Russian hacker pleads guilty in massive hacking scheme that targeted JPMorgan Chase

Cyber attacks on JPMorgan alone generated tens of millions of dollars for the hackers

Russian hacker Andrei Tyurin has pleaded guilty to involvement in a massive data theft that targeted several financial firms, including JPMorgan Chase.

Tyurin, who was successfully extradited to the US in September last year, pleaded guilty to six counts, including wire fraud, computer hacking, conspiracy, and illegal online gambling. He has also agreed to forfeit about $19 million as part of his plea bargain with US authorities. The figure was calculated based on the amount that his accomplices had agreed to pay Tyurin for his work.

In the US District Court in Manhattan, Tyurin confessed that he unlawfully collected personal information of thousands of people to locate potential victims for fake investment schemes.

According to prosecutors, Tyurin was involved in a massive hacking campaign from 2012 to mid-2015 that led to data breaches of nearly 100 million customers of the targeted US financial services firms.

Cyber attacks on JPMorgan Chase alone generated millions of dollars in illegitimate income for Tyurin and his co-conspirators.

In 2014, JPMorgan disclosed that hackers had infiltrated its systems and had stolen data associated with nearly 83 million customer accounts. Several other companies including Scottrade Inc, Dow Jones & Co, Fidelity Investments, and E-Trade Financial also said that they had fallen victim to cyber attacks carried out by criminals.

The scope of the hacks led US agencies to initially believe that the attacks were carried out by a state-backed group possibly with links to Russian government agencies.

In 2015, local agencies in Israel arrested businessman Gery Shalon at his home in a suburb of Tel Aviv. Shalon was said to be the mastermind behind the scheme. He had about $100 million in Swiss bank accounts at the time of his arrest. Shalon was extradited to the US in 2016.

According to prosecutors, Tyurin carried out the attacks at the direction of Shalon, who used the stolen information to promote a number of schemes, including securities frauds.

Based on the evidence collected by US agencies, Tyurin was indicted by a federal court in December 2017, although he remained at large until arrested in Georgia in September 2018. The Georgian authorities extradited him to the US in the same month.

Tyurin will be sentenced on 13 February by US District Judge Laura Swain. Charges against three other men, including Shalon, are still pending.

Tyurin faces the risk of a life-term in prison, although prosecutors are expected to recommend that he serve between 15 and 20 years behind bars. The final decision, however, will be up to the judge.