A third suspect alleged to be responsible for the 2014 JPMorgan Chase data breach, which resulted in the compromise of data linked to more than 83 million customers, was arrested Dec. 14 after voluntarily returning to the U.S. from Russia, according to The Associated Press and other news media reports.
See Also: Bank Payment Clearance Vulnerabilities: Faster Payments, Faster Fraud?
Joshua Samuel Aaron, 32, who also goes by the alias "Mike Shields," was arrested at JFK International Airport after waiving extradition and asylum in Russia "to responsibly address the charges," Aaron's attorney, Benjamin Brafman, told AP.
Aaron, a U.S. citizen, had been living in Moscow, the U.S. Attorney for the Southern District of New York announced Wednesday. Now he, along with co-defendants Gery Shalon and Ziv Orenstein, who were both arrested by Israeli authorities in July 2015 and extradited to the U.S. in June 2016, face charges that include securities fraud, wire fraud, market manipulation, identification document fraud, aggravated identity theft and money laundering (see Israel to Extradite Alleged Chase Hackers).
Aaron and Shalon also have been charged with computer hacking.
If convicted on all counts, all three men could be sentenced to more than 100 years in prison.
Waging Cyberattacks
All three were charged last November, accused of orchestrating and waging cyberattacks between 2012 and mid-2015 that compromised Chase and 11 other U.S. banks and financial services firms. The Chase breach resulted in the compromise of contact information, including names, addresses, phone numbers and email addresses, linked to 76 million households and 7 million small businesses.
"Joshua Samuel Aaron allegedly worked to hack into the networks of dozens of American companies, ultimately leading to the largest theft of personal information from U.S. financial institutions ever," says U.S. Attorney Preet Bharara. "For pursuing what we have called 'hacking as a business model,' and thanks to the efforts of the FBI and the U.S. Secret Service, Aaron will now join his co-defendants to face justice in a Manhattan federal courtroom."
Tracking Down Hackers
One cybersecurity expert says the arrest reflects law enforcement's increasing effort to track hackers and more swiftly bring them to justice.
"The investigative techniques and abilities of law enforcement to sniff out the trail of cybercriminals these days, despite obfuscation techniques, continues to get better, and it only takes one mistake to get caught," says Chris Pierson, general counsel and CISO at payments and invoicing provider Viewpost.
Still, many cybercriminals continue to elude justice, he adds. "While we see many notable arrests with larger incidents, the abilities of most cybercriminals to avoid arrest and prosecution remains the biggest hurdle for ecommerce," Pierson says. "Cybercriminals are always looking for the easy targets and exploits to penetrate a company. These opportunities that allow entry can come quickly."