American prosecutors say they have identified the people involved in hacking JPMorgan Chase last year.
The Justice Department announced Tuesday that three men indicted for separate crimes in July are behind the enormous JPMorgan hack. The three men allegedly stole 83 million customers' personal information in that data breach.
The JPMorgan hack was "the largest theft of customer data from a U.S. financial institution in history," according to the prosecutors.
Until now, nobody knew who did it -- or why.
Law enforcement officials initially said the attacks came from hackers in Russia with loose ties to the Russian government.
But today's announcement paints a different picture. The U.S. government now alleges that the hack was orchestrated by men involved in a pump-and-dump stock manipulation scheme.
Why hack a bank for a pump-and-dump? Data breaches are information-gathering expeditions. They yield sensitive data that's extremely valuable to criminals. Breaking into the bank gave them information to target specific people -- and extra insight into the stock market, federal agents said.
An indictment unsealed Tuesday claims it went far beyond that, though. Investigators say they took down a massive criminal empire that hacked seven major banks, ran an online casino, laundered money around the world and set up an illegal Bitcoin trading operation.
They allegedly made more than $100 million -- and used 75 shell companies that employed hundreds of people, and 30 fake passports from 17 countries to keep it secret.
Federal documents point to Gery Shalon, an Israeli citizen, as the mastermind behind this vast criminal syndicate. Ziv Orenstein, another Israeli, was his right hand man who used fake documents to setup dummy accounts around the globe. Joshua Samuel Aaron, an American, was another key figure.
Together they ran a fraudulent investment business, according to law enforcement. They would buy lots of a penny stock, then blast out misleading emails to dupe others into buying a company's stock too and quickly drive up its price. Then they would cash out before the inevitable crash. They made their riches this way -- one time scooping up $2 million in a single exit, federal documents say.
To get email addresses of potential victims, Shalon hired a hacker to break into banks and steal client lists. From 2012 to 2015 they broke into JPMorgan, Scottrade, Dow Jones (the publisher of the Wall Street Journal), a major mutual fund in Boston, Massachusetts, another financial news organization, and online stock brokerages in Omaha, Nebraska; Queens, New York; and Charlotte, North Carolina.
JPMorgan, Scottrade and Dow Jones confirmed that they had been victims of the group's hacks.
Sources have previously told CNNMoney that the FBI investigated hacks on seven of the top 15 banks.
But their biggest hack was JPMorgan. Although the federal documents does not mention it by name, JPMorgan (JPM) acknowledged to CNNMoney that it was the major victim of these attacks.
The unsealed indictment didn't detail exactly how Shalon managed to hack into banks. But it did say that they were able to break into the mutual fund in April 2014 because the company didn't quickly patch its computers to protect them from last year's notorious Heartbleed bug.
Investigators also claim Shalon ran an illegal online gambling operation, using hacks to ruin competitors. Plus, he allegedly owned a shady firm that processed payments for illegal pharmaceutical suppliers.
Investigators also claim Shalon operated an unlicensed online Bitcoin exchange out of Florida. At Coin.mx, you could trade cash for the digital currency. That electronic money is hard to trace, so it's the way hackers like to get paid for doing illegal jobs.
Orenstein and Shalon were arrested by Israeli police on July 21 and remain in that country. American prosecutors are trying to extradite them to the United States.
Police didn't catch Aaron, who remains a fugitive. Investigators would not say if they know where he is hiding.
The U.S. attorney in the Southern District of New York, Preet Bharara, detailed the case at a press conference Tuesday afternoon. He said this case represents how criminals are using high-tech tools to boost their power -- and make crimes painfully difficult to solve.
"This showcases a brave new world of hacking for profit," Bharara said. "It was securities fraud on steroids."
Bharara noted that major hacks often go unresolved. "We believe we can change that narrative," he said.