JPMorgan Chase Hacker Sentenced to 12 Years in PrisonRussian Andrei Tyurin Pleaded Guilty to Numerous Charges
A Russian national who pleaded guilty to hacking JPMorgan Chase and other financial institutions has been sentenced to 12 years in federal prison, the Justice Department announced Thursday.
See Also: A Toolkit for CISOs
Andrei Tyurin, 37, pleaded guilty in September 2019 to federal charges, including conspiracy to commit computer hacking, wire fraud, conspiracy to violate the Unlawful Internet Gambling Enforcement Act, conspiracy to commit wire fraud and bank fraud, conspiracy to commit wire fraud and conspiracy to commit computer hacking.
Federal prosecutors accused Tyurin of aiding a wide-ranging criminal enterprise run by Israeli businessman Gery Shalon that included securities market manipulation, payment processing fraud as well as running illegal cryptocurrency exchanges and illegal online gambling (see: JPMorgan Chase's Russian Hacker Pleads Guilty).
The hacking operation that Tyurin helped oversee may have affected more than 100 million bank customers across the globe, including 80 million JPMorgan Chase customers, prosecutor say. They allege Tyurin collected about $19 million in illegal gains through cyber schemes.
"From his home in Moscow, Andrei Tyurin played a major role in orchestrating and facilitating an international hacking campaign that included one of the largest thefts of U.S. customer data from a single financial institution in history, stealing the personal information of more than 80 million JPMorgan Chase customers," says Audrey Strauss, the acting U.S. attorney for the Southern District of New York, which oversaw the case.
From 2012 through 2015, Tyurin engaged in what prosecutors described as a large-scale hacking campaign that targeted customers of JPMorgan Chase, Fidelity Investments, E-Trade and Scott Trade as well as financial news organizations, including The Wall Street Journal.
Tyurin, Shalon and several other co-conspirators attempted to artificially inflate the prices of stocks - mostly of pharmaceutical companies - they were selling by deceptively marketing them to victims whose information and personal data they stole through various hacking operations, according to the Justice Department. These "pump and dump" schemes netted the group millions in illegal profits, prosecutors say.
Tyurin also hacked other firms and organizations to help bolster the illegal online gambling rings and other businesses that Shalon and others were operating, according to the Justice Department.
In addition, Tyurin's hacking activity targeted a firm used for email marketing campaigns, other online casinos and an unnamed U.S. merchant risk intelligence firm. This enabled the criminal enterprise to monitor credit card transactions related to its illegal activity as well as to keep tabs on competitors, according to federal prosecutors.
When the charges were first announced against Tyurin and others in 2015, some news media outlets erroneously attributed the hacking activity to the Russian government due to the sheer scale of the operations and the number of victims (see: Accused JPMorgan Chase Hacker Plans to Plead Guilty).
Tyurin was eventually arrested in the Eastern European country of Georgia and extradited to the U.S. in 2018; he has remained in federal custody since then.
In addition to the prison term, a federal judge ordered Tyurin to forfeit more than $19 million. A separate hearing about restitution obligations is scheduled for April 6. Tyurin will receive credit toward his sentence for the time he spent in prison in Georgia and the U.S., according to the Justice Department.
Shalon's case hasn't yet been resolved. Bloomberg reports that he's been cooperating with federal prosecutors and the FBI.