🔑 Key Takeaways
- With the rise of the internet comes the rise of cyber-criminals, who can operate anonymously and without repercussions. Businesses must take cybersecurity seriously and investigate any report of a breach, as the risk of not doing so could be catastrophic.
- Implement strong security measures, such as two-factor authentication, to protect sensitive data and access to networks. Avoid reusing passwords and regularly update systems with the latest security features to prevent breaches.
- Companies must reinforce cybersecurity measures and be aware of potential geopolitical tensions spilling over into the financial world. The loss of key personnel can make companies vulnerable to cyberattacks, even with tough security measures in place.
- Biases can impact cybersecurity investigations, causing conflicts between private and military sectors. The for-profit nature of cybercrime makes it a greater concern for the private sector, which can also face complications from storage and politics.
- Financial institutions need to implement stronger security measures to protect their customers' information from cyber attackers who often rent servers on opposite sides of the planet, as seen in the 2014 breach of several major banks. Hackers can be caught, as proven by the arrest of two Israeli men linked to the JPMorgan Chase hack.
- The arrests of Murgio and Lebedev shed light on how hackers attempted to break into major US banks and steal valuable customer database records. This attack shows the importance of strong cybersecurity measures.
- Pump-and-dump is an illegal market manipulation scam where fraudsters use false information to temporarily inflate stock prices and then sell them at a higher price. Be wary of investment opportunities that seem too good to be true.
- Pump-and-dump scams involve creating a fake market for a stock and then selling it off for a profit. It's important to be wary of unsolicited investment advice and research before investing.
- Greed and unethical behavior in running an online casino empire can lead to a sudden collapse. Involvement in a massive hack could also result in arrests and legal consequences.
- Hackers use shell companies and fraudulent documents to steal and launder money. Fake goods and services, along with online payment processing companies, enable them to avoid scrutiny and appear legitimate.
- Money laundering through online casinos is a complicated and illegal process involving fake identities, multiple bank accounts, and coded transactions. However, eventually, authorities will catch up with criminals involved in illegal operations.
- Hackers can gain access through regular logins and remain undetected for years, which highlights the importance of constant monitoring and security updates to prevent data breaches.
- Cybercrime is not just about stealing data and disrupting networks, but can also be used to manipulate search rankings, drive out competition, and cheat players. The reliance on technology in online gambling makes it especially vulnerable to such malicious activities.
- Unethical practices in business can lead to severe consequences, and authorities must aggressively investigate suspicious activity to protect the integrity of the industry. Informants and whistleblowers can play a crucial role in exposing criminal activities.
- The search for a high-level Russian hacker who targeted a US businessman led to the extradition and charges against Andrei Tyurin, despite his protest of innocence and possible FSB backing.
- The greed and desperation of the hackers led to a destructive empire, with one pleading guilty and being sentenced to 12 years in prison. The hack into JPMorgan Chase was just one aspect of their illegal schemes.
📝 Podcast Summary
The Dark Side of the Internet: How Cyber-Criminals Operate Under the Radar
The internet has made it easier for businesses and entrepreneurs to find good help and customers, but it has also benefited the criminal underworld, making it easier for cyber-criminals to execute their elicit agendas. It is almost impossible to catch a cyber-criminal as hacking is done under the cover of the internet, making it the perfect crime with no traces of the perpetrator. Companies, especially financial institutions like JPMorgan Chase, invest heavily in cybersecurity and IT security, and any report claiming a breach in security should be taken seriously, including a report by Hold Security on the massive credential dump on the darkweb. It may be hard to trust such claims, but the risk of not investigating could be much worse.
JPMorgan Chase Hack: Lessons Learned
JPMorgan Chase was hacked when their website for employees to register for a charity race called Corporate Challenge was breached. The hosting company for the site, Simmco Data Systems, was also breached which gave hackers access to JPMorgan's servers. Hackers used stolen credentials to log into an old employee benefits server on the network, which had not been updated with the latest security features or two-factor authentication. Many employees also used the same passwords for multiple sites, making the network vulnerable to attack. Two-factor authentication could have prevented further access into the network. The hackers created a back door into the JPMorgan Chase network, emphasizing the importance of strong security measures in protecting sensitive data.
