Jerusalem – Two Israelis indicted in the US and facing extradition for allegedly using fake passports and identities and running a “pump and dump” securities fraud scheme that made millions were ordered kept in custody for twenty days by the Jerusalem Magistrate’s Court Wednesday, due to fear that they both pose a flight risk.
The defendants, 31-year-old Gery Shalon and 40-year-old Ziv Orenstein, were indicted by a grand jury in New York in June, on charges of conspiracy to commit securities fraud, conspiracy to commit wire fraud, securities fraud, wire fraud, conspiracy to commit fraud using false documents, aggravated identity theft, money laundering conspiracy.
A month later, US authorities submitted an extradition request to their Israeli counterparts, in order to place the two on trial stateside. On Monday both were arrested by Israel Police, who were working closely with FBI investigators who had traveled to Israel as part of the case.
According to the indictment issued in the United States District Court in the Southern District of New York, Shalon, described as the ringleader, was throughout the duration of the scam a resident of Israel.
The indictment says that he orchestrated “multi-million dollar stock manipulation – or pump and dump – schemes to manipulate the price and volume of traded shares in numerous publicly traded stocks by means of deceptive and misleading email campaigns, and manipulative prearranged stock trading.”
In addition to Shalon and Orenstein, a third main suspect, American Joshua Samuel Aaron, played a major role in the scam but has yet to be arrested. US authorities believe Aaron worked as the scam’s front man in the US, making connections with associates under the direction of Shalon.
Aaron is not a citizen of Israel, though he resided in the country at different times since the scam began in 2011.
The suspects would allegedly find companies to to target for manipulation, and would buy up large amounts of stock using shell companies and brokers accounts they set up with fake identities.
They would also send out millions of spam emails from the two straw companies – “Entersea Limited” and “Jemsta Enterprises” (based in England and the British Virgin Islands, respectively) touting the stocks, which along with their bulk purchases would help drive up the stock prices.
Aaron also set up another shell company called Warmkal Trading Limited which was allegedly used to launder profits.
According to the indictment the defendants used a series of fake identities, with Shalon using names including “Phillipe Mousset” and “Christopher Engeham”, while Orenstein was known to use the names “Aviv Stein” and “John Avery”, while Aaron went by the alias “Mike Shields.”
In court on Wednesday, the prosecution said that the crimes the defendants are suspected of are of the utmost severity and they are expected to receive very serious prison terms in the US, which along with their history of using fake aliases and forged passports, indicate that they pose a serious flight risk.
The presiding judge agreed, and both defendants were ordered kept in custody for 20 days.
The Israel Police said Tuesday night that the FBI contacted them as part of their investigation and asked for assistance in probing the case, due to the involvement of Israelis.
Following a collaborative investigation the two Israelis were arrested, and at the moment an extradition request filed by the FBI is pending.
Israel Police said Tuesday night that more than 10 US law enforcement officers have been in Israel over the past few days working out of the cybercrimes unit headquarters in Lod.
The arrests were first reported by Bloomberg on Tuesday night, when the case was still under a gag order in Israel. The Bloomberg report said the arrests were part of a months-long investigation of a group of friends who met in college in Florida and are tied to the JP Morgan hack in 2014, with suspects in Israel accused of security fraud for inflating the value of low-volume stocks.
The hack, which began last June and lasted through August, infiltrated the bank’s systems and sent information including customer account data back to the hackers.
The breach exposed information on 76 million households and 7 million businesses, making it one of the largest data breaches in history. The company said no financial information or account data had been compromised, and that it had not seen an increase in fraud.
The bank suspected the hack may have originated in Russia, but was unclear as to whether it was the work of a state-sponsored actor or a private actor looking for financial gain.
Just two months before the hack commenced, JMPorgan CEO Jamie Dimon announced that the company would devote a quarter of a billion dollars to cybersecurity that year. After the breach was disclosed, he said the company would double cyber-security spending over five years.
Ironically, that could be a boon for Israel, which has produced a slew of cutting edge cyber security companies. Last year, Prime Minister Benjamin Netanyahu noted that Israel takes in $5b. – $7b. of the roughly $60b. – $80b in the global cybersecurty market. That market, according to cyber security ventures, is expected to double by 2019.
U.S. and Israeli authorities arrested four people in Israel and Florida on Tuesday in connection with several fraud schemes tied to last summer’s massive data breach at JPMorgan Chase & Co, according to news reports.
The hacking of JPMorgan’s computers compromised information in 83 million household and small business accounts, making it one of the largest such breaches in history.
Federal prosecutors in New York confirmed the four arrests but did not mention the breach, and charging documents unsealed on Tuesday did not refer to the hack. Bloomberg was the first news outlet to report the connection.
The New York Times reported that federal authorities had identified some of the JPMorgan hackers because the attack was relatively unsophisticated but authorities were unable to collect enough evidence to charge anyone with the breach itself.
Investigators then turned to other activities in which the hackers were involved, leading to the charges unsealed on Tuesday, the Times reported.
In one indictment, U.S. authorities accused three men of engaging in a stock manipulation scheme involving U.S. penny stocks.
Gery Shalon, 31, and Ziv Orenstein, 40, are Israeli nationals who were arrested on Tuesday at their homes in Israel, U.S. prosecutors said. Joshua Samuel Aaron, 31, is a U.S. citizen who resides in Moscow and Tel Aviv and remains at large, authorities said.
When initially asked about Tuesday’s case, an Israeli police spokesman referred to three arrests made last week in a separate, unrelated cybercrime case pursued by U.S. investigators.
An Israeli police spokeswoman subsequently confirmed Tuesday’s arrests but did not comment on any possible tie to the JPMorgan breach. She said the Federal Bureau of Investigation had asked that Shalon and Orenstein be held to begin extradition proceedings and also requested permission to interrogate them in Israel.
The two men are expected in court on Wednesday.
Prosecutors in New York announced charges against two Florida men, Anthony Murgio, 31, and Yuri Lebedev, 37, for operating an unlicensed money exchange using the digital currency bitcoin.
The two men were also arrested on Tuesday in Florida and were expected to appear in federal court there later in the day.
A spokesman for Manhattan U.S. Attorney Preet Bharara, whose office brought the charges, did not respond to requests for comment. A JPMorgan spokeswoman declined to comment on the arrests.
According to the indictment, Shalon, Aaron and Orenstein worked with two unnamed stock promoters, one from New Jersey and one from Florida, to run a “pump-and-dump” scheme. The defendants would acquire shares in thinly traded companies, send millions of spam emails inducing investors to buy the stocks in order to drive up the price, and then sell off their holdings.
The U.S. Securities and Exchange Commission filed a parallel civil action against Shalon, Aaron and Orenstein.
Murgio and Lebedev were accused of operating Coin.mx, a bitcoin exchange that was used to facilitate criminal activity including cyberattacks. Between October 2013 and January 2015, the site processed at least $1.8 million for tens of thousands of customers, authorities said.
The JPMorgan attack initially prompted speculation that Russian hackers were involved, but U.S. investigators ruled out Moscow early in the case.
The criminal complaints against Lebedev and Murgio include a brief mention of Russia, alleging the two men sought to provide money laundering services to Russian criminals.