Data Breach , Fraud

Third Alleged Hacker Arrested in Chase Breach

American Who Had Been Living in Russia Faces Multiple Charges
Third Alleged Hacker Arrested in Chase Breach

A third suspect alleged to be responsible for the 2014 JPMorgan Chase data breach, which resulted in the compromise of data linked to more than 83 million customers, was arrested Dec. 14 after voluntarily returning to the U.S. from Russia, according to The Associated Press and other news media reports.

See Also: Defend Against Spear Phishing: Encouraging Developments Gaining Momentum

Joshua Samuel Aaron, 32, who also goes by the alias "Mike Shields," was arrested at JFK International Airport after waiving extradition and asylum in Russia "to responsibly address the charges," Aaron's attorney, Benjamin Brafman, told AP.

Aaron, a U.S. citizen, had been living in Moscow, the U.S. Attorney for the Southern District of New York announced Wednesday. Now he, along with co-defendants Gery Shalon and Ziv Orenstein, who were both arrested by Israeli authorities in July 2015 and extradited to the U.S. in June 2016, face charges that include securities fraud, wire fraud, market manipulation, identification document fraud, aggravated identity theft and money laundering (see Israel to Extradite Alleged Chase Hackers).

Aaron and Shalon also have been charged with computer hacking.

If convicted on all counts, all three men could be sentenced to more than 100 years in prison.

Waging Cyberattacks

All three were charged last November, accused of orchestrating and waging cyberattacks between 2012 and mid-2015 that compromised Chase and 11 other U.S. banks and financial services firms. The Chase breach resulted in the compromise of contact information, including names, addresses, phone numbers and email addresses, linked to 76 million households and 7 million small businesses.

"Joshua Samuel Aaron allegedly worked to hack into the networks of dozens of American companies, ultimately leading to the largest theft of personal information from U.S. financial institutions ever," says U.S. Attorney Preet Bharara. "For pursuing what we have called 'hacking as a business model,' and thanks to the efforts of the FBI and the U.S. Secret Service, Aaron will now join his co-defendants to face justice in a Manhattan federal courtroom."

Tracking Down Hackers

One cybersecurity expert says the arrest reflects law enforcement's increasing effort to track hackers and more swiftly bring them to justice.

"The investigative techniques and abilities of law enforcement to sniff out the trail of cybercriminals these days, despite obfuscation techniques, continues to get better, and it only takes one mistake to get caught," says Chris Pierson, general counsel and CISO at payments and invoicing provider Viewpost.

Still, many cybercriminals continue to elude justice, he adds. "While we see many notable arrests with larger incidents, the abilities of most cybercriminals to avoid arrest and prosecution remains the biggest hurdle for ecommerce," Pierson says. "Cybercriminals are always looking for the easy targets and exploits to penetrate a company. These opportunities that allow entry can come quickly."


About the Author

Tracy Kitten

Tracy Kitten

Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

A veteran journalist with more than 19 years' experience, Kitten has covered the financial sector for the last 13 years. Before joining Information Security Media Group in 2010, where she now serves as director of global events content and executive editor of BankInfoSecurity and CUInfoSecurity, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network