BALTIMORE (WJZ) — The Justice Department calls it the largest theft of data from bank customers in history. Now we’re learning more about the Maryland native accused in a hacking plot that spans the globe.
WJZ Investigator Mike Hellgren with the new Maryland connection and the ongoing search for the suspect.
We know the hackers became very, very rich men, netting more than $100 million in illicit profits. We also know that a Baltimore-headquartered company–not explicitly named, but identified as “victim number nine” in the indictment–suffered a major data breach.
The FBI has yet to find Joshua Aaron, the Maryland mastermind behind the big hack.
The Justice Department calls it the largest data theft from banks in history–a sophisticated scheme to get the personal information of more than 80 million customers from boldface financial companies like JPMorgan, Chase, Dow Jones, Scottrade and E*TRADE.
Lisa Yeo is a cybersecurity expert with Loyola University Maryland.
“There are so many more threats. A hacker only has to find one way in,” she said. “We can go anywhere in the world and create these attacks, whereas in the past, we had to be present somewhere so we could catch you physically.”
Authorities say Aaron and two other men ran a criminal empire that spanned the globe, employing hundreds of people and using fake passports from 17 countries.
“The conduct alleged in this case showcases a brave new world of hacking for profit,” said Preet Bharara, U.S. Attorney for the Southern District of New York.
According to the indictment, hackers took the information from 9 million customers of a Baltimore-based financial news publisher.
Here’s how it worked: the hackers used a system of servers based overseas to get the personal information from companies, then persuaded their customers to invest in fraudulent stock deals.
“The gentleman, I think, who is considered the mastermind of this group, he doesn’t have to be a good hacker, he just needs to know how to organize and collect the right people,” said Yeo.
And while his two counterparts are in custody in Israel, Joshua Aaron remains on the run and may now be in Moscow.
At one point, federal authorities thought the Russian government was behind these hacks.
Prosecutors are now trying to extradite the other two men who orchestrated the cyber attack.