Justice is committed to
protecting the financial data of all our citizens and the financial integrity
of our institutions. I’d like to thank the prosecutors and law
enforcement professionals who worked tirelessly on this case, and the victims
who offered their full cooperation with law enforcement to make these criminal
charges possible.”
“Today, we have
exposed a cybercriminal enterprise that for years successfully and secretly
hacked into the networks of a dozen companies, allegedly stealing personal
information of over 100 million people, including over 80 million customers
from one financial institution alone,” said U.S. Attorney Bharara. “The
charged crimes showcase a brave new world of hacking for profit. It is no
longer hacking merely for a quick payout, but hacking to support a diversified
criminal conglomerate. This was hacking as a business model. The
alleged conduct also signals the next frontier in securities fraud –
sophisticated hacking to steal nonpublic information, something the defendants
discussed for the next stage of their sprawling enterprise. Fueled by
their hacking, the defendants’ criminal schemes allegedly generated hundreds of
millions of dollars in illicit proceeds. Even the most sophisticated
companies – like those victimized by the hacks in this case – have to
appreciate the limits of their ability to uncover the full scope of any
cyber-intrusion and to stop the perpetrators before they strike again. If
they have been hacked, most likely others have been as well, and even more will
be. The best bet to identify, stop and punish cybercriminals is to work
closely, and early, with law enforcement. That happened here, and today’s
charges are proof of that.”
“Shalon, Aaron and
their co-conspirators allegedly robbed victim companies, often for months at a
time, stealing the contact information of tens of millions of customers,” said
Assistant Director in Charge Rodriguez. “They cloaked themselves in
secrecy, but their methods rivaled those of the traditional masked
robber. Today’s indictment sheds light on an increasingly complex
threat. But just as criminals continue to develop relationships with one
another in order to advance their objectives, the law enforcement community has
developed a collaborative approach to fighting these types of crimes.”
“This investigation is
indicative of the sophistication and complexity of cybercrime and the
transnational criminal organizations that are responsible for it,” said Special
Agent in Charge Sica. “Transnational cybercriminal organizations operate
with impunity regardless of national borders as these criminal organizations
seek to profit from information stolen through the unauthorized access to
victims’ networks. Through the U.S. Secret Service global network of
Electronic Crimes Task Forces, our field offices located overseas and the close
cooperation of our foreign law enforcement partners, no cybercriminal is beyond
our reach. We will remain relentless in pursuing these criminals wherever
they may reside.”
According to the
allegations contained in the superseding indictment[1]:
From approximately
2012 to mid-2015, Shalon, working with Aaron and others, orchestrated the U.S.
Financial Sector Hacks, stealing personal information of over 100 million
customers of the victim companies. Among these, their network intrusion
at one bank (Victim-1) resulted in the theft of personal information of over 80
million Victim-1 customers, making it the largest theft of customer data from a
U.S. financial institution in history. Shalon, Aaron and their
co-conspirators engaged in these crimes in furtherance of other criminal
schemes. In particular, in an effort to artificially manipulate the price
of certain stocks publicly traded in the United States, Shalon and his
co-conspirators sought to market the stocks, in a deceptive and misleading
manner, to customers of the victim companies whose contact information they had
stolen in the intrusions.
In addition to
directing the U.S. Financial Sector Hacks, Shalon directed computer network
hacks and cyberattacks against numerous companies outside of the financial
sector. Shalon and his co-conspirators engaged in these crimes in furtherance
of large-scale criminal businesses that Shalon and Orenstein operated in the
United States and other countries. In particular, between approximately
2007 and July 2015, Shalon owned and operated unlawful internet gambling
businesses in the United States and abroad; owned and operated multinational
payment processors for illegal pharmaceutical suppliers, counterfeit and
malicious software (malware) distributors, and unlawful internet casinos; and
owned and controlled Coin.mx, an illegal U.S.-based Bitcoin exchange that
operated in violation of federal anti-money laundering laws. Nearly all
of these schemes, like Shalon’s securities market manipulation schemes, relied
for their success on computer hacking and other cybercrimes committed by Shalon
and his co-conspirators.
Through their criminal
schemes, between in or about 2007 and in or about July 2015, Shalon and his
co-conspirators earned hundreds of millions of dollars in illicit proceeds, of
which Shalon concealed at least $100 million in Swiss and other bank accounts.
Shalon, Aaron,
Orenstein and their co-conspirators operated their criminal schemes, and
laundered their criminal proceeds, through at least 75 shell companies and bank
and brokerage accounts around the world. The defendants controlled these
companies and accounts using aliases, and by fraudulently using approximately
200 purported identification documents, including over 30 false passports that
purported to be issued by the United States and at least 16 other countries.
