JPMorgan Chase Hacker Gets 12 Years

A Russian hacker who was instrumental in one of the largest thefts in history of US customer data from a single financial institution has been sentenced to prison.

Moscow resident Andrei Tyurin, also known as Andrei Tiurin, was part of an international hacking campaign that compromised the computer systems of major financial institutions, brokerage firms, news agencies, and other companies to steal data.

Tyurin's illegal activities were committed with the help of partner Gery Shalon, along with Joshua Samuel Aaron, Ziv Orenstein, and other co-conspirators in furtherance of securities market manipulation, illegal online gambling, and payment processing fraud schemes.

According to the allegations contained in the indictments to which Tyurin pled guilty, the 37-year-old Muscovite hacked into companies between 2012 and mid-2015 and stole the personal information of over 100 million customers.

Among the companies targeted were E*Trade, Scottrade, the Wall Street Journal, and JPMorgan Chase and Co., from which Tyurin stole personal data belonging to more than 80 million of the bank's customers.

On top of the hacks, from around 2007 to mid-2015, Tyurin carried out cyber-attacks against numerous American and foreign companies for the benefit of various criminal enterprises operated by Shalon and his co-conspirators, including unlawful internet gambling businesses and international payment processors.

Through these various criminal schemes, Tyurin, Shalon, and their co-conspirators obtained hundreds of millions of dollars in illicit proceeds, with Tyurin personally amassing $19m in profits from his hacking activity alone.

In one scheme, Tyurin, Shalon, and his co-conspirators misleadingly marketed certain stocks, publicly traded in the US, to customers of the victim companies whose contact information Tyurin had stolen, in an attempt to artificially inflate the stocks' prices.

To carry out his nefarious activities, Tyurin used computer infrastructure located across five continents, which he controlled from his home.

Tyurin was extradited to the United States from the country of Georgia in September 2018. On January 7, in Manhattan Federal Court, US District Judge Laura Taylor Swain sentenced Tyurin to 144 months in prison for computer intrusion, wire fraud, bank fraud, and illegal online gambling offenses in connection with his involvement in the hacking campaign.

In addition to the prison term, Judge Swain ordered Tyurin to pay forfeiture in the amount of $19,214,956.

Post Original: InfoSecurity Magazine