GERY SHALON’S INTERNATIONAL CYBERCRIME ENTERPRISE AND ITS EUROPEAN-RUSSIAN CONNECTION

The global structure of Gery Shalon's cybercrime enterprise
Gery Shalon and Shota Shalelashvili
Gery Shalon and Shota Shalelashvili

It is most certainly the largest cybercrime case in history to date, with political repercussions ranging from Russia to Europe, Israel, and the United States. According to the U.S. Department of Justice (“DoJ”), the Israeli Gery SHALON was the principal of the world’s leading cybercriminal enterprise which operated through hundreds of employees, co-conspirators, and infrastructure in over a dozen countries. SHALON and his deputies AARON and ORENSTEIN were arrested and indicted in 2015. The U.S. authorities are still investigating the background of this cybercrime enterprise and traces lead to Europe and Russia.


Family Business

Gery SHALON aka “Garri Shalelashvili”, “Phillipe Mousset” and “Christopher Engeham”, age 34, is a native of the Republic of Georgia and an Israeli citizen. His father Shota SHALELASHVILI is still living in Georgia where he is a Member of the Parliament (MP). The US-targeting activities of Gery became a political issue in Georgia already. According to Rustavi 2, the most popular and successful broadcasting company in Georgia, the leader of the “National Movement” Mikheil Saakashvili argues that Shota SHALELASHVILI was involved in Gery SHALON’s money laundering scheme. In May 2018, the Georgian “United National Movement” initiated investigations into SHALELASHVILI’s respective activities.

In 2015 and 2016, the U.S. authorities unsealed several indictments against SHALON and co-conspirators, claiming that  Gery SHALON owned and operated a global “cybercrime enterprise” with several lines of businesses (see press release U.S. Department of Justice here and find the indictment here).

Lines of Businesses in SHALON's cybercrime enterprise
Lines of Businesses in SHALON’s cybercrime enterprise (Source: U.S. Department of Justice)

SHALON’s cybercrime enterprise comprised unlawful online gaming projects were engaged in a vast securities market manipulation scheme (“pump and dump scheme”) based on spamming efforts to millions with hacked data and operated multinational payment processors for illegal drug suppliers, malicious software distributors. Additionally, he owned and controlled Coin.mx, an US-based Bitcoin exchange that operated in violation of anti-money laundering laws.

Unlawful Casino and Gambling Business

The U.S. authorities claim that the Gery SHALON cybercrime enterprise operated at least 12 illegal online casinos with hundreds of employees in multiple countries. Even though they earned millions with these unlawful real-money casinos they aggressively fought for market shares and profits.

They engaged in massive hacks and cyberattacks against competitors. SHALON purportedly directed “Distributed Denial of Service” or DDOS against these competitors to temporarily shut down their business and force them to comply with his requests.

Former employees of those casino and gambling companies have told investigators that those were located in Kiev, Ukraine, and were actively promoting their offerings to customers in the US, where such services were generally prohibited since 2006. Evidently, SHALON established the European connection already with his illegal online casino business. Bloomberg’s source claims that SHALON’s co-conspirators Anthony MURGIO and Joshua Samuel AARON frequently traveled to Russia to maintain a relationship with Russia’s cybercrime scene.

The Payment Processor Scheme

SHALON’s cybercrime enterprise operated the illegal payment processing schemes IDPay and Todur for criminal activities. To deceive banks and credit card issuers they miscoded payment transactions, in violation of bank and credit card company rules and regulations. Furthermore, they bribed corrupt bank officials who then willfully ignored the criminal nature of the transactions.

Consequently, the U.S. prosecutors charged SHALON, AARON, and ORENSTEIN with running an illegal payment processing business where they collected $18m in fees alone.

For their European FOREX and Binary Options schemes, SHALON’s cybercrime enterprise entertained other payment processors such as the Czech DreamsPay or NetPay. Read more on the European Connection further down.

