Coin.mx owner charged with orchestrating ‘cybercriminal enterprise’

The U.S. Department of Justice (DOJ) recently charged Gery Shalon, who owned and controlled an illegal bitcoin exchange, Coin.mx, with “the largest theft of customer data from a U.S. financial institution in history.”

“Today, we have exposed a cybercriminal enterprise that for years successfully and secretly hacked into the networks of a dozen companies, allegedly stealing personal information of over 100 million people, including over 80 million customers from one financial institution alone.”
— – Preet Bharara, U.S. Attorney of the Southern District of New York

Shalon, 31, was arrested last July in his home country of Israel, along with countryman Ziv Orenstein. Along with co conspirator Joshua Samuel Aaron, the three were charged for orchestrating a scheme to manipulate the price of shares. Aaron, a U.S. citizen who resides in both Moscow and Tel Aviv, remains at large.

The trio are alleged to have perpetrated securities market schemes, resulting in multi-million dollar stock manipulation, also known as “pump and dump.” The aim was to manipulate the price and trading volume of numerous publicly traded penny stocks, in order to enable members of the conspiracy to sell their holdings of those stocks at artificially inflated prices.

At the same time, in July, the Federal Bureau of Investigation (FBI) arrested Anthony R. Murgio and Yuri Lebedev, who were later charged with running an illegal bitcoin exchange in the US, Coin.mx, as well as other related crimes. The exchange enabled their customers to exchange cash for Bitcoins, while charging a fee for their service.

The FBI stated that between October 2013 and January 2015, Coin.mx exchanged at least US$1.8 million for Bitcoins, on behalf of tens of thousands of customers. Murgio transferred hundreds of thousands of dollars to bank accounts in Cyprus, Hong Kong, and Eastern Europe, and received hundreds of thousands of dollars from bank accounts in Cyprus and the British Virgin Islands, to fund his unlawful business.

According to an undercover FBI agent investigating the case, from late 2014 to July 2015, Coin.mx accepted "cash, wire & bank direct as well as all credit cards." The company website claimed that in October 2014, there were over 70,000 members using the platform.

Murgio was charged with several crimes, including money laundering. He and his co conspirators knowingly provided Bitcoins to victims of “ransomware” attacks, stated the FBI.

Ransomware locks a victim’s computer system access, until a ransom is paid, often in bitcoins. The operators therefore knowingly enabled the criminals responsible for those attacks to receive the proceeds of their crimes. In violation of federal anti-money laundering laws, no suspicious activity reports regarding any of the transactions were filed.

The DOJ recently revealed that Shalon owned and controlled Coin.mx, which Murgio operated in the US “at Shalon’s direction.”

Shalon was charged by the DOJ again last week for “orchestrating massive computer hacking crimes against U.S. financial institutions, brokerage firms, and financial news publishers.”

Not satisfied with going after small game, the DOJ says that from approximately 2012 to mid 2015, Shalon, Aaron, and others perpetrated attacks on the US Financial sector, stealing personal information on more 100 million customers.

“The charged crimes showcase a brave new world of hacking for profit. It is no longer hacking merely for a quick payout, but hacking to support a diversified criminal conglomerate. This was hacking as a business model….Even the most sophisticated companies – like those victimized by the hacks in this case – have to appreciate the limits of their ability to uncover the full scope of any cyber-intrusion and to stop the perpetrators before they strike again.”
— – Bharara

The FBI revealed that over the past three years, Shalon, Aaron, and their co-conspirators were responsible for a range of data breaches. They stole data related to tens of millions of US citizens, from at least a dozen US and international corporations, and used them to commit other criminal schemes, including the pump and dumps and an illegal online gambling enterprise.

Through their criminal schemes, Shalon and his co-conspirators earned hundreds of millions of dollars in illicit proceeds, through a complex setup involving fake accounts and identities, making Shalon so wealthy that he was found concealing at least US$100 million in bank accounts.

Conspiring with others, Shalon laundered their criminal proceeds through no less than 75 shell companies, as well as bank and brokerage accounts worldwide. They controlled these companies and accounts using aliases, and approximately 200 false identification documents, including over 30 fake passports from 17 countries.

“They cloaked themselves in secrecy, but their methods rivaled those of the traditional masked robber. Today’s indictment sheds light on an increasingly complex threat. But just as criminals continue to develop relationships with one another in order to advance their objectives, the law enforcement community has developed a collaborative approach to fighting these types of crimes.”
— – Diego Rodriguez, Assistant Director in Charge at the FBI’s New York Field Office

Various major financial institutions have been victims of massive cyberattacks, including JPMorgan Chase, E*Trade Financial Corp, Scottrade Financial Services Inc, and Fidelity Investments.

The JP Morgan hack was so severe that personal information from more than 80 million customers was stolen, making it “the largest theft of customer data from a U.S. financial institution in history,” according to the DOJ.

"In our existing environment and at our company, cybersecurity attacks are becoming increasingly complex and more dangerous."
— – Jamie Dimon, JPMorgan CEO

JPMorgan acknowledged the attack in the company’s 2014 annual report, describing “cyber threats of an unprecedented scale.” The company has subsequently spent more than US$250 million on cyber security. In addition, over the next two years, the company will increase this spend by nearly 80%.

Shalon and Aaron were also charged with E*Trade and Scottrade data breachs and identity theft schemes, along with a third hacker.

A study by Ponemon Institute, sponsored by Hewlett Packard stated that “cyber crimes continue to be on the rise for organizations” and the average cost of cybercrime in the US is estimated to be over US$15 million in 2015. The report also noted that, accounting for exchange rates, the cost of cyber crime increased in all surveyed countries.

Out of all represented industries, financial services suffer the most, according to the Ponemon report, with average annualized cost of US$13.5 million.

In an [independent report ](http://www2.deloitte.com/content/dam/Deloitte/global/Documents/Financial-Services/gx-us-fsi-outlook-banking-final.pdf – Deloitte)from the Deloitte Center for Financial Services, the company states that improving cybersecurity is a major concern for the financial industry.

“Banks’ integral role in the payment ecosystem leaves them entangled in the often messy aftermath of security breaches, experiencing both economic and reputational loss even in instances where they are not direct targets of cyberattacks. With increasing realization that cybersecurity needs to be pursued with utmost vigilance, the banking industry is devoting considerable resources to this warfare."
— – Deloitte

Although Shalon, Aaron, and others named here allegedly orchestrated the crimes, they did outsourced most of the hacking. An unnamed hacker could be a Russian master of digital break-ins whom federal agents and U.S. spy agencies have been tracking for years, although the prosecutors have yet to reveal his identity.

Even though bitcoin is part of Shalon’s myriad of cyberattack schemes, the FBI recognizes that it is merely a tool for crime, it does not make the currency any less legitimate and is not itself illegal. "However, given the ease with which they can be used to move money anonymously, Bitcoins are also known to be used to facilitate illicit transactions and for money laundering purposes," states FBI special agent Joel Decapua.