Account Takeover Fraud , Anti-Money Laundering (AML) , Breach Notification

Accused JPMorgan Chase Hacker Plans to Plead Guilty

83 Million Accounts Compromised as Part of Massive Alleged Fraud Scheme
Accused JPMorgan Chase Hacker Plans to Plead Guilty

Andrei Tyurin, who's been accused of perpetrating the biggest heist of customer bank data in U.S. history, intends to plead guilty to charges filed against him, according to court documents. (Update: On Sept. 23, Andrei Tyurin pleaded guilty to numerous charges.)

See Also: 57 Tips to Secure Your Organization

Tyurin, a 36-year-old Russian national, was extradited from the Eastern European country of Georgia to New York last September (see: Russian Charged in JPMorgan Chase Hack Extradited to US).

Tyurin had originally pleaded not guilty to charges of conspiracy to commit computer hacking, wire fraud, computer hacking, conspiracy to commit securities fraud, conspiracy to violate the Unlawful Internet Gambling Enforcement Act, conspiracy to commit wire fraud and bank fraud and aggravated identity theft. He's been accused of stealing more than 83 million customer records from JPMorgan Chase.

Tyurin is due in court on Sept. 23 to discuss a pending plea deal with prosecutors that has been months in the making, as Bloomberg has reported.

A Sept. 13 letter from the U.S. Attorney's Office for the Southern District of New York to Judge Alison J. Nathan says that Tyurin's plea agreement is meant to resolve two cases.

A Rule 20 transfer notice seeks to consolidate in Manhattan federal court two cases involving Tyurin in advance of his anticipated plea deal.

One is the office's "United States v. Andrei Tyurin," while the other is a case filed in Georgia federal court, "United States v. Gery Shalon et al." Both prosecutors and the defense team have agreed, under the Federal Rules of Criminal Procedure Rule 20 - "transfer for plea and sentence" - to transfer the Northern District of Georgia case to Manhattan federal court.

The terms of the proposed plea deal have yet to be revealed.

Wide-Ranging Alleged Crimes

Tyurin allegedly worked with a team that prosecutors say was led by three men: Gery Shalon, Joshua Samuel Aaron and Ziv Orenstein. They've been accused of running a wide-ranging criminal operation that included online gambling, stock manipulation and payment processing fraud.

The attacks collectively compromised the personal information of more than 100 million people, according to an indictment filed against Tyurin. He and his group are alleged to have collected hundreds of millions of dollars from fraud derived from the intrusions and other fraud.

The scale of the fraud was such that some media outlets, citing unnamed law enforcement sources, first reported - erroneously - that it appeared to have been state-sponsored, likely by Russia. But the FBI later stated that it was pursuing the case purely as a criminal matter.

Gang's Alleged Ringleader Based in Israel

The alleged overall ringleader of the scheme that Tyurin has been accused of assisting was Shalon, a Georgian national who emigrated to Israel with his parents when he was young.

Shalon was arrested at his home near Tel Aviv, Israel, in July 2015, after being charged by U.S. authorities with running a stock-manipulation scheme. He was extradited to the U.S. in 2016, as was Orenstein (see: Israel to Extradite Alleged Chase Hackers).

When the charges were filed, Maryland-born Aaron, who also goes by "Mike Shields," was living in Moscow. But he returned to the U.S. in December 2016, surrendering to authorities at JFK International Airport in New York (see: Third Alleged Hacker Arrested in Chase Breach).

All three have pleaded not guilty to the charges against them, which include securities fraud, wire fraud, market manipulation, identification document fraud, aggravated identity theft and money laundering. The charges collectively carry maximum prison sentences of more than 100 years.

In March, Bloomberg reported that Shalon appears to have been assisting the U.S. government in exchange for a potentially more lenient sentence.

According to the indictment against Shalon, he had personally stashed at least $100 million in Swiss bank accounts and had funds in other countries. Authorities say he and his co-defendants has been repatriating the funds to the U.S., Bloomberg reported, as part of their bid for leniency.

Financial Service Firms Hacked

Between 2007 and 2015, the group illegally traded pharmaceutical products as well as counterfeit and malicious software and as ran illegal online internet gambling operations, prosecutors allege.

Superseding indictment, filed in North Georgia federal court, names Gery Shalon, Joshua Samuel Aaron, Ziv Orenstein and Andrei Tyurin

Victims included more than 83 million customers of JPMorgan Chase, whose personal data was stolen in what prosecutors have said was the "largest theft of customer data from a U.S. financial institution in history" (see: Charges Announced in JPMorgan Chase Hack).

Other victims included customers of brokerage firms Fidelity Investments, E-Trade and Scott Trade, financial news company Dow Jones, as well as software development firms and a merchant risk intelligence company, among others.

The group's alleged schemes included running illegal online casinos, illegally trading in pharmaceutical products, selling counterfeit and malicious software, and perpetrating fake investment and stock advice as part of "pump-and-dump" schemes, according to the indictment. In some cases, the group allegedly bought outstanding shares and also persuaded others to buy certain stocks, causing share prices to rise, thus allegedly allowing the gang to sell their shares at a profit while others suffered losses.

Shalon has also been charged with helping to run Coin.mx, a cryptocurrency exchange that prosecutors allege he used for money laundering purposes (see: Bitcoin Exchange Crackdown: Two Employees Plead Guilty).


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.