The U.S. Financial
Sector Hacks
Between approximately
2012 and August 2014, Shalon and a co-conspirator (CC-1), working at times with
Aaron, executed the hacks of the computer networks of Victims 1 through
9. Among other things, in foreign-language electronic communications,
during these hacks, Shalon bragged about the size and scope of his securities
market manipulation schemes and described to CC-1 his use of the stolen data in
furtherance of those schemes. Shalon and CC-1 also discussed expanding
their network intrusions to encompass thefts of material non-public information
from the financial institutions and other firms they were hacking.
The Securities Market
Manipulation Schemes
Since 2011, Shalon,
Aaron, Orenstein and their co-conspirators orchestrated multimillion-dollar
stock manipulation – or “pump and dump” – schemes to manipulate the price and
trading volume of dozens of publicly traded microcap stocks (penny stocks) in
order to enable members of the conspiracy to sell their holdings in those
stocks at artificially inflated prices. In some instances, Shalon and
Aaron caused the companies to become publicly traded in furtherance of the
scheme. To do so, Shalon caused privately held companies to engage in
“reverse mergers” with publicly traded shell corporations Shalon
controlled. Orenstein managed bank and brokerage accounts used in
furtherance of the schemes under aliases that he supported with false passports
and other false personal identification information.
To artificially
manipulate the trading volume and prices of dozens of stocks, among other
things, at pre-arranged times, Shalon and Aaron disseminated materially
misleading, unsolicited messages by various means – including by email (spam)
to up to millions of recipients per day – that falsely touted the stock in
order to trick others into buying it. Shalon and Aaron engaged in the
U.S. Financial Sector Hacks in part to acquire email and mailing addresses,
phone numbers and other contact information for potential victims to whom they
could send such deceptive communications. Shalon and his co-conspirators
generated tens of millions of dollars in unlawful proceeds from the securities
market manipulation schemes.
The Unlawful Internet
Gambling Schemes, Hacks and Cyberattacks
From at least in or about
2007 up to and including in or about July 2015, Shalon, Orenstein and their
co-conspirators operated unlawful internet casinos in the United States and
elsewhere through hundreds of employees in multiple countries. In the
United States, the defendants knowingly operated at least 12 unlawful internet
casinos (the Casino Companies) which, through their websites, offered
real-money casino gambling in violation of federal law and the laws of numerous
states, including New York state. Through the Casino Companies, Shalon,
Orenstein and their co-conspirators generated hundreds of millions of dollars
in unlawful income.
In furtherance of his
unlawful internet gambling schemes, Shalon and his co-conspirators engaged in
massive hacks and cyberattacks against other internet gambling businesses to
steal customer information, secretly review executives’ emails and cripple
rival businesses. For example, Shalon orchestrated network intrusions of
Victims-10 and -11, companies that provided operating software to Shalon’s
internet casinos. In doing so, Shalon sought to, and did, secretly obtain
access to the email accounts of senior executives at both companies to ensure
that the companies’ work with Shalon’s competitors did not compromise the
success of Shalon’s unlawful internet gambling businesses.
The Illicit Payment
Processing Scheme and Hack
From at least in or
about 2011 until in or about July 2015, Shalon, Orenstein and their
co-conspirators operated IDPay and Todur, multinational payment processors for
criminals who sought to receive payments by credit and debit card in
furtherance of their unlawful schemes. Through these payment processors,
Shalon, Orenstein and their co-conspirators knowingly processed credit and
debit card payments for, at a minimum, unlawful pharmaceutical distributors,
purveyors of counterfeit and malicious purported “anti-virus” computer
software, their own unlawful internet casinos and Coin.mx, an illegal
U.S.-based Bitcoin exchange owned by Shalon. In doing so, Shalon,
Orenstein, and their co-conspirators knowingly processed hundreds of millions
of dollars in transactions for criminal schemes, for which they earned a
percentage of every transaction.
Beginning in or about
2012, Shalon and his co-conspirators hacked into the computer networks of
Victim-12, a U.S. company which assessed merchant risk and compliance for
credit card issuers and others, including by detecting merchants that accepted
credit card payments for unlawful goods or services. Thereafter, on an
ongoing basis, Shalon and his co-conspirators monitored Victim-12’s detection
efforts, including by reading emails of Victim-12 employees, so they could take
steps to evade detection by Victim-12 of their unlawful payment processing
scheme.
The Unlawful Bitcoin
Exchange
From in or about 2013
to in or about July 2015, Shalon knowingly owned Coin.mx, which was operated by
Murgio in the United States at Shalon’s direction in violation of federal
anti-money laundering (AML) registration and reporting laws and
regulations. Through Coin.mx, Shalon, Murgio and their co-conspirators
enabled their customers to exchange cash for Bitcoins, charging a fee for their
service. In total, between approximately October 2013 and July 2015,
Coin.mx exchanged millions of dollars for Bitcoins on behalf of its customers.
