Hacking as a Business Model


Hello everybody!

A 31 years old Israeli, Gery Shalon – from the Republic of Georgia who prosecutors said used aliases, fake passports and banking havens to turn hacking into the backbone of his criminal enterprise. Last July in Israel, Shalon and Orenstein were arrested and the U.S. is seeking their extradition to New York for trial.

Shalon’s organisation was a conglomerate that allegedly ran illegal Internet casinos and elaborate pump-and-dump stock schemes, while dabbling in credit-card fraud and fake pharmaceuticals.

His team ran Some of the biggest cyber-attacks of recent years, including the largest bank breach on record, involving the theft of information relating to 83 million customer accounts from JPMorgan Chase & Co.

Along with JPMorgan, Fidelity Investments, E*Trade Financial Corp., Scottrade Financial Services and Dow Jones & Co, a unit of News, confirmed they had been among the victims of hackers who worked for the group. The indictment against Shalon and two other men, reads that hackers linked with the group had breached banks and other financial firms, stealing information of 100 million of their customers.

“The conduct alleged in this case showcases the brave new world of hacking for profit… It is no longer hacking merely for a quick payout, it is hacking as a business model” US Attorney Preet Bharara in Manhattan said in announcing two of the indictments.

The latest revelations come just three months after US authorities arrested several men they accuse of lurking inside servers where corporate press announcements were awaiting release, in order to trade on the information before it went public.

'On your way out leave one of your names with my secretary.'

Payment information for fake pharmaceuticals and fake anti-virus software have been processed by Shalon’s team. Its members sent misleading stock pitches to clients of banks and brokerages, whose e-mail addresses they’d stolen. They also had trading accounts set up under fake names and used dozens of shell companies and bank and brokerage accounts around the world to launder money. They also tried to extract nonpublic information from financial corporations, prosecutors said.

The indictment said that Shalon – also known as Garri Shalelashvili, Phillipe Mousset and Christopher Engeham – was the self-described “founder” of the enterprise, it also named Joshua Aaron and Ziv Orenstein. Shalon has coordinated hacking attacks to further his market manipulation, concealing at least $100 million in Swiss and other bank accounts.

Anthony Murgio, who was arrested in Florida was accused of crimes related to a bitcoin-exchange service owned by Shalon, as well as the takeover of a New Jersey credit union.

'I'm worried about him, Clive. His new friends seem quite rough.'

the friendship of Shalon and a group of men, including Murgio and Aaron, dated back more than a decade to their days at Florida State University.

An indictment over the E*Trade attack, unsealed in federal court in Atlanta, named Shalon, Aaron and a third person – “a computer hacker who is believed to have resided in Russia” – who it alleges infiltrated computer networks under Shalon’s direction.

Dow Jones was among their early hacking targets where the hackers stole millions of the email addresses out of those that were located.

In October, Dow Jones disclosed that some customer payment information may have been compromised on no more than 3 500 accounts and wasn’t sure if other information was compromised too.

Also in October, Scottrade disclosed that it had been hacked and data of 4.6 million customers has been compromised.

‘Interesting info’

Shalon and his ring has sought after non-public information from the firms they were hacking. In one instance, an email mentioned that they were looking for “interesting info” from top managers at Victim 5, a St. Louis brokerage firm now confirmed as Scottrade.

Spokes persons of Dow Jones and JPMorgan has claimed in their statements that they will continue to corporate with law enforcement.

Fidelity reported of being hacked but said it has no indication that any customer accounts, customer information or related systems were affected. E*Trade confirmed it was attacked in late 2013 but declined to provide more information.

Since 2007

According to the indictment, Shalon began building his criminal conglomerate in 2007 with Internet casinos and capped it off with stock and credit- card schemes years later. Along with his associates, Shalon ran about 12 online “real money” casinos in the US from 2007 until this year and paid 270 casino employees in Hungary and Ukraine.

$78.9 million of “casino turnover” has been obtained in October alone and  Profit for February 2015 totaled $7.29 million according to emails from his associate Orenstein.

Shalon used “massive” e-mail campaigns and regular mail to attract bettors.


Shalon and his team is said to have broken into to the Internet gambling operations to steal customer data and coordinate the hack of two firms that supplied software to online casinos. By 2010, “in response to perceived misconduct” directed at his own casinos, Shalon has been planning cyber attacks against rival gambling sites.

A classic 20th-century pump-and-dump scheme was another part of his cyber fraud.

Teaming with two allegedly crooked stock promoters who are now cooperating with prosecutors, Shalon, Aaron and sometimes Orenstein selected publicly traded companies or private firms they could take public through reverse mergers with listed shell corporations.

Aliases, passports and dumped shares

Trading accounts have been bought by the five, using aliases and fake passports who then bought almost all of a company’s shares for cheap amounts, driving its price higher – in one instance, more than 1 800 percent higher.

First, prearranged trades have been executed by Shalon and his accomplices; next  Shalon and Aaron sent spam e-mails touting the stock and its price rise to millions of potential investors they’d identified in their earlier hacks of banks and brokerages.

The shares were dumped in a coordinated fashion generating profit in millions per stock. Their sales eventually put downward pressure on the stock, and unsuspecting investors suffered big losses, prosecutors said.

By manipulating dozens of stocks, they made more than $2 million in 2012 when they pushed up the price of Mustang Alliances, a purported mining company with operations in Honduras, according to a Securities and Exchange Commission lawsuit filed against the three in July.

images (1)

Shalon and his associates allegedly set up a sophisticated processing system for credit card transactions. Tactics have ranged from old-fashioned bribery to other strategies. Every time a US gambler used a card, this has been processed to look like a payment to the fake pet-supply and dress shop Shalon set up.

When the illegal payments were detected by card networks, they imposed millions of dollars in penalties on banks that let transactions slip through. Shalon and his accomplices allegedly feigned shock, reimbursed the banks, then set up more accounts, according to prosecutors.


When all else failed, Shalon has even hacked risk-intelligence firm in Bellevue, Washington, that flagged merchants accepting payments for “unlawful goods or services,”.

Shalon has then read company’s  e-mails and and figured out which credit and debit cards the company used to detect bogus merchants, then blacklisted those card numbers from Shalon’s network.

To process transactions and hide their origins, they also used Shalon’s bitcoin-exchange company, Coin.mx, , while charging fees on each deal. Murgio, has operated this company.

Collectibles Club  was a cover-up business set up  to disguise their unlicensed money. This is a platform for hobbyists to chat and sell treasures like stamps and sports memorabilia. New Jersey credit union was then taken over by allegedly paying over $200 000 to two accounts at the direction of an unidentified bank executive and installing accomplices on the board of directors. The Coin.mx’s banking operations  have been then moved there.

Using phony documents and aliases, the ring used accounts and at least 75 shell companies to launder its proceeds – and moved gambling proceeds from account to account to account

“They colluded with corrupt international bank officials who willfully ignored its criminal nature in order to profit from, as a co-conspirator described it to Shalon, their payment processing ‘casino/software/pharmaceutical cocktail’,” according to the indictment of the three.

The outfit may have had grander ambitions – stealing inside information about companies to win a leg up in the market – Bharara said Tuesday.

“The conduct alleged in this case also may signal next frontier in securities fraud, sophisticated hacking to steal material non-public information,” he said. The defendants discussed this “as the next stage of their sprawling criminal enterprise.”

So that’s how hacking was used as a business model.


Source: Akati

Comments are closed.