Russian Hacker Pleads Guilty to Huge Data Thefts From JPMorgan, Others

(Bloomberg) -- A Russian hacker admitted Monday that he executed the largest known cyber-attack against a U.S. bank, pleading guilty to charges that he stole data on more than 80 million clients of JPMorgan Chase & Co. and other institutions that netted hundreds of millions of dollars in ill-gotten gains.

The hacker, Andrei Tyurin, 36, was accused of stealing customer information from 12 financial news companies, banks and other financial firms, including Fidelity Investments, E-Trade Financial and Dow Jones & Co. His co-conspirators used the information to ply customers with spam emails promoting stocks, hoping to cash out at higher prices, the government has said.

Tyurin, who was apprehended last year in the Republic of Georgia and extradited to the U.S., pleaded guilty to charges of conspiracy, wire fraud, illegal online gambling and computer hacking. As part of the deal with prosecutors, the government will recommend that he serve 15 to 20 years behind bars, though the final decision on his sentence will be up to the judge.

Tyurin’s plea before U.S. District Judge Laura Taylor Swain in Manhattan, which was expected, brings U.S. authorities a step closer to closing the book on the devastating series of attacks on the financial system from 2012 to 2015.

The enterprise extended to all manner of other illicit digital activity, including identity theft and online sales of counterfeit pharmaceuticals and malicious software, as well as hiding the true source of the proceeds to launder the money through bank accounts, prosecutors said. Some of the money was laundered through a Bitcoin exchange.

The case of the accused mastermind of the scheme, Gery Shalon, hasn’t been resolved. People familiar with the case have said he is cooperating with authorities. Several other defendants in a related case either pleaded guilty or were convicted after a trial.

There was no indication in Monday’s hearing that Tyurin is cooperating. The stiff prison sentence proposed by prosecutors suggests he may not be, because prosecutors typically ask for lenience for defendants who provide useful information.

Appearing in court in blue prison garb, his hair cropped close and his legs shackled at the ankles, Tyurin spoke entirely in Russian through an interpreter, including a lengthy series of “nyets” and “das” in response to questions from the judge. He agreed to forfeit more than $19 million, which was calculated based on the amount he and his co-conspirators agreed he would be paid for his work, prosecutor Eun Young Choi said during the hearing.

“I pleaded guilty to those counts because I am in fact guilty,” he told Swain through the interpreter. He’s scheduled to be sentenced on Feb. 13.

In building their case against Tyurin, prosecutors amassed more than 3,000 pages of digital chats between him and his co-conspirators, primarily in Russian. They also recovered evidence from electronic devices seized from other defendants after they were arrested in Israel, as well as data from the companies documenting the intrusion into their networks.

Tyurin was charged in a sealed indictment in 2015, but he remained at large until his apprehension in Georgia and September 2018 extradition to the U.S.

Court filings show that Tyurin agreed to plead guilty a month ago and that he had been in negotiations with the government since the spring. He has been held at the federal jail in lower Manhattan since his extradition to the U.S.

The scope and sophistication of the hacks in the case led U.S. authorities to initially suspect it was a state-sponsored cyberattack, with potential ties to Russian intelligence. But they ultimately concluded it was the work of an independent criminal enterprise, despite evidence possessed by U.S. intelligence agencies that Russia sought to recruit the hacker. Georgian authorities also said Moscow sought to have Tyurin returned to Russia after his initial arrest, to no avail.

Tyurin was the hacking genius at the keys, working with Shalon, an Israeli businessman who was arrested at his home in 2015 in a suburb of Tel Aviv. Shalon was extradited to the U.S. in 2016, but the status of the case against him is shrouded in mystery.

Shalon hasn’t appeared in court in more than three years, and hearings in his case have been rescheduled repeatedly. The federal prison registry has no record of his incarceration. What Shalon’s cooperation could yield isn’t precisely known, but it could potentially illuminate links between Russia’s cyber criminals, spy agencies and international crime networks.

Shalon had $100 million in Swiss bank accounts at the time of his arrest, and court filings show he agreed to repatriate hundreds of millions more stashed in bank accounts in Switzerland, Georgia, Cyprus, Luxembourg and Latvia.

EARLIER:

• Mystery JPMorgan Hacker Is in U.S. Hands. What Does He Know?
• JPMorgan Hack Suspect Is Said to Aid U.S. in Bid for Leniency
• Digital Don Accused of Hacks at JPMorgan, Dow Jones Over 8 Years

(A previous version corrected the scope of the hack to the largest known attack on a U.S. bank.)

To contact the reporter on this story: Christian Berthelsen in New York at cberthelsen1@bloomberg.net

To contact the editors responsible for this story: Jeffrey D Grocott at jgrocott2@bloomberg.net, David S. Joachim

©2019 Bloomberg L.P.