*
*
*
Shalon, 31, of Savyon, Israel; Aaron, 31, a
U.S. citizen who resides in Moscow; and Tel Aviv; and Orenstein, 40, of Bat
Hefer, Israel, are charged with the following offenses, which carry the maximum
prison terms listed below:
|
Count
|
Defendants
|
Charge
|
Maximum Prison Term
|
|
One
|
Shalon and Aaron
|
Conspiracy to Commit Computer Hacking
|
five years
|
|
Two
|
Shalon and Aaron
|
Computer Hacking
|
five years
|
|
Three
|
Shalon and Aaron
|
Computer Hacking
|
five years
|
|
Four
|
Shalon, Aaron and Orenstein
|
Conspiracy to Commit Securities Fraud
|
20 years
|
|
Five
|
Shalon, Aaron and Orenstein
|
Conspiracy to Commit Wire Fraud: Securities
Market Manipulation Scheme
|
20 years
|
|
Six to 12
|
Shalon, Aaron and Orenstein
|
Securities Fraud
|
20 years
|
|
13
|
Shalon, Aaron and Orenstein
|
Wire Fraud
|
20 years
|
|
14
|
Shalon, Aaron and Orenstein
|
Identification Document Fraud Conspiracy
|
20 years
|
|
15
|
Shalon, Aaron and Orenstein
|
Aggravated Identity Theft
|
Mandatory two years
|
|
16
|
Shalon and Orenstein
|
Unlawful Internet Gambling Enforcement Act
Conspiracy
|
five years
|
|
17
|
Shalon and Orenstein
|
Unlawful Internet Gambling Enforcement Act
|
five years
|
|
18
|
Shalon and Orenstein
|
Operation of Illegal Gambling Business
|
five years
|
|
19
|
Shalon and Orenstein
|
Conspiracy to Commit Wire Fraud: Unlawful
Payment Processing
|
20 years
|
|
20
|
Shalon
|
Conspiracy to Operate an Unlicensed Money
Transmitting Business
|
five years
|
|
21
|
Shalon
|
Operation of an Unlicensed Money
Transmitting Business
|
five years
|
|
22
|
Shalon, Aaron and Orenstein
|
Money Laundering Conspiracy: Securities
Market Manipulation Scheme
|
20 years
|
|
23
|
Shalon, Aaron and Orenstein
|
Money Laundering Conspiracy: Internet
Gambling and Payment Processing Schemes
|
20 years
|
For his alleged
conduct, Murgio, 31, of Tampa, Florida, is charged with the following offenses:
conspiracy to operate an unlicensed money transmitting business, which carries
a maximum prison term of five years; operation of an unlicensed money
transmitting business, which carries a maximum prison term of five years;
conspiracy to make corrupt payments with intent to influence an officer of a
financial institution, which carries a maximum prison term of five years;
making corrupt payments with intent to influence an officer of a financial
institution, which carries a maximum prison term of 30 years; conspiracy to
commit wire fraud, which carries a maximum prison term of 20 years; wire fraud,
which carries a maximum prison term of 20 years; and money laundering, which
carries a maximum prison term of 20 years.
The maximum potential
sentences in this case are prescribed by Congress and are provided here for
informational purposes only, as any sentencing of the defendants will be
determined by the judge.
U.S. Attorney Bharara
praised the investigative work of the FBI and the USSS, and expressed his
sincere gratitude to the Office of the State Attorney of the Israel Ministry of
Justice’s Department of International Affairs and the Israel National Police,
Cyber Unit - Lahav 433, for their support and assistance with the investigation
and the ongoing extradition proceedings. He also thanked the U.S.
Securities and Exchange Commission, U.S. Immigration and Customs
Enforcement-Homeland Security Investigations, the Financial Industry Regulatory
Authority, the National Credit Union Administration, the Justice Department’s
Office of International Affairs and the Financial Services Information Sharing
and Analysis Center, which significantly aided the investigation by
facilitating information-sharing among the victim institutions.
The prosecution of
this case is being overseen by the U.S. Attorney’s Office of the Southern
District of New York’s Complex Frauds and Cybercrime Unit. Assistant U.S.
Attorneys Nicole Friedlander, Eun Young Choi and Sarah Lai of the Southern
District of New York are in charge of the prosecution. Assistant U.S.
Attorney Edward Diskant of the Southern District of New York’s Money Laundering
and Asset Forfeiture Unit is in charge of the forfeiture aspects of the case.
The charges contained
in the indictment are merely accusations, and the defendants are presumed
innocent unless and until proven guilty.
[1] As the introductory phrase signifies,
the entirety of the text of the superseding indictment and the description of
the indictment set forth herein constitute only allegations, and every fact
described should be treated as an allegation.
