Arrests in Florida, Israel made in schemes thought to be tied to JPMorgan Chase hack

Authorities in Israel and the United States have arrested several people suspected of involvement in a major hack of JPMorgan Chase last summer, according to individuals familiar with the case.

But they were not charged with the hack. Nor do the charging documents mention their suspected involvement.

[ Touch here to watch the mobile version of the video report in this story. ]

Rather, prosecutors in New York have charged Gery Shalon and Ziv Orenstein, Israeli citizens, and Joshua Aaron, a U.S. citizen, with conspiracy to commit securities fraud. Orenstein and Shalon were arrested Tuesday in Israel, said a person familiar with the case, who, like others interviewed, spoke on the condition of anonymity to discuss a pending investigation.

Aaron has not been arrested, the person said. It was not clear whether Orenstein was involved in the bank hack.

In Florida, meanwhile, authorities arrested Anthony Murgio and Yuri Lebedev, who have been charged with conspiracy to operate an unlicensed online money-transmitting business. The two men were arrested at their homes Tuesday. Murgio was also charged with money laundering.

The charging documents make no mention of the intrusion into JPMorgan, which garnered front-page headlines last year for the theft of data belonging to 76 million households. Bloomberg Business reported that the breach was the work of Russian hackers, possibly sponsored by the Russian government in retaliation for Western sanctions over its behavior in Ukraine.

Instead, the people allegedly behind the hack have nothing to do with the Russian government or Russian crime rings, said a second individual. Murgio and Lebedev were friends who had met at Florida State University years ago.

Aaron and Shalon were believed to be the masterminds behind the hack, which compromised tens of millions of email addresses, the individual said.

Federal investigators were unable to gather enough evidence to charge the men with hacking JPMorgan, the individual said.

"The next step will be for the FBI to arrest these guys, have them flip and cooperate and maybe start having the conversation about JPMorgan," the individual said. "You're using these charges as a hammer - something to hold over their head."

The securities-fraud charges stem from an operation to artificially inflate the prices of penny stocks and then dump or sell them to reap huge profits - what is commonly known as a "pump and dump" scheme. The indictment was unsealed Tuesday by a judge in the Southern District of New York.

The indictment alleges that Shalon, Aaron and Orenstein sent to people millions of spam emails a day "that falsely touted the stock in order to trick others into buying it." After causing the stock's price to rise, they sold their shares in coordinated fashion, earning millions of dollars in illicit profits, the indictment alleges.

Their coordinated sales would cause the stock's price to fall, exposing unsuspecting investors to significant losses, the indictment said.

Although prosecutors have offered no evidence linking the men to the JPMorgan case, one former FBI cybersecurity expert said that the hack could have aided the stock scheme.

"The theft of tens of millions of emails is a perfect vehicle to advertise the penny stocks that you would then dump after getting the initial invesment," said Austin Berglas, who is now senior managing director for cyber-investigations at K2 Intelligence. "It's the traditional pump-and-dump scheme in the digital world."

- - - -

Washington Post research editor Alice Crites contributed to this report.