Andrei Tyurin played ‘major’ role in operation targeting JP Morgan Chase Bank, Wall Street Journal, and others

Russian cybercriminal sentenced to 12 years for 'massive hacking campaign' impacting 100 million US citizens

A Russian citizen has been sentenced to 12 years in prison for his involvement in a “massive” computer hacking campaign that saw the theft of 100 million individuals’ data.

Andrei Tyurin, 37, of Moscow, was handed a 144-month detention order by a New York court yesterday for his part in the cybercrime operation against US financial institutions, brokerage firms, news publishers, and other targets.

Together with a team of co-conspirators, Tyurin played a “major role” in one of the biggest thefts of financial data in US history, stealing the personal information of more than 80 million JP Morgan Chase Bank customers.

Tyurin pleaded guilty to charges of computer intrusion, wire fraud, bank fraud, and illegal online gambling offenses, a statement from the US Department of Justice (DoJ) reads.

Financial targets

From 2012 to mid-2015, Tyurin and others targeted JP Morgan, Scottrade, E Trade, and the Wall Street Journal, stealing more than 100 million customers’ personal data.

Tyruin used servers located across five continents, which he controlled from his home in Moscow, maintaining persistent access over extended periods of time to the victims’ networks, regularly refreshing the stolen data by repeatedly downloading information from these companies.

The defendant, who the US court said engaged in these crimes under the direction of his partner, Gery Shalon, also took part in other crimes including fraud schemes, earning him more than $19 million.

Read more of the latest cybercrime news

For example, in an effort to artificially inflate the price of certain stocks publicly traded in the US, Shalon and his co-conspirators marketed the stocks in a deceptive and misleading manner to customers of the victim companies whose contact information Tyurin stole, said the DoJ.

Tyurin also conducted cyber-attacks against numerous companies in the US and other countries, including unlawful internet gambling businesses and international payment processors.

To avoid detection of the group’s criminal schemes, Tyurin targeted a merchant risk intelligence firm based in the US that was responsible for auditing potentially fraudulent online credit card transactions on behalf of major payment processing networks.

Payback time

“Once his hacking activities were detected, Tyurin worked with Shalon to destroy the evidence of their criminal activity and undermine US law enforcement’s efforts to identify and arrest them,” said the DoJ.

In addition to his 12-year sentence, Tyurin was ordered to serve three years’ supervision upon his release, and to pay back the $19.2 million.

He has been in US custody since he was extradited from the country of Georgia in September 2018 and will begin his sentence immediately.

YOU MAY ALSO LIKE US court order brings down the shutters on tech support scam impacting the elderly