JP Morgan hackers also attacked fraud prevention firm

Cyber criminals breached anti-fraud service provider to help mask their activities

An anti-fraud services company has emerged as another firm breached by the hackers who successfully stole data on 80 million customers from international bank JP Morgan in 2014.

Listed as 'victim-12' in the federal indictment released recently is a "merchant risk intelligence firm", which security expert Brian Krebs claims is actually G2 web services LLC.

"According to multiple sources, Victim #12 is none other than Bellevue, Wash. based G2 Web Services LLC, a company that helps banks figure out if a website is fraudulent or is selling contraband," stated Krebs on his blog.

Fraud prevention firms such as G2 Web Services help banks and other financial institutions recognise when some of their corporate clients may be selling illegal goods, allowing them to block transactions made via spam advertising, for example.

The JP Morgan hackers are likely to have targeted G2 Web Services so that their payments for illicit transactions for products like pharmaceuticals and fake anti-virus software would not be blocked.

The men, Gery Shalon, Joshua Samuel Aaron and Ziv Orenstein, all from Israel, have all been linked with a number of other cyber-attacks and online fraud: they have been charged on 23 counts and accused of targeting 12 companies, including nine financial services organisations.

"By any measure, the data breaches at these firms were breathtaking in scope and in size," signalling a "brave new world of hacking for profit," US Attorney Preet Bharara told a press conference in New York earlier this month.

In addition to JP Morgan, the hackers are accused of breaching E*Trade, TD Ameritrade, Fidelity Investments and Scotttrade.