Russian hacker Andrei Tyurin has been sentenced to twelve years in prison in the United States and ordered to forfeit over $19 million after pleading guilty to hacking JP Morgan Chase bank in 2015 and stealing the personal data of 80 million customers of the bank.
Andrei Tyurin, along with a few Russian associates, carried out cyber crimes regularly between 2007 and 2015, targeting U.S. financial institutions, brokerage firms, financial news publishers, and other American companies which included the likes of The Wall Street Journal and JP Morgan Chase Bank.
According to the U.S. Department of Justice, Tyurin conducted the crimes at the direction of Gery Shalon, an Israeli national who spent a lot of time in Moscow and was arrested by Israeli authorities in July 2015, a year after the cyber attack on JP Morgan Chase took place. Shalon ran several securities fraud schemes in the US and used Tyurin's skills to target brokerage firms such as E*Trade and Scottrade.
Between 2012 and 2015, Tyurin stole the personal information of more than 100 million customers of the financial institutions and brokerage firms he targeted. In 2014, he stole the names, addresses, phone numbers, and email addresses associated with more than 80 million accounts with J.P Morgan Chase, and also stole 4.6 million customer records from Scottrade the following year.
“From his home in Moscow, Andrei Tyurin played a major role in orchestrating and facilitating an international hacking campaign that included one of the largest thefts of U.S. customer data from a single financial institution in history, stealing the personal information of more than 80 million J.P. Morgan Chase customers.
“The conspiracy targeted major financial institutions, brokerage firms, news agencies, and other companies, and netted Tyurin over $19 million in criminal proceeds. Now Tyurin has been sentenced to 12 years in prison for his crimes,” said Audrey Strauss, the Acting US Attorney for the Southern District of New York.
In a separate indictment filed against Gery Shalon in 2015, Preet Bharara, the US Attorney for the Southern District of New York, said that Shalon owned and operated unlawful internet gambling businesses, multinational payment processors for illegal pharmaceuticals suppliers, malware distributors, and unlawful internet casinos.
Shalon also owned and controlled Coin.mx, an illegal Bitcoin exchange, and the success of all his ventures depended upon the computer hackings he orchestrated to earn hundreds of millions of dollars which he concealed in Swiss and other bank accounts.
When announcing Tyurin's sentencing, the Department of Justice said that Tyurin's hacking activity included the targeting of email marketing companies, competitor online casinos, and a merchant risk intelligence firm to enable Shalon and his associates to monitor the firm’s efforts to audit potentially criminal online credit card transactions on behalf of major credit card networks, and thus avoid detection of their own criminal schemes.
Tyurin also maintained computer infrastructure across five continents and maintained persistent access into the IT systems he previously infiltrated to download new information from victim companies from time to time. By 2015, he personally amassed more than $19 million in profits because of his illegal activities.