Inside the Affactive / Revenue Jet Scammers’ Superceding Indictment
Rogue online casino operators and financial-systems hackers Gery Shalon, Joshua Samuel Aaron and Ziv Orenstein have been hit with a superceding indictment regarding their various and widespread alleged criminal offenses.
Shalon, Aaron and Orenstein, infamous in online-gaming circles for their operation of the fraudulent Affactive and Revenue Jet online-casino and affiliate operations, were first indicted back in July for their roles in a major hacking affair targeting several companies, including the theft of financial data and consumer-info files from major US securities house JP Morgan Chase. Shalon and Orenstein were arrested by Israeli authorities and are currently facing extradition to the United States, while Aaron remains at large and is believed to be hiding in Russia, where many of the group’s online-crime activities may have been orchestrated.
And as for what those “alleged” crimes turned out to be, the list is increasingly impressive, in a criminal-accomplishment way. Based on the original and superceding indictments, if a scammy online activity was illegal, the three Israel-based men were likely trying to make a profit from it. Pump-and-dump schemes, theft of financial information, illegal payment processing, fraudulent online-casino operations… they didn’t miss much.
The superceding indictment, filed on Tuesday, is another eye-opener. The crimes by the trio and other unnamed co-conspirators appear to date to 2011, at least regarding the core complaints, the hacking crimes targeting the US financial-services industry. The alleged role of Shalon, Orenstein and Aaron in the high-profile JP Morgan Chase hacking became public months ago. What’s new, however, is the revelation that the hack was just one in a string of similar operations by the group.
It turns out that the men are accused of a series of hacks targeting virtually every large online stock brokerage based in the US — JP Morgan Chase, TD Ameritrade, Scottrade, e-Trade, Fidelity and others. In each instance, the plan was roughly the same: Open an account with the online brokerage, then use that connection to analyze the brokerage and eventually hack the company with the accused criminals’ extensive network of online tools. In this way the group stole hundreds of millions of user accounts’ data, which was then used to solicit their own penny-stock “pump ‘n’ dump” scams.
Then there was the whole Affactive / Revenue Jet / Netad Management scheme, a soup-to-nuts online-gaming fraud which spammed users in unrelenting fashion for several years, for a batch of no-pay casinos that quickly disappeared after Shalon, Orenstein and Aaron were indicted in July.
Among the infamous Netad Management casinos, which were at the core of the Affactive scheme: Win Palace Casino, Casino Titan, Slots Jungle Casino, Jackpot Grand Casino, Golden Cherry Casino, Slots of Fortune, Begado Casino, Grand Macau Casino, Grand Macau Live Dealer Casino, and WinPalacePlay. That’s 10 casino sites, and along with the Affactive and RevenueJet domains likely accounts for the 12 online-gambling entities cited in Tuesday’s updated indictment, on another, different series of alleged crimes. That stuff dates all the way back to 2007, as the updated complaint specifies and too many victims within the online-gaming community know all too well.
Then toss in the ring’s operation of the US-based Coin.mx Bitcoin exchange (which is illegal under US securities laws, and which is also why Bitcoin exchanges aren’t based in the US), the group’s ownership and operation of payment processing services for illegal-pharmaceutical providers, a separate business in distributing malware and counterfeit software, and it’s pretty clear that this group was the budding WalMart of online crime.
It was about as lucrative as WalMart as well. According to the latest, the group earned “hundreds of millions of dollars in illicit proceeds.” Shalon alone is accused of concealing at least $100 million in well-sheltered bank accounts in Switzerland and elsewhere. Shalon, Aaron and Orenstein owned or controlled at least 75 different shell companies, and they traveled globally under assumed names: The latest indictment accuses the trio of using at least 30 phony passports, purportedly obtained from at least 16 different countries.
Shalon is also accused of being the mastermind of the the Google hacks and DDOS attacks that frequently targeted others in the industry, including anyone that dared shine a light onto the rogue Affactive / Revenue Jet / Netad operations. The group’s extensive access to various international hacking groups included a couple of different internet exploits. One such large-scale hacking targeted thousands of inactive WordPress blogs and inserted scripts into them via known security vulnerabilities, in the process overloading Google’s search algorithms and directing lots of search traffic to Netad sites and links.
The DDOS attacks were another example of criminal malignancy run rampant. One such story, detailed in a series posts on a well-known affiliate site, described how one mid-level affiliate’s business was crippled after the ring, led by Shalon, targeted his sites as revenge for his outing of the group’s Google-busting tactics.
The indictments, as one might expect, emanate from the Preet Bharara-led Southern District of New York USAO office, the same district that’s led the assault on other alleged online-gambling offenders, including the infamous “Black Friday” case in 2011. However, while some of the SDNY’s other online-gambling cases have amounted to little more than prosecution-for-profit shakedowns, this one’s clearly different: the Affactive operators, by all available evidence, are clearly criminals in many different ways, being equal-opportunity victimizers at every turn.
The three men now face a laundry list of 23 felony charges, including but not limited to: money laundering conspiracy, unlawful internet gambling (UIGEA violations), unlawful payment processing, computer hacking, wire fraud, conspiracy to commit securities fraud, document fraud, aggravated identity theft, and much, much more.
We’ll have future updates on the story as events warrant.