The illegal Bitcoin Exchange

U.S. authorities claim that between 2013 and 2015 SHALON’s cybercrime enterprise owned Coin.mx, a Bitcoin exchange service, which was operated by Anthony MURGIO and Yuri LEBEDEV. Purportedly, they exchanged millions of dollars for Bitcoins, thereby also laundering Sharon´s money earned in its illegitimate businesses. They knowingly violated anti-money laundering laws and regulations. To conceal their illegal Coin.mx activities they operated through a phony front-company called “Collectables Club”.

They deliberately misidentified and miscoded credit and debit card transactions in order to trick banks into allowing the transactions to be completed. Additionally, they acquired control over the small Helping Other People Excel Federal Credit Union (“HOPE FCU”) by bribing the senior officials, among them the then-chairman and CEO, Pastor Trevon GROSS. They installed their people on HOPE FCU’s Board of Directors and transferred Coin.mx’s banking operations to the credit union which became the captive bank for Coin.mx’s unlawful business.

Anthony MURGIO was arrested in 2015, the U.S. prosecutors indicted him in 2016. He pled guilty to conspiring to operate an unlicensed money transmitting business, conspiring to commit wire fraud and bank fraud, and conspiring to obstruct an examination of HOPE FCU by the NCUA in furtherance of the illegal Coin.mx scheme. MURGIO was sentenced to 66 months in prison, three years of supervised release, and a $12,000 fine. He pleaded guilty to conspiracy charges, operating an illegal bitcoin exchange suspected of laundering money for criminals and being linked to hacking at JPMorgan Chase & Co. His conspirators with Coin.mx, the credit union manager Trevon GROSS, and the programmer and exchange operator Yuri LEBEDEV were sentenced to 60 months and 16 months in prison respectively.

Prosecutors said MURGIO processed more than $10 million in illegal bitcoin transactions from April 2013 through July 2015. In June 2017, trial sentenced him to 5-1/2 years in prison (case numbers 17-3691, 17-3758 and 17-3808, and 1:15-cr-00769, in the U.S. District Court for the Southern District of New York).

More on the crypto-related activities of the SHALON enterprise will be revealed in another article covering, among others, the activities around their projects including the US-based crypto-security startup GLADIUS.

Securities Market Manipulation Scheme

The enterprises biggest cash cow was allegedly a pump-and-dump operation in which it bought penny stocks then boosted them in an aggressive spam campaign. To get email addresses for the campaigns Shalon allegedly had three hackers penetrate financial firms and steal customer data.

The U.S. prosecutors claim that Gery SHALON and his principal deputies Joshua Samuel AARON and Ziv ORENSTEIN ran a “bump and dump” scheme to manipulate the price and volume of publicly traded stocks by means of deceptive and misleading email campaigns, and manipulated trading transactions. They did so between 2011 to mid-2015.

To run the scheme they opened broker accounts for a number of companies in different countries under their control and beneficial ownership. The bank and broker accounts for those companies have been opened with fake ID’s and false passports. Once they held the shares, they inflated the stock’s price and trading volume through two fraudulent and deceptive means:

  • Manipulative trades
  • Disseminating materially misleading, unsolicited (“spam”) emails to millions of potential investors per day.

After causing the stock’s price and trading volume to increase they sold their shares in a coordinated fashion, often resulting in huge profits. According to the indictment filed by the U.S. Department of Justice (DoJ) they earned millions of dollars.

The Hacking: Superboost for Securities Manipulation

SHALON’s cybercrime enterprise earned huge profits with the bump-and-dump scheme but they wanted to have had the “real money”. Hence, they hacked financial institutions to steal customer data. According to the indictment, the cybercrime network stole 83 million customer records of JP Morgan Chase alone in 2014. In total, they stole more than 100 million customer records from financial institutions and financial publication companies in the United States.

The network laundered their vast criminal proceeds through at least 75 shell companies and bank and brokerage accounts around the world. They used approximately 200 fake ID documents, including over 30 false passports for the US and at least 16 other countries.

