Fraud Management & Cybercrime , Incident & Breach Response , Managed Detection & Response (MDR)

Israel to Extradite Alleged Chase Hackers

A Positive Step in Cross-Border Efforts to Fight Cybercrime
Israel to Extradite Alleged Chase Hackers

Israel will reportedly extradite two suspects who were indicted last year for their alleged connection to cyberattacks that breached JPMorgan Chase, Fidelity Investments Ltd., E*Trade Financial and others, as well as fraud schemes against the New Stock Exchange.

See Also: Gartner Guide for Digital Forensics and Incident Response

Cybersecurity experts say this is the latest example of how cross-border collaboration to bring cybercriminals to justice is improving. "This is a leap forward for Israeli and U.S. relations," says Tom Kellermann, CEO of security firm Strategic Cyber Ventures. "There has been collaboration in the past, but limited."

On May 9, Israeli authorities agreed to extradite Israeli nationals Gery Shalon and Ziv Orenstein, who were arrested in July 2015, to face charges in the U.S. that include wire fraud, document fraud, securities fraud, aggravated identity theft and money laundering, according to The Times of Israel.

The third person indicted in the case last year, U.S. citizen Joshua Samuel Aaron, remains at large.

The Israeli newspaper report does not indicate when the suspects will be extradited. Israel's Justice Ministry did not respond to Information Security Media Group's request for information; and the U.S. Attorney's office in Manhattan, which requested the extradition, said it would only comment once the extraditions are, in fact, in motion.

Cross-Border Cooperation

Cooperating on cases such as this improves relations among the U.S. and other nations, even for countries like Israel, which already have strong relationships with the U.S., says financial fraud expert Avivah Litan, an analyst at consultancy Gartner.

"Israel needs to accommodate these types of U.S. requests in order to continue benefiting from being a U.S. ally and 'strategic partner,'" Litan says. "However, it could be drawn out, depending on what Israel is trying to extract in return from the U.S. Otherwise, I think we would have seen some kind of date spoken about with regards to this extradition."

Litan notes that cross-border collaboration has played a significant role in other recent cybercrime cases.

For example, in June 2015, a Turkish man who allegedly masterminded a string of ATM cash-out attacks in the U.S. was extradited from Germany (see Feds Extradite 'Most Wanted' ATM Hacker).

Similar extraditions deals have in recent years been struck with authorities in Malaysia, Spain and Holland.

The Scheme

In the scheme involving Shalon, Orenstein and Aaron, the three are believed to have used customer contact information stolen from Chase and other financial firms to run spam campaigns that fueled demand for the publicly traded stocks they owned. While the indictment for the scheme does not mention this alleged connection, Bloomberg reported last year that an unnamed person familiar with the investigation said authorities suspected the Chase breach and others were connected to the scheme.

Between 2012 and 2015, Shalon, Orenstein and Aaron allegedly ran a pump-and-dump stock scheme that artificially inflated or "pumped" the prices of penny stocks they owned just before they turned around and "dumped" the stocks, netting them at least $2.8 million in illegal profits, according to the 11-count indictment filed against them last summer by the Manhattan U.S. Attorney's office.

The indictment accuses the suspects of using a variety of false identities to open bank and brokerage accounts in the United States, and operating a network of shell companies registered in the United Kingdom, British Virgin Islands and Cyprus. "Aaron acted as the scheme's 'front-man,' communicating with U.S.-based co-conspirators and others at the direction of Gery Shalon," according to the indictment. It says those co-conspirators, who were not named in the indictment, were based in New Jersey and Florida.

"As alleged, the defendants manipulated trading in U.S. securities from overseas, using fake identities to funnel millions of dollars in unlawful proceeds through a web of international shell companies," Manhattan U.S. Attorney Preet Bharara noted in a July 2015 statement. "Using false and misleading spam emails sent to millions of people, these defendants allegedly directed their pump-and-dump scheme from their computers halfway around the world."

In a second indictment announced last November, Shalon, Orenstein and Aaron were accused of being linked to cyberattacks that affected Chase and 11 other U.S. banks and financial services firms (see Charges Announced in JP Morgan Chase Hack). The Chase breach resulted in the compromise of contact information, including names, addresses, phone numbers and email addresses linked to 76 million households and 7 million small businesses (see Report: Spammers Tied To JPMorgan Chase Hack).

Chase declined to comment about this most recent news related to Shalon and Orenstein's reported extradition. E*Trade and Fidelity Investments did not respond to Information Security Media Group's request for comment.


About the Author

Tracy Kitten

Tracy Kitten

Former Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years of experience, she covered the financial sector for over 10 years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.