Three men have been charged in relation to the largest cyber-attack on financial firms in US history, which saw the personal information for 100 million people accessed between 2012 and the summer of 2015.
Calling the scheme “securities fraud on cyber-steroids”, US federal prosecutor Preet Bharara said: "In our view, the conduct alleged in this case showcases a brave new world of hacking for profit… In short, it is hacking as a business model."
Charged in the indictment were Gery Shalon, 31, of Savyon, Israel; Ziv Orenstein, 40, of Bat Hefer, Israel and Joshua Samuel Aaron, 31, a US citizen living in Moscow and Tel Aviv, Israel.
Aaron was labeled a fugitive while Orenstein and Shalon were arrested in Israel in July where they remain in custody. Bharara said the US was seeking their extradition.
Charges against the three men were expanded to include computer hacking and identity theft among 21 other counts.
The men allegedly manipulated stock prices by selling shares of companies to individuals whose contact information they had stolen, before dumping their own shares and causing the price to fall.
Described by Bharara as "the single largest theft of customer data from a US financial institution ever," the men are accused in relation to the summer 2014 of data including the names, addresses, emails and phone numbers of more than 83 million customers of JPMorgan Chase & Co – America’s biggest bank by assets.
The men were also charged with running an illegal payment processing business that they used to collect $18m (£11.9m) in fees.
An indictment unsealed in New York federal court said identifying information on millions more customers was stolen in cyber-attacks from against several other financial institutions between 2012 to last summer.
Since 2007, one or more of the defendants also engaged in other criminal schemes, including US securities market manipulation schemes and the operation of at least a dozen Internet casinos that violated US laws, the indictment said.
Some of the massive computer hacks and cyberattacks occurred as the men sought to steal the customer base of competing Internet gambling businesses or to secretly review executives' emails in a quest to cripple rivals, according to the indictment.
Authorities said they used about 200 fake identity documents, including over 30 fake passports supposedly issued by the United States and at least 16 other countries, as they operated their criminal schemes.
They added that the group laundered the proceeds through at least 75 shell companies and bank and brokerage accounts worldwide.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies