Garnet Capital Advisors Blog

For bankers, it was a nightmare come true. It was the summer of 2014 and JPMorgan Chase disclosed it had been the victim of a crippling cyber attack. The breach exposed 83 million accounts, both personal and business, at the nation's largest bank.

Now criminal charges have been handed down and significant new details made public about the vast operation against JPMorgan Chase and other high-profile companies. Three people were indicted on a wide range of charges including securities fraud, wire fraud and even illegal Internet gambling, Reuters reported.

Hackers zeroed in on JPMorgan, Wall Street Journal among others
Gery Shalon, Joshua Samuel Aaron and Ziv Orenstein have been charged on 23 counts. Their alleged misdeeds targeted a dozen companies. Nine of them were financial services companies, including E-Trade Financial and Scottrade. The Wall Street Journal was among the hackers' marks outside the banking and financial sector. A fourth man, Anthony Murgio, has been charged in a fraudulent bitcoin scheme. The charges recently announced build on civil charges that the Securities and Exchange Commission had filed against Shalon, Aaron and Orenstein.

Few cyber attacks against banks succeed, but rewards can be rich
Financial institutions are harder to infiltrate than those in most other industries. But for diligent criminals, the rewards can be high. Prosecutors allege the trio cooked up the sprawling scheme as far back as 2007. Especially insidious was the alleged tactic of using the personal information gained to email victims directly and trick them into buying artificially-inflated stock, The WSJ reported. The defendants allegedly manipulated the securities to goose the price, deceived victims into purchasing the stocks and then selling the securities at tremendous profit to themselves. Shalon, whom prosecutors seek to paint as the ringleader, stands accused of hiding at least $100 million of the ill-gotten gains in Switzerland and elsewhere.

U.S. Attorney Preet Bharara called the scope of the data breaches "breathtaking."

Hackers lurked unknown on bank servers for months
Government officials have characterized the JPMorgan Chase hack as the single largest cyber theft of customer data from any U.S. financial institution. One might ask: Why didn't customers know their information had been compromised? It's because the hackers gained access to the bank's internal systems for two months before they were discovered. They exploited a flaw in the JPMorgan Chase website, apparently. So when they spammed their victims with seemingly attractive stock plays, the victims had no reason to be more alert than usual.

The hacking ring didn't limit itself to leveraging bank customer information against them. Shalon and Orenstein, prosecutors say, ran a network of a dozen illegal Web casinos. These operations threw off millions in profits each month, prosecutors allege.

Wake-up call for bank cybersecurity
As a result of high-profile breaches like that of JPMorgan Chase, banks and other financial institutions are being urged to upgrade their defenses and to give Chief Security Officer more authority and resources to combat cyber thieves. However, it's not clear that institutions are making the needed investments, at least in the eyes of noted information security writer Brian Krebs.

"Far too many organizations have trouble seeing the value of investing in cybersecurity until it is too late," Krebs wrote recently in an analysis of a new federal cyber threat information sharing bill. "Even then, breached entities will often seek out shiny new technologies or products that they perceive will help detect and prevent the next breach, while overlooking the value of investing in talented cybersecurity professionals to help them make sense of what all this technology is already trying to tell them about the integrity and health of their network and computing devices."

Banks aren't alone as they confront challenges like data security and loan portfolio evaluation. Any questions or concerns can be discussed with loan sale advisory firm Garnet Capital Advisors.