USA: Russian Hacker Admits Largest Theft of Data in History

Published: 25 September 2019

JPMorgan Chase

JPMorgan Chase (Photo: Thomas Belknap (CC BY-SA 2.0))

By Zdravko Ljubas

A Russian hacker pleaded guilty before the US District Court in Manhattan on Monday, admitting “one of the largest thefts of customer data from a US financial institution in history,” Geoffrey S. Berman, the US Attorney for the Southern District of New York, announced.

Andrei Tyurin, 36, from Moscow, “ultimately gathered customer data of more than 80 million victims” and admitted “involvement in massive network intrusions at US financial institutions, brokerage firms, a major news publication and other companies,” according to the statement.

Although the Attorney did not specify which institutions Tyurin attacked, media reported that he “stole data on more than 80 million clients of JPMorgan Chase & Co. and other institutions that netted hundreds of millions of dollars in ill-gotten gains.”

The Russian was reportedly accused of stealing customer information from 12 financial news companies, banks and other financial firms, “including Fidelity Investments, E-Trade Financial and Dow Jones & Co.”

Tyurin’s co-conspirators, according to the report, then used the information to “ply customers with spam emails promoting stocks, hoping to cash out at higher prices.”

The Attorney’s Office confirmed that Tyurin committed the crimes together with Gery Shalon, also known as Garry Shalelashvili or Gabriel or Gabi or Phillipe Mousset or Christopher Engeham and with Joshua Samuel Aaron, aka Mike Shields and Ziv Orenstein also known as Aviv Stein or John Avery.

“Tyurin engaged in these crimes at the direction of Shalon and in furtherance of other criminal schemes overseen and operated by Shalon and his co-conspirators, including securities fraud schemes in the United States,” read the statement.

The New York Times quoted Florian Miedel, Tyurin’s lawyer, as saying that his client was “hired by the originators and brains of the scheme to infiltrate vulnerable computer systems at their direction.”

However, according to the US attorney Berman, Tyurin “faces significant time in a U.S. prison for his crimes,” as each charge against him carries between five to 30 years in jail.

Tyurin, who was detained in Georgia and handed-over to the US in 2018, following a sealed indictment in 2015, is to be sentenced on February 13.

Besides pleading guilty he agreed to forfeit more than US$19 million, which, according to media, was calculated based on the amount he and his co-conspirators agreed he would be paid for his work.