LISTEN LIVE KPR - On Air: Listen Live to classical, jazz and NPR news Schedule LATEST
KPR 2 - On Air: Listen live to KPR's all talk-radio service, KPR2 Recordings

Share this page              

4 Indicted In 'Largest U.S. Bank Breach Ever,' Justice Says

Describing a sprawling criminal enterprise that includes at least 75 shell companies and the use of multiple fake identities, the Justice Department has indicted four men for hacking, securities fraud and a range of other crimes that involved hundreds of employees and accomplices.

Investigators say they believe the group "generated hundreds of millions of dollars in illicit proceeds."

The group's ringleader was Gery Shalon, according to the U.S. attorney's office for the Southern District of New York, which adds that Shalon used multiple aliases, from Garri Shalelashvili to Phillipe Mousset and Christopher Engeham.

Saying that the criminal ring stole the personal information of more than 100 million people, the federal indictment says that the targeted companies include "one of the world's largest financial institutions," along with a string of large financial services companies and at least two financial news publishers.

At an afternoon news conference to discuss what it calls the "largest U.S. bank breach ever," the U.S. attorney's office laid out the case, which includes more than 23 criminal counts — several of which carry maximum prison terms of 20 years.

"The charged crimes showcase a brave new world of hacking for profit," Manhattan U.S. Attorney Preet Bharara said. "It is no longer hacking merely for a quick payout, but hacking to support a diversified criminal conglomerate. This was hacking as a business model."

The U.S. documents don't name the entities that were hacked, identifying them only by headquarter location and other details. According to Bloomberg News and other news outlets, the victims include JPMorgan Chase, which announced last October that it had been hacked. Bloomberg says other affected companies include ETrade, Scottrade, and Dow Jones and Co.

NPR's Aarti Shahani reports:

"Shalon and his co-conspirators allegedly procured servers in Egypt, the Czech Republic, South Africa, Brazil and other countries. And they then used those networks as a launchpad to attack some of the largest financial firms based in the U.S.

"The indictment charges that the defendants hacked networks, stole customer contact information, and then marketed stocks deceptively to these unsuspecting people, making tens of millions of dollars.

"Shalon also allegedly ran an Internet gambling business, distribution centers for malicious software, and an illegal Bitcoin exchange."

Two of the suspects, Shalon and Ziv Orenstein, are Israelis who were arrested in their home country this summer; the U.S. then sought their extradition. The third suspect is Joshua Samuel Aaron, a Florida resident who remains at large.

The Justice Department says that to carry out crimes, Shalon, Aaron and Orenstein and their co-conspirators used "false approximately 200 purported identification documents, including over 30 false passports that purported to be issued by the United States and at least 16 other countries."

The fourth defendant, Anthony Murgio, is from Tampa, Fla.; he was arrested in July on charges that he laundered millions of dollars.

Murgio, 31, is charged in a separate indictment related to the Bitcoin exchange called, in a scheme that involved "a phony front-company, 'Collectables Club' [sic]," that was supposedly a members-only group, according to the indictment.

Copyright 2015 NPR. To see more, visit

Tower Frequencies

91.5 FM KANU Lawrence, Topeka, Kansas City
89.7 FM KANH Emporia
99.5 FM K258BT Manhattan
97.9 FM K250AY Manhattan (KPR2)
91.3 FM  KANV Junction City, Olsburg
89.9 FM K210CR Atchison
90.3 FM KANQ Chanute
96.1 FM K241AR Lawrence (KPR2)

See the Coverage Map for more details

Contact Us

Kansas Public Radio
1120 West 11th Street
Lawrence, KS 66044
Download Map
785-864-4530 (Main Line)
888-577-5268 (Toll Free)