The European Connections

Parallel to his activities on the U.S. market, SHALON also entered the European and Russian market and invested in various companies of his Israeli and Russian friends in the then-promising field of binary options and FOREX. In the years 2012 to 2016, a hype and a huge industry arose around the binary options. Simona WEINGLASS of the Times of Israel estimated that around 10 billion US dollars annually were realized with the binary options in 2016 with thousands of employees. According to the French Financial Market Authority, more than 90% of the investors lost their money. Gery SHALON wanted to be there with his cybercrime company.

Together with his friend, the Russian Vladislav “Vlad” SMIRNOV, the development of the European payment processor DreamsPay was initiated in 2014. A large part of the payments of the hundreds of binary options platforms was processed via this processor. The FBI has been looking for the backers of US-focused binary options platforms for years now. Well, most of them are located in Sofia, Bulgaria, and Kiev, Ukraine. Well known places to SHALON and his friends.

The Rich Principal

According to the U.S. SEC, Gery SHALON was estimated to have assets valued at around $2 billion at the time of his arrest in 2015.

Evidently, through their criminal activities, SHALON’s cybercrime enterprise earned their promoters hundreds of millions of dollars in illicit proceeds, of which SHALON concealed at least $100 million in Swiss and other bank accounts.

After U.S. prosecutors unsealed indictments in 2015 and 2016, SHALON agreed to drain 81 overseas bank accounts and send the money to the U.S. government, according to court papers filed in April 2017. The 81 accounts were with Pasta Bank in Latvia, iPay International SA in Luxembourg, Hellenic Bank and Bank of Cyprus in Cyprus, Cartu Bank and Basis Bank in Georgia, and Schroder & Co. Bank AG in Switzerland. The U.S. prosecutors also want to get their hands on assets seized by Israeli authorities when Shalon was arrested in 2015, including bulk quantities of cash, jewelry, and fancy pens, according to a filing last month.

Arrest and Indictment

The people in the US division of Geri Shalon's enterprise
The people in the US division of Geri Shalon’s enterprise

Shalon was arrested in Israel in 2015 and extradited to the U.S. the in 2016. The superseded indictment was unsealed in November 2015 before U.S. District Court for the Southern District of New York. SHALON, AARON, and ORENSTEIN initially pled not guilty to securities fraud, conspiracy, hacking, money laundering, gambling, and identity theft.

Several other figures in the different cases around the cybercrime enterprise, however, have either pleaded guilty or were convicted after trial. In July and November 2015 the U.S. prosecutors indicted Gery SHALON and his co-conspirators. Some of them have already been sentenced to jail but SHALON himself has not been brought to trial in the matter, signaling that he may be cooperating with U.S. authorities.

People involved in U.S. proceedings

Actor Role indicted sentenced
Gery SHALON Principal yes not yet
Joshua Samuel AARON Principal Deputy yes not yet
Ziv ORENSTEIN Principal Deputy yes not yet
Andrei TYURIN Principal Hacker yes not yet
Anthony MURGIO Principal Coin.mx yes 5-1/2 years
Yuri LEBEDEV Operator Coin.mx yes 16 months
Trevon GROSS Conspirator Coin.mx yes 5 years
Michael MURGIO Conspirator Coin.mx yes probation

According to people close to the case, SHALON has delivered insider information about the multinational cybercrime network and helps the U.S. authorities to identify and arrest members of his cybercrime network around the world. Among others, the hacker Andrei TYURIN, a Russian citizen who is alleged to have performed key cyber-work in a hack of JPMorgan Chase & Co, was extradited to the United States in September 2018 from the Republic of Georgia. It was another success in the years-long hunt by U.S. authorities for SHALON’s conspirators. Purportedly, the arrest of the Russian hacker Peter LEVASHOV is also the work of Gery SHALON. He provided incriminating information on Levashov and is a potential witness against the hacker.

In May 2017, some sources reported that SHALON purportedly agreed on a plea deal with U.S. authorities that will see him pay a fine of $403 million to settle the criminal cases

With the extradition of TYURIN, we may expect a trial soon, though. Excepted, maybe, the U.S. authorities want to go for the Sofia-based FOREX and Binary Options platform first.