As many Hollywood fantasies tell it, bored teens and counterculture rebel types are the hackers we should fear. While these types might pose a threat somewhere in the spectrum, the truth is that hacking is a very big business, and it is a skill being utilized by some as a primary business model.
Yesterday, a major reminder of this fact emerged as United States federal prosecutors announced a variety of charges against three men that ran a vast digital crime syndicate. The operation generated hundreds of millions of dollars. The fascinating indictment covers 23 counts of crimes against three men based in Israel, including Ziv Orenstein, Samuel Aaron, and Gery Shalon.
The charges indicate that more than 100 actors in a dozen countries were part of the operation. The list of organizations victimized over the last 8 years includes such large financial industry names as Scottrade Financial Services, E Trade Financial, Fidelity Investments, JPMorgan, and Dow Jones.
The group is also accused of running online casinos, an illegal bitcoin exchange, pumping up stock prices, and processing payments for other cyber criminals. Through the use of at least 75 shell companies and fraudulent accounts, the organization is also charged with money laundering.
The operation was apparently headed by Shalon. Fake passports, countless aliases, and international banking accounts were used in order to hide activities. Many of the hacking operations were apparently performed by both Aaron and Shalon from a rented computer server based in Egypt. Anthony Murgio, named in a separate but related indictment, operated a wing of the operation that ran a bitcoin exchange service and orchestrated a takeover of a credit union in New Jersey, which was used to launder money.
The case is the result of a continued probe that first broke in July, when Shalon and Orenstein were arrested. Murgio was separately arrested thereafter. Aaron remains at large and has been featured on a wanted poster put out by the Federal Bureau of Investigations. The U.S. is seeking extradition of the culprits for trial in New York.
Reading through the list of victimized companies, it is clear that the levels of security that had to be breached in these cases were significant. That may prove worrisome for many that trust these types of institutions with information. Cybercrime is big business, and the disruption of this particularly bold operation is a sign of a digital investigation that culminated in a successful resolution. Still, many individuals and companies were victimized and the state of restitution as well as the efforts to investigate the matter may not be accounted for anytime soon.