JP Morgan Case Reveals Underworld of Hired Hackers Available on Rent


11/14/2015



An unusual glimpse into the burgeoning industry of criminal hackers for hire emerged as U.S. prosecutors this week charged two Israelis and an American fugitive with raking in hundreds of millions of dollars in one of the largest and most complex cases of cyber fraud ever exposed.
 
The federal indictments and a previous civil case brought by the U.S. Securities and Exchange Commission indicate that the three people indicted of the crime and accused of organizing massive computer breaches at JPMorgan Chase & Co and other financial firms, as well as a series of other major offences did little if any hacking themselves.
 
The three individuals were responsible for putting together a criminal conglomerate with activities ranging from pump-and-dump stock fraud to Internet casino break-ins and unlicensed Bitcoin trading. The trio hired outsiders for the technological needs and outsourced the work.
 
"They clearly had to recruit co-conspirators and have that type of hacker-for-hire," said Austin Berglas, former assistant special agent in charge of the FBI's New York cyber division, who worked the JPMorgan case before he left the agency in May.
 
"This is the first case where it's that clear of a connection." Berglas added. He was of the opinion that there would be additional major cases of freelance hacking that will come to light especially as more people become familiar with online tools such as Tor that seek to conceal a user’s identity and location.
 
 During the indictment, a hacker was referred to as "co-conspirator 1" and had the responsibility of installing malicious software on the servers of multiple victims at the direction of Gery Shalon, the alleged mastermind of the scheme now under arrest in Israel. An attack on online trading firm E*Trade on the other hand was carried out by a man referred to as John Doe, believed to be in Russia and was referred to a second conspirator.
 
However there was no confirmation about whether the co-conspirator and John Doe were the same person or even if the FBI knows their true identities.
 
Underground Russian-language computer forums, where skilled attackers advertise their services is the place, according to the law enforcement and computer security officials, where outsourced cyber-crime services - including rented time on networks of previously compromised personal computers and custom break-ins - are most readily found.
 
Daniel Cohen, who oversees an undercover team at EMC Corp's RSA Security that monitors the forums says that the forums are very are tight-knit communities where newbies must be vouched for by multiple known members and pay membership fees that cost thousands of dollars.
 
“You can find anything you want for an operation. Hackers, servers, software, code writing. They are all available," said Cohen. Identification of the identities of the members of the forum is very difficult as individuals hide their identities even from each other.
 
Ordinary investors were convinced to buy little-regulated stocks after the ringleaders hired the hackers to steal contact information and other data. Prosecutors have not disclosed how the hackers were compensated.
 
 The complexity of the assignment and supply of talent available to do a particular job decides on the fees and payment for a particular assignment. While most hackers might earn an hourly rate or get paid a few thousand dollars for winning access to a target’s network, the really talented ones considered as elite hackers who have the ability to pull off the most technically challenging attacks might get a percentage of the profits made from the heist.
 
(Source:www.reuters.com)