On Monday, Andrei Tyurin, a 35-year-old Russian national, pleaded guilty in New York to charges of computer intrusion, bank and wire fraud, and online gambling in connection with a sustained hacking campaign targeting US financial institutions.
"Andrei Tyurin’s extensive hacking campaign targeted major financial institutions, brokerage firms, news agencies, and other companies," said Manhattan US Attorney Geoffrey S. Berman in a statement. "Ultimately, he gathered the customer data of more than 80 million victims, one of the largest thefts of US customer data from a single financial institution in history."
The hacking campaign, which allegedly involved at least three other individuals – Israelis Gery Shalon and Ziv Orenstein and American Joshua Samuel Aaron – spanned from 2012 through mid-2015.
It affected about 100 million customers of US banks, brokerage firms, publishers and other companies, including E-Trade Financial, Fidelity Investments, and Dow Jones & Co. In 2014, the four are accused of pwning JP Morgan Chase, resulting in the exposure of person data tied to 83 million accounts – name, street address, phone number and email address.
That particular cyber attack was reportedly made possible by the firm's failure to activate two-factor authentication on a key JP Morgan server.
Tyurin, according to the Justice Department, participated in this campaign under the direction of Shalon. Tyurin was extradited from the country Georgia in 2018.
The priest, the coder, the Bitcoin drug deals – and today's guilty verdictsREAD MORE
Charges against Tyurin's associates have been filed separately. Tyurin's lawyer, Florian Miedel, declined to tell the New York Times whether their client intends to cooperate with US authorities in the prosecution of his associates.
The men, according to the indictment filed against Tyurin, used the personal information they obtained to further a pump-and-dump stock scheme. They're said to have promoted stocks to investors, prompting victims to buy the stock to raise its selling price so the schemers' stock positions could then be sold for a quick profit.
Tyurin's hacking also supported internet gambling operations and international payment processors allegedly run by his associates. These schemes supposedly netted hundreds of millions of dollars.
The six felony counts to which Tyurin pleaded guilty carry maximum sentences ranging from 5 years to 30 years each. He's scheduled to be sentenced on February 13, 2020. ®