(Bloomberg) — A key figure is missing in the court documentsoutlining the biggest computer attack ever of the U.S. financialsystem: the actual hacker.

The Israeli mastermind of the crime syndicate with globaloperations — computer servers in Egypt, online casinos inUkraine and Hungary, Azerbaijan payment processors and a Floridabitcoin exchange — created a digital mob without a truehome country, according to prosecutors. So when the gang needed ahired gun, in this case a sophisticated computer thief, itapparently turned to a harbor known for some of the best.

Related: Hackers accessed global banking with phony petstores, lies

The hacker, identified only as co-conspirator 1 in a sweepingindictment unsealed on Tuesday, is actually a Russian master ofdigital break-ins known to federal agents and U.S. spy agencies whohave tracked him for years, according to three people familiar withthe investigation. Another indictment unsealed this week about thegang provides a little more, citing "a computer hacker who isbelieved to have resided in Russia" — one who infiltratedcomputer networks, located customer databases and exported theprofile information to computers overseas.

It is not unusual for prosecutors to withhold names in acontinuing investigation. But talks about whether to publiclyidentify the hacker in this case and whether to indict him reachedthe upper rungs of government. The prospect was the subject ofvarious discussions at one point by officials of the NationalSecurity Agency and the White House, according to one personfamiliar with the matter, who said it was part of a larger debatewithin the Administration over how best to confront Russia overhacking amid strained U.S. relations.

Weighing options

"I think the government's weighing its options at this point,"said Leo Taddeo, a former special agent in charge of the FederalBureau of Investigation's cyber division in New York who supervisedthe case before he left in August and who declined to discuss itsspecifics. Sometimes, the names of co-conspirators are withheld inhopes they won't go into hiding and will be easier to apprehend,said Taddeo, now chief security officer of cybersecurity companyCryptzoneInc. in Waltham, Massachusetts.

That is less of a concern in this hacking case, since the arrestand indictment of other suspects, along with the seizure of e-mailsand other communications, have already alerted the hacker that U.S.authorities are on his trail.

The FBI declined to comment on the investigation, as did theWhite House National Security Council. The NSA didn't respond torequests for comment. The Justice Department, which makes decisionson criminal actions independent of the executive branch, alsodeclined to comment.

Related: 4 big missteps insureds make when choosing a cyberclaims provider

The FBI's assessment that the financial hack and related eventswere purely a criminal caper, not the act of an unfriendlygovernment, has largely been borne out by the investigation.

Still, American intelligence agencies have produced informationsuggesting co-conspirator 1 may enjoy the protection of the FSB,Russia's main intelligence agency, two people briefed on the mattersaid. The information is not all consistent. Some intelligencesuggests merely that the FSB tried to recruit the hacker, whileother information indicates he may have had a more active role inFSB-directed operations, they said.

The hacker's profile helped feed differences of opinion early onabout the attacks of some of Wall Street's biggest names. Formonths after the disclosure of a big systems breach last summer,JPMorgan Chase & Co. officials maintained the attack on thebank should be treated as a national security incident.

"Proving that a nation-state was not involved in this is very,very difficult, if not impossible," Taddeo said, adding that theindictment lays out a clear criminal motivation, not a nationalcampaign.

Continue reading . . .

(Photo: Thinkstock)

Going undetected

Co-conspirator 1's shadowy talents are on display throughout thetwo indictments, one in federal court in New York and the other inAtlanta. He appears to infiltrate some American financialinstitutions with ease, operating undetected inside their heavilysecured computer banks for months or years.

Targeted companies included Fidelity Investments, E*TradeFinancial Corp., Scottrade Financial Services Inc., Dow Jones &Co., as well as JPMorgan Chase, which alone spends more than half abillion dollars annually to secure its computers. Fidelity is theone company in this group that has said it has no indication anycustomer information was taken from its network.

Some of the targets were chosen by Gery Shalon, the Israeli whowas the mastermind of the criminal organization spanning bitcoincompanies, Internet gambling sites and securities manipulationbefore his arrest last summer, according to the criminalindictments.

Transcripts of e-mail communications show Shalon trying toexplain the rudiments of pump-and-dump stock schemes to the hacker,telling co-conspirator 1 — in presumably familiar terms— that buying stocks in America is like "drinking freakingvodka in Russia."

Specialists say co-conspirator 1 may have done more than whatShalon ordered and point out that he remained in the computers ofsome companies for years, even though e-mail addresses and such canbe spirited away quickly.

For example, when disclosing that some customer paymentinformation may have been compromised in October, Dow Jones saidthat the unauthorized access to its systems occurred at certaintimes over three years.

Dead end

Data stolen from the targets might also have been shared withothers in Russia, if that is where the hacker is working, for hisown protection, said Tom Kellermann, chief cybersecurity officerfor TrendMicro Inc. "This is not over," Kellermann said. "The realquestion now is how many backdoors are still in these systems thathave yet to be detected."

U.S. authorities almost always hit a dead end, Taddeo said, whenan investigation leads to Russia.

Related: Cyber attacks drive insurance purchases in early2015

With Shalon and some other suspects in custody, however,prosecutors may be able to plumb the inner workings of Russia'selite cyber underground. At least two of Shalon's allegedassociates, Joshua Aaron and bitcoin operator Anthony Murgio,traveled extensively to Russia and could have met the hacker inperson.

Aaron remains a fugitive, but pictures posted to his wife'ssocial media account just before Shalon's arrest in July put hislast location in St. Petersburg, Russia.

Shalon and Aaron couldn't be reached for comment and GregoryKehoe, a lawyer representing Murgio, didn't return a phonemessage.

The two people familiar with the case said it is unclear ifprosecutors are still considering charges against co-conspirator 1for hacking and related crimes. He could be indicted even thoughRussia does not extradite its citizens to the West.

President Barack Obama could also use new executive powers toseize assets and impose other sanctions on foreign nationalsinvolved in cybercrime, measures the White House has yet to tapdespite a run of high-profile hacks on companies and agencies.

_____________________________

How can you transform your risk management preparednessand response strategy into a competitive advantage?

Introducing ALM'scyberSecure — A two-day event designed toprovide the insights and connections necessary to implement apreparedness and response strategy that changes the conversationfrom financial risk to competitive advantage. Learn more about howthis inaugural event can help you reduce risk and add businessvalue.