Russian Hacking Attack on JPMorgan Chase in 2014
Russian hackers breached JPMorgan Chase's networks and stole 83 million personal identifiable records of US customers in 2014, which were associated with 60% of all US households. The attack was believed to be the retaliation for western sanctions against Russia for annexing Crimea from Ukraine. JPMorgan Chase lost a lot of staff in the previous months, including the chief information officer and chief of security, making them more vulnerable to cyberattacks. Even though the banks have tough security measures, hackers can still gain access through vulnerability points. The attack highlighted the need for companies to reinforce their cybersecurity measures and the risk of geopolitical tensions spilling over into the financial world.
Private Sector and Military Mindsets Conflict in Cybersecurity Investigations
The different mindsets of the military and private sectors can cause clashes and problems in cybersecurity investigations. The bias of cybersecurity experts can affect their interpretation of cyber threats. JPMorgan Chase clashed with the FBI and Secret Service over information-sharing, partly due to their belief that the hack was state-sponsored. The FBI believed the hack to be more likely done by skilled criminals. JPMorgan Chase's lack of storage and politics further complicated the investigation. The hackers' IP addresses were located globally. JPMorgan Chase eventually handed over all data collected during the hack to the FBI. The private sector faces more for-profit criminal activity in cybersecurity than the military.
Large Financial Institutions Under Threat of Cyber Attacks
Large financial institutions are at risk of being hacked and having their customers’ information stolen, leading to a need for increased security measures. Attackers often hide their tracks by renting servers on opposite sides of the planet. In 2014, multiple financial institutions, including JPMorgan Chase, Fidelity Investments, ADP, HSBC, Citigroup, and Bank of the West were targeted by the same hackers, leading to investigations by several different regulatory bodies. The hackers were able to enter some systems and access customer information, leading to a need for increased security measures. Although many hackers are never caught, in 2015, two Israeli men were arrested for securities fraud and were linked to the JPMorgan Chase hack.
Bitcoin Exchange Linked to Major US Bank Hacks
The arrests of Anthony Murgio and Yuri Lebedev for running an illegal Bitcoin exchange called Coin.mx were linked to major US bank hacks. The hackers attempted to break into twelve banks, including JPMorgan Chase, and stole 83 million customer database records by stealing email addresses of bank customers. FBI memo linked Joshua, the man on the run from Israel, and Anthony, the arrested man in Florida, to the JPMorgan Chase hack. The hackers didn't steal any monetary gain from banks but the customer's database. The feds had started investigating this group shortly after the JPMorgan Chase hack was discovered, and Joshua was the prime suspect who led investigators to the door of the others.
The dark side of stock markets - the pump-and-dump scam.
Gery, Joshua, and Ziv were involved in a stock market scam called pump-and-dump, where they manipulated the stock prices with false information and made a huge profit by selling stocks at a higher price. They buy stocks in a company at a low price and launch a marketing campaign using fake data to temporarily increase the stock price. Later, they sell the stocks, making a profit. This was illegal market manipulation as they created false hype and backdated the articles to make it seem like their predictions came true. They were indicted in a lawsuit brought by the Securities and Exchange Commission for six such scams over four years, and they made about $3.5 million running these scams.
How Gery and his team ran a successful pump-and-dump scam using fake campaigns and hacking.
Gery and his team used a systematic approach to run pump-and-dump scams by creating shell corporations and making private companies go public using reverse mergers. They then marketed these companies with a fake campaign and sold their shares at the right time. They also sent scammy e-mails to millions of people, and later, they hacked JPMorgan Chase to get real e-mail addresses of stock market investors to make their spam more effective. This scam was all upside for Gery, who made money from selling his shell corporation and assigning himself or his friends a large number of shares before the scam even started.
Illegal Activities and the Downfall of Online Casino Empires
Gery, Ziv, and Joshua were involved in multiple illegal activities, from manipulating the stock market to running dodgy online casinos. These casinos were notorious for not paying out their winners and delaying cash-out requests by up to 90 days. Despite making an enormous amount of money, these scammers chose to treat their players poorly, indicating their greed. However, the online casino empires of Netad Management and Milore Ltd, run by Gery and Ziv, collapsed overnight after their arrests. Although they were not hackers themselves, they had access to millions of JPMorgan Chase customer email addresses stolen in a massive hack. Even a year after the breach, more financial institutions received FBI visits, indicating the involvement of other hackers.
Massive cybercrime scheme including largest US financial data breach.
