11.5 C
London
Sunday, October 22, 2017

Trio Indicted in Massive JPMorgan Hack

The Heartbleed vulnerability helped in part to enable attackers to steal hundreds of millions of dollars. After a year of speculation about who was behind the massive attack against JPMorgan Chase in 2014, the U.S. Department of Justice is now naming names. The U.S. District Court for the Southern District of New York unsealed an indictment today naming Gery Shalon, Joshua Samuel Aaron and Ziv Orenstein as participating in the sprawling cyber-criminal enterprise that impacted millions of Americans and stole at least $100 million. Both Salon and Orenstein are citizens and residents of Israel, while Aaron is a U.S. citizen who resided in the United States, Israel and Russia. The 23-count indictment against the three men describes attacks against multiple firms, including Victim-1, which is JPMorgan. The other victims include Dow Jones, Scottrade and eTrade. According to the Department of Justice, from approximately 2012 to mid-2015, Shalon working with Aaron and others orchestrated the U.S. financial sector hacks, stealing personal information of more than 100 million customers of the victim companies. The single largest victim of the attacks is JPMorgan, which was first suspected of being attacked in August 2014. JPMorgan only publicly admitted that it had been attacked in a disclosure made in an 8-K U.S. Securities and Exchange Commission (SEC) filing in October, months after the attack. In its filing, JPMorgan reported that 76 million households and an additional 7 million small businesses were affected by the attack. "As set forth in the indictment, these three defendants perpetrated one of the largest thefts of financial-related data in history," Attorney General Loretta E. Lynch said in a statement. The attack against JPMorgan was not a one-off, simple affair. Rather, the indictment alleged that the attackers worked through at least 75 shell companies as well as myriad bank and brokerage accounts around the world to launder and manipulate funds. The Justice Department indictment provides granular detail on how the attackers were able to execute their criminal enterprise. Of particular note is the allegation that in April 2014 Shalon made limited use of the infamous Heartbleed OpenSSL vulnerability. The Heartbleed vulnerability, which is a flaw in the open-source OpenSSL cryptographic library, was first disclosed on April 7, 2014. "In April 2014, Shalon and his co-conspirators unlawfully accessed the network of Victim-2 by exploiting the so-called 'Heartbleed' vulnerability, which had, at that time, just been widely identified as a previously unrecognized security vulnerability that existed in computer network servers on a widespread basis," the indictment states. "While they succeeded in gaining access to Victim-2's network, shortly after they did so, Victim-2 recognized and repaired the Heartbleed vulnerability in its systems." Shalon, Orenstein and Aaron were first publicly identified in an FBI press release in July about charges made in connection with an elaborate money laundering scheme involving Bitcoin. At the time, there was media speculation that the arrests were related to the JPMorgan hack, though there was no official confirmation. Manhattan U.S. Attorney Preet Bharara called the attacks "hacking as a business model." "The alleged conduct also signals the next frontier in securities fraud—sophisticated hacking to steal nonpublic information, something the defendants discussed for the next stage of their sprawling enterprise," Bharara said in a statement. "Fueled by their hacking, the defendants' criminal schemes allegedly generated hundreds of millions of dollars in illicit proceeds." Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

‘A government right to hack and a risk to British business’...

The proposed Investigatory Powers Bill risks putting British technology companies at a financial disadvantage because customers won't want to use products the government has the right to hack into. There are also concerns surrounding the cost of inter...

Comcast Tells 200K Users to Reset Passwords in Security Threat

Hackers matched usernames and passwords on Comcast accounts with usernames and passwords they had obtained from past, shared hacks. Here's yet another example of why people need to use multiple passwords when handling transactions of any type on the Internet. Comcast, the largest cable television and Internet services provider in the United States with more than 28 million subscribers, revealed Nov. 9 that it has required about 200,000 of its customers to reset their passwords after the company discovered its information was being sold and resold online by black-market personal-information brokers. This particular mishap was not the result of a hacking event on Comcast's data stores. Instead, hackers matched usernames (in Comcast's case, usernames are email addresses) and passwords on Comcast accounts with usernames and passwords they had obtained from past, shared hacks of other companies.   Not only does this show how often people use the same username/email address and password for various different accounts, but it also is a first-rate example of how commoditized this type of stolen data has become. Virtually all of the username/email address and passwords that were compromised were obtained by online thieves who use readily available software to match the Comcast username and password with those from other accounts—such as from social networks, retail outlets and utilities—already stolen from the same users. Black-market dealers in stolen personal information such as this operate most often in networks called the dark Web. The dark Web is the colloquial term for the anonymized network enabled by Tor, proxies and other privacy-focused technologies; it is not available through the public Internet and can only be accessed through specific software. Sites and services on the dark Web range from collaboration platforms for whistle-blowers to stores selling illicit goods to hubs for darker criminal activities. The Comcast customers' email addresses and the passwords associated with those email addresses were offered for sale on the dark Web last weekend, the cable network said. The names were being sold as a list of 590,000 email-password combinations that the unnamed seller claimed belonged to Comcast customers, security Website CSO reported. The seller posted the asking price for the full list as $1,000, CSO said. When Comcast was alerted and checked the accounts, it determined that only about a third of the 590,000 combinations were legitimate, the company said. So, to protect those 200,000 customers, Comcast locked down their accounts over the weekend, which forced users to verify their identity and reset passwords. If those passwords hadn't been used in other accounts that had been hacked and the information shared among black-market brokers, the chances of the Comcast accounts being impacted by this sale would have been greatly lessened.

T-Mobile to give customers twice the data for the same price

T-Mobile CEO John Legere speaks at an Uncarrier press event last year. Josh MIller/CNET T-Mobile said on Tuesday that it will double the amount of data available to new and existing customers. The company previously offered plans with plans with 1 g...

Apple Music is for ‘everyone,’ even Android users

Apple released a pilot version of its streaming music service Apple Music for people who own devices made by its biggest competitors. Sarah Tew/CNET Apple's always orchestrated its music business to draw you in deeper, but now it's playing for a dif...

US tries, and fails, to block “import” of digital data that...

3D-printed dental aligners that violate patents relied on "import" of bits.

Will the real monkey who snapped those famous selfies please stand...

Even if apes could own copyrights, PETA is representing wrong monkey, publisher says.

See the bizarre full video of a Missouri media professor taunting...

So much for freedom of the press. (The lawn in question was public property.) YouTube video screenshot by Eric Mack/CNET The protest on the University of Missouri-Columbia campus that arguably started, grew and saw victory thanks to social media is ...

How extorted e-mail provider got back online after crippling DDoS attack

Hint: It had nothing to do with the $6,000 ransom it paid to the Armada Collective.

Best Buy tempts buyers with Black Friday deals

For Best Buy, Black Friday starts early this year. CNET Electronics chain Best Buy is trying to whet the appetite of holiday shoppers by revealing Black Friday deals, and it's already offering several products for sale. On Tuesday, the retailer laun...

Microsoft’s Nadella wants to reinvent how we use computers

Enlarge Image Microsoft sees a new future for you through devices like its HoloLens headset. Katie Collins LONDON -- Microsoft CEO Satya Nadella is on a mission to extend everyday personal computing beyond today's limits. Speaking at the company's ...