Russian Gets 12 Years in Prison for Hacking US Financial Institutions, Publishers

A Russian hacker has been sentenced to 12 years in prison for computer intrusion, wire fraud, and bank fraud in connection with a massive computer hacking campaign that targeted JPMorgan Chase Bank, E*TRADE, Scottrade, The Wall Street Journal, and other American companies.

According to the allegations 37-year-old Andrei Tyurin pleaded guilty to, he engaged in an extensive computer hacking campaign from 2012 to mid-2015 against financial institutions, brokerage firms, and financial news publishers in the US. He was also responsible for the theft of personal information of more than 100 million customers of the victim companies.

The Justice Department said Tyurin’s hack of JPMorgan Chase Bank alone led to more than 80 million customers having their personal information stolen, and that he committed the crimes at the behest of his partner, Gery Shalon, and in furtherance of other criminal operations overseen and operated by Shalon and his co-conspirators.

“Andrei Tyurin played a major role in orchestrating and facilitating an international hacking campaign that included one of the largest thefts of US customer data from a single financial institution in history,” Acting US Attorney Audrey Strauss said in a statement. “Now Tyurin has been sentenced to 12 years in prison for his crimes.”

For more stories like this, sign up for the CIO Alert newsletter. 

According to the indictment against him, Tyurin also conducted cyberattacks against US and foreign companies from 2007 to mid-2015 to further various criminal enterprises operated by Shalon and his co-conspirators, including unlawful internet gambling businesses and international payment processors.

The Justice Department said that almost all of Shalon’s illegal businesses used Tyurin’s computer hacking campaigns, that Tyurin used computer infrastructure located in five continents that he controlled from his home in Moscow, and that he maintained persistent access over extended periods of time to the victims’ networks. When the hacking was eventually detected, Tyurin and Shalon worked to destroy the evidence of their crimes and hinder law enforcement efforts to identify and arrest them, according to the Justice Department.

Through the various criminal schemes, Tyurin, Shalon, and their co-conspirators obtained hundreds of millions of dollars in illicit proceeds, and Tyurin himself earned more than $19 million in profits from his hacking activity.

Tyurin pleaded guilty to one count of conspiracy to commit computer hacking, one count of wire fraud, one count of conspiracy to violate the Unlawful Internet Gambling Enforcement Act, and one count of conspiracy to commit wire fraud and bank fraud.

In addition to the 12-year prison term, the Tyurin was ordered to serve three years of supervised release, and to pay forfeiture of just over $19.2 million. Tyurin has been in US custody since he was extradited from Georgia in 2018.