On September 7, 2018, the U.S. Attorney for the Southern District of New York Geoffrey S. Berman and other U.S. law enforcement officials announced that Georgia extradited Andrei Tyurin, a Russian citizen, to answer charges arising from his participation in a massive computer hacking campaign targeting U.S. financial institutions, brokerage firms, financial news publishers, and other U.S. companies. Tyurin alleged committed these crimes with Gery Shalon, Joshua Samuel Aaron, and Ziv Orenstein, in furtherance of securities market manipulation, illegal online gambling, and payment processing fraud schemes perpetrated by Shalon, Aaron, Orenstein, and their co-conspirators.[1]
On September 7, 2018, Tyurin was presented in court and remanded into federal custody. He did not enter a plea.[2] On September 25, 2018, he is expected to appear before U.S. District Judge Laura Taylor Swain.[3]
From approximately 2012 to mid-2015, Tyurin allegedly participated in an extensive computer hacking campaign targeting financial institutions, brokerage firms, and financial news publishers in the U.S., including the theft of personal information of over 100 million customers of the victim companies. Tyruin’s hack of J.P. Morgan resulted in the theft of personal information of over 80 million customers, making it the largest theft of customer data from a U.S. financial institution in history. Tyruin participated in these crimes at the direction of Shalon and in furtherance of other criminal schemes overseen and operated by Shalon and his co-conspirators, including securities fraud schemes in the U.S. For instance, to artificially inflate the price of certain stocks publicly traded in the U.S., Shalon and his co-conspirators marketed the stocks in a deceptive and misleading way to customers of the victim companies whose contact information Tyurin stole in the intrusions.[4]
In addition to the U.S. financial sector hacks, Tyurin also undertook cyberattacks against many U.S. and foreign companies in furtherance of various criminal enterprises operated by Shalon and his co-conspirators, including unlawful internet gambling businesses and international payment processors. Almost all of these illegal businesses, like the securities market manipulation schemes, exploited the profits of Tyurin, Shalon, and their co-conspirators obtained hundreds of millions of dollars in illicit proceeds.[5]
Tyurin is 35 years of age and is from Moscow. The indictments charge him with one count of conspiracy to commit computer hacking, which carries a maximum prison term of five years; one count of wire fraud, which carries a maximum prison term of 30 years; four counts of computer hacking, each of which carries a maximum prison term of five years; one count of conspiracy to commit securities fraud, which carries a maximum prison term of five years; one count of conspiracy to violate the Unlawful Internet Gambling Enforcement Act, which carries a maximum prison term of five years; one count of conspiracy to commit wire fraud and bank fraud, which carries a maximum prison term of 30 years; and aggravated identity theft, which carries a mandatory consecutive term of imprisonment of two years.[6]
Mr. Berman praised the investigative work of the Federal Bureau of Investigation and the U.S. Secret Service and expressed sincere thanks to the Chief Prosecutor Office of Georgia and the Ministry of Justice of Georgia for their support and assistance with the extradition proceedings. He also expressed gratitude to the Securities and Exchange Commission, Homeland Security Investigations, the Financial Industry Regulatory Authority, the Office of International Affairs of the U.S. Department of Justice for its help with the extradition, and the Financial Services Information Sharing and Analysis Center, which significantly helped the investigation by facilitating information-sharing among the victim institutions.[7]
Tyruin allegedly used his hacking to aid an illegal gambling business, an illegal internet casino and international payment processors, which permitted other alleged thieves to process payments by credit or debit card. It was done for illegal pharmaceutical distributors, purveyors of malicious or counterfeit “anti-virus” software, their own internet casinos and an illegal bitcoin exchange. Investigators say Tyurin and his co-conspirators earned more than $18 million in profits.[8] Analysis
The U.S. government’s ability to extradite Tyruin from Georgia illustrates the U.S. government’s strategies of waiting until accused suspects leave Russia in order to work with cooperating countries to obtain the arrest and extradition of targets. Russia does not extradite citizens accused of crimes to foreign countries. Russia’s lack of cooperation with U.S. authorities, especially on cybercrime matters, has created continued tension between the two governments.[9]
Prior DOJ charges alleged that the defendants used JPMorgan customer data in a “pump and dump” campaign in which the victims were targeted with spam emails touting penny stocks that increased the stock’s value and resulted in millions of dollars in gains for the conspirators.
In a 2015 statement, Pretet Bharara, the former U.S. Attorney for the Southern District of New York, said between in or about 2007 and in or about July 2015, Shalon and his co-conspirators earned hundreds of millions of dollars in illicit proceeds, of which Shalon concealed at least $100 million in Swiss and other bank accounts.
[1] U.S. Department of Justice, Manhattan U.S. Attorney Announces Extradition of Alleged Russian Hacker Responsible for Massive Network Intrusions at U.S. Financial Institutions, Brokerage Firms, a Major News Publication, and Other Companies, Press Rel. 18-307, Sept. 7, 2018; U.S. v. Andrei Tyruin, U.S. District Court S.D.N.Y., S3 15 Cr. 333 (LTS), Sealed Superseding Indictment https://www.justice.gov/usao-sdny/press-release/file/1092376/download; U.S. v. Andrei Tyruin, U.S. District Court S.D.N.Y., S4 15 Cr. 333 (LTS), Sealed Superseding Indictment https://www.justice.gov/usao-sdny/press-release/file/1092381/download.
[2] Mark Morales, Russian accused of hacking the data of 80 million people extradited to U.S., CNN, Sept. 7, 2018.
[3] U.S. Department of Justice, supra.
[4] Id. Patrick Howell O’Neill, U.S. extradites Russian accused in hack of JP Morgan Chase, Cyberscoop, Sept. 7, 2018.
[5] U.S. Department of Justice, supra.
[6] Id.
[7] Id.
[8] Morales, supra.
[9] O’Neill, supra
Leave a Reply