Gang charged over JP Morgan cyber-fraud linked to a wave of online scams and hacks

Gang based in Israel and Russia charged with JP Morgan hack that compromised details 83 million customers

Three men have been accused of perpetrating the huge cyber-attack on global bank JP Morgan in 2014, which compromised the personal details of as many as 80 million of the bank's customers.

The men, Gery Shalon, Joshua Samuel Aaron and Ziv Orenstein, all from Israel, have also been linked with a number of other cyber-attacks and online fraud: they have been charged on 23 counts and accused of targeting 12 companies, including nine financial services organisations.

"By any measure, the data breaches at these firms were breathtaking in scope and in size," signalling a "brave new world of hacking for profit," US Attorney Preet Bharara told a press conference in New York.

In addition to JP Morgan, these include E*Trade, TD Ameritrade, Fidelity Investments and Scotttrade. Rupert Murdoch's Wall Street Journal was also attacked by the gang, claim prosecutors.

Prosecutors in the US claim that the gang was set-up in 2007 and has exposed the personal information of more than 100 million people. US Attorney General Loretta Lynch described it as "one of the largest thefts of financial-related data in history".

The gang was also behind schemes to pump-and-dump stock market shares, fraudulent online casinos, illegal bitcoin exchanges and money laundering, according to US prosecutors.

Israelis Shalon and Orenstein, were arrested in July. Aaron is a US citizen who lives in Moscow and Tel Aviv. He remains at large and is the subject of an FBI "wanted" poster, according to Reuters. It also reports that another defendant, Anthony Murgio of Tampa, Florida, was charged separately over the bitcoin exchange, Coin.mx. He was originally charged in July, and faces an arraignment on Friday.

The charges indicate that prosecutors believe that Shalon was the ring-leader of the gang and that he had orchestrated hacks against at least nine companies. Since 2007, along with Orenstein, he had also set-up at least 12 illegal online casinos.

Stolen personal information from the financial services companies was used to cold-call and sell stocks of companies that the gang had already manipulated upwards.

US authorities had initially suspected that the Russian government had been behind the attack on JP Morgan, noting that the stolen data had been routed via Russia through a network of compromised computers.

The JP Morgan attack in 2014 had been preceded by a less-high-profile attack in July 2013 which had compromised the details of 465,000 users of JP Morgan's prepaid cash-cards.