Russian Extradited to Face JP Morgan Charges

A Russian national has been extradited to the US where he faces charges related to a notorious series of raids against JP Morgan and other companies said to have affected over 100 million customers.

Andrei Tyurin, 35, was arrested in Georgia after a request by the US government.

Alongside alleged co-conspirators Gery Shalon, Joshua Samuel Aaron and Ziv Orenstein, he is said to have participated in a widespread hacking campaign, including what is said to be the largest ever theft of US customer data from a financial institution.

Around 83 million customers were affected by the JP Morgan breach in 2014, although other firms including E*Trade Financial Corp, Scottrade and Dow Jones & Co were also hit.

The accused are alleged to have obtained customer data to further criminal schemes such as a pump-and-dump campaign which saw them make millions off the back of selling penny stocks to the breached customers – artificially inflating their price.

Tyurin is charged with an “extensive” hacking campaign targeting a range of companies from 2012 to mid-2015, stealing personal information from over 100m individuals.

“In addition to the US financial sector hacks, Tyurin also conducted cyber-attacks against numerous US and foreign companies in furtherance of various criminal enterprises operated by Shalon and his co-conspirators, including unlawful internet gambling businesses and international payment processors,” the DoJ claimed

“Nearly all of these illegal businesses, like the securities market manipulation schemes, exploited the fruits of Tyurin’s computer hacking campaigns. Through these various criminal schemes, Tyurin, Shalon, and their co-conspirators obtained hundreds of millions of dollars in illicit proceeds.”

The Moscow man is charged with conspiracy to commit computer hacking, wire fraud, computer hacking, conspiracy to commit securities fraud, bank fraud, aggravated identity theft and conspiracy to violate the Unlawful Internet Gambling Enforcement Act — which carry maximum terms ranging from five to 30 years.

What’s Hot on Infosecurity Magazine?