A group of hackers conducted cyber-intrusions over several years and stole personal information from over 100 million customers, including the largest data breach of a US financial institution. The hackers operated their schemes through shell companies and fraudulent identification documents, making millions of dollars from online casino, stock fraud, and hacking scams. To launder their money, they used shell corporations for their stock scam and transferred millions of dollars from their casino businesses through these companies. With the money in the shell company accounts, they paid themselves for made-up goods and services, leaving an audit trail that made everything look legitimate. They also created online payment processing companies, IDPay and Todur, to handle their shady transactions - all before getting caught.
The Shady World of Money Laundering in Online Casinos
Gery used shady payment processors IDPay and Todur to launder illegal money through his online casinos. He opened multiple bank accounts in different countries with fake IDs and coded transactions to look like simple online purchases. Gery's illegal activities ranged from fake pharmaceuticals to bogus antivirus software and illegal pharmacy affiliate programs. He even hacked G2 Web Services, a watchdog company, to ensure they wouldn't flag his payment processors as fraudulent. Despite fines and penalties from credit card companies, Gery continued to find new accounts and fake merchants to keep his illegal operations going. However, the feds eventually caught onto Gery after an undercover agent noticed a suspicious transaction on his credit card statement.
Gery's Empire Collapses after Hacking US Financial Companies
Gery's empire was brought down due to their involvement in the hack on JPMorgan Chase. They were behind seven hacks of US financial companies, including E-Trade and Scottrade. The hacker got a regular login to E-Trade and poked around as just a normal user, looking for vulnerabilities on the site. The plan to steal customer data from the databases was figured out almost a year later. The databases of Scottrade and E-Trade were breached, and six million records were stolen from Scottrade. The hacker was careful not to raise any alarms and waited for the admin to log out to download the data in secrecy without drawing unwanted attention.
Cybercrime and its Insidious Effects on Online Gambling
Gery's hacker gained access to E-Trade's and Scottrade's internal networks, stole fifteen million customer records, and merged them into a vast database, which Gery used to draw more players to his online casinos. He also asked the hacker to improve his casinos' search ranking on Google by hacking into dormant gambling-related WordPress blogs to create tons of links to his casinos' websites, which made them rise up in the ranking and become more popular. Gery also paid the hacker to conduct DDoS attacks on his competitors' websites, which could drive players to his casino if they couldn't access their favorite gambling site. Overall, Gery used cybercrime to enrich himself and cheat players out of their winnings.
The Dangers of Underhanded Tactics in Casino Competition
Gery, a casino owner, used underhanded tactics to stay ahead of his competitors, including hacking into competitor casinos and executives' emails. However, he was eventually caught and charged with various crimes. He then became an informant and agreed to pay $403 million in forfeit. Gery had stashed away over two billion dollars in various bank accounts around the world, as well as cash, jewelry and properties. This shows the extent to which individuals can go to obtain an unfair advantage and the need for authorities to investigate and prosecute such individuals, while also highlighting the importance of whistleblowers and informants in uncovering criminal activities.
The Hunt for Gery's Mystery Hacker
It took six law firms to negotiate Gery's release, in which he gave up a hacker named Peter Levashov. However, Levashov was not Gery's mystery hacker. The feds believed that the actual hacker was thirty-five-year-old Andrei Tyurin, a well-known, high-level Russian hacker. US intelligence found evidence that Andrei was getting some protection from the FSB, Russia's intelligence agency. After almost a year, the feds finally extradited Andrei from Georgia to New York and charged him with ten counts related to Gery's enterprises. Despite evidence presented to him, Andrei pleaded not guilty. The case has passed through the hands of three different US attorneys for the Southern District of New York.
The Complex and Large-Scale Network of Gery Shalon and Associates
Gery Shalon and his associates engaged in a complex and large-scale network of illegal schemes, hacking fraud, and money laundering, earning over $19 million from their activity. Andrei, who was involved in the hacks, pleaded guilty to conspiracy to commit computer hacking, wire fraud, unlawful internet gambling conspiracies, and conspiracy to commit wire fraud and bank fraud, and was sentenced to 12 years in prison. Gery is believed to be out of prison and living somewhere in the US, while Ziv is waiting to be sentenced. The hack into JPMorgan Chase was not a one-off attack but done by someone with an insatiable appetite for more money. The story highlights the desperation and endless desire of the perpetrators that led to the destruction of their empire.