Four men located throughout Florida and Israel have been arrested in relation to the massive 2014 hack against JPMorgan Chase bank, which resulted in the theft of some 76 million customer and 7 million business accounts. News outlets such as the New York Times and Bloomberg cited anonymous sources regard the arrests, not fully explaining the connection between alleged suspects.
The United States Attorney in Manhattan, New York announced on Tuesday that two Florida men were taken into custody and formally charged with operating an unlicensed Bitcoin exchange service, coin[dot]mx. However, the criminal complaint filed makes no reference to JPMorgan Chase.
Alongside the two Americans were two Israelis named Gery Shalon and Ziv Orenstein, who were both arrested by Israeli authorities. Yet a fifth man believed to be connected to the hack, Joshia Samuel Aaron, an American living in Israel, is reportedly still on the run.
The arrests come just four months after federal authorities said they were close to closing in on the JPMorgan Chase Bank hackers who caused the critical breach.
The Florida-based duo, Anthony Murgio and Yuri Lebedev, have been formally accused of operating coin.mx while “knowingly exchanged cash for people whom they believed may be engaging in criminal activity,” federal prosecutors said in their criminal complaint. Among a number of other criminal violations, coin.mx has been accused of being a site used to collect bitcoin from ransomware scares.
Malware is constantly evolving online and an older scam that criminals continue to use it the good ol’ ransomware scare. Ransomware is a term for a computer virus that holds your computer hostage for a ransom fee. This type of malware will generally lock the computer and display a screen stating something along the lines of the cops have caught you among other bogus claims, and state you have to pay a certain dollar amount to recover your files.
Many people spooked by the malware will often go ahead and pay the fee, ranging anywhere from a couple bucks to several hundred dollars, however the screens are false and can almost always be safely removed. These type of ransomware viruses are so common even police departments have fallen victim and paid ransomware fee’s, along with the city of Detroit who was hit with a $800,000 ransom demand.
According to prosecutors, Murgio and Lebedev’s coin.mx site was acting as a middleman for this type of ransomware extortion.
The two continued on to abuse a fraudulent organization, called Collectible Club, and were able to acquire “beneficial control” of an undisclosed, New Jersey-based credit union. Prosecutors said the two used the bank to process electronic payments and described the union as a “captive bank.”
In a newly unsealed criminal complaint, federal prosecutors said the fraudulent group, Collectible Club, appears to have been setup in a way to “trick the major financial institutions through which they operated into believing their unlawful Bitcoin exchange business was simply a members-only association of individuals who discussed, bought, and sold collectable items, such as sports memorabilia.”
FBI special agent, Joey Decapua, explains in the affidavit:
From speaking with representatives of the National Credit Union Association and reviewing NCUA records, I learned that while the Credit Union normally handled the modest banking needs of a small group of primarily low-income local residents, and had little or no experience with the business of ACH processing, by October 2014, the Payment Processor was processing over $30 million a month in ACH transactions through its account at the Credit Union. The NCUA learned of the unusual size and scope of the activity and, in part because the Credit Union did not have the AML policies or procedures in place to handle such voluminous payment processing, forced the Credit Union to stop allowing such processing; the NCUA separately required the Credit Union to remove the new Board members.
Murgio also did a terrible job at covering his digital footprint. According to the FBI, the criminal complaint explains that the coin.mx domain was registered under Murgio’s legal name, using his personal e-mail and phone number for contact information.
Likewise, another domain they operation for the Collectible Club, collectpma[dot]com is registered to an individual named Chris Smith. A simple online search reveals the e-mail address used to register the domain is also tied to Anthony Murgio.