Breach Notification , Cybercrime as-a-service , Cyberwarfare / Nation-State Attacks

JPMorgan Chase's Russian Hacker Pleads Guilty

Andrei Tyurin Stole Details of 83 Million Customers During Cybercrime Campaign
JPMorgan Chase's Russian Hacker Pleads Guilty

Russian national Andrei Tyurin, 36, on Monday pleaded guilty to perpetrating massive hack attacks against leading U.S. financial services firms and others from 2012 to mid-2015.

See Also: Live Webinar | Digital Doppelgängers: The Dual Faces of Deepfake Technology

Prosecutors accused the hacker of aiding a wide-ranging criminal enterprise run by Israeli businessman Geri Shalon that perpetrated securities market manipulation, payment processing fraud, illegal cryptocurrency exchanges as well as illegal online gambling (see: Feds Add Ransomware to Pump/Dump Scheme Charges).

"Andrei Tyurin’s extensive hacking campaign targeted major financial institutions, brokerage firms, news agencies and other companies," says Manhattan U.S. Attorney Geoffrey S. Berman. "With today’s plea, Tyurin’s global reign of computer intrusion is over and he faces significant time in a U.S. prison for his crimes.”

Tyurin's victims included more than 83 million customers of JPMorgan Chase, whose personal data was stolen in what prosecutors say was the "largest theft of customer data from a U.S. financial institution in history" (see: Charges Announced in JPMorgan Chase Hack).

"In addition to the U.S. financial sector hacks, Tyurin also conducted cyberattacks against numerous U.S. and foreign companies in furtherance of various criminal enterprises operated by Shalon and his co-conspirators, including unlawful internet gambling businesses and international payment processors," the U.S. Justice Department says in a statement announcing the Russiam man's guilty plea.

"Nearly all of these illegal businesses, like the securities market manipulation schemes, exploited the fruits of Tyurin’s computer hacking campaigns," it adds. " Through these various criminal schemes, Tyurin, Shalon, and their co-conspirators obtained hundreds of millions of dollars in illicit proceeds." (See: Bitcoin Exchange Crackdown: Two Employees Plead Guilty.)

Tyurin pleaded guilty before U.S. District Judge Laura Taylor Swain, although a copy of Tyurin’s plea deal was not immediately available via the federal court's electronic records system (see: Accused JPMorgan Chase Hacker Plans to Plead Guilty). He is scheduled to be sentenced by Judge Swain on Feb. 13, 2020.

JPMorgan Chase didn't immediately respond to a request for comment on Tyurin's guilty plea.

Beyond JPMorgan Chase, Tyurin's victims included customers of brokerage firms Fidelity Investments, E-Trade and Scott Trade, financial news company Dow Jones, as well as software development firms and a merchant risk intelligence company, prosecutors say.

Tyurin Pleads Guilty to 6 Charges

Tyurin has pleaded guilty to one count of each of the following charges, each carrying its own maximum jail sentence:

  • Conspiracy to commit computer hacking (up to five years in prison);
  • Wire fraud (up to 20 years);
  • Conspiracy to violate the Unlawful Internet Gambling Enforcement Act (up to five years);
  • Conspiracy to commit wire fraud and bank fraud (up to 30 years);
  • Conspiracy to commit wire fraud (up to 30 years);
  • Conspiracy to commit computer hacking (up to five years).

The lattermost charge was transferred from the Northern District of Georgia for purposes of Tyurin's plea deal, because the defendant had also been named in a separate indictment filed as part of the ongoing "United States v. Gery Shalon et al" case.

Charged: Fraudsters, Not Nation-State

When Tyurin's 2014 hack attack against JPMorgan Chase first came to light later that year, in a well-worn refrain, many initial press reports - often citing unnamed U.S. officials - noted that domestic law enforcement agencies were probing whether the Russian government might be behind the attack, potentially in retaliation for U.S. sanctions imposed on Russia over the Ukraine. At the time, however, many security experts cautioned against rushing to judgment, noting that attributing attacks remained difficult, and that it often takes time to build evidence, as prosecutors have now done.

In fact, prosecutors turned their attention to Shalon and his alleged co-conspirators Joshua Samuel Aaron and Ziv Orenstein, all of whom were named in indictments in 2015 and charged with a variety of crimes they allegedly committed from 2007 to 2015. Both Sharon and Orenstein have been extradited to the U.S. by Israel, while Maryland-born Aaron returned from Moscow, surrendering to authorities at JFK International Airport in New York.

Tyurin was subsequently indicted in September 2018, when the indictment against the three men was expanded to include charges against the Russian national (see: Russian Charged in JPMorgan Chase Hack Extradited to US).

Shalon has been cooperating with U.S. authorities in a bid for leniency, including repatriating stolen money, Bloomberg reports. Authorities say that among other funds, Shalon had stashed $100 million in Swiss bank accounts.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.