A Russian citizen has been sentenced to 12 years in prison for his participation in a”massive” computer hacking effort that saw the theft of 100 million people’s data.
Russian hacker Andrei Tyurin, who helped attack J.P. Morgan Chase, among other businesses, has been sentenced to 12 years in prison and was handed a 144-month detention order with a New York courtroom yesterday for his part in the cybercrime operation against US financial institutions, brokerage firms, news publishers, and other targets.
Together with a group of co-conspirators, Tyurin played a”major role” in one of the largest thefts of fiscal information in US history, stealing the personal information of over 80 million JP Morgan Chase Bank clients.
Tyurin pled guilty in 2019 to the offense, which netted hundreds of millions of dollars and affected around 140 million clients, according to the prosecutors in the case.
Tyurin pleaded guilty to charges of computer intrusion, wire fraud, bank fraud, and illegal online gambling crimes, a statement in the US Department of Justice (DoJ) reads.
While he was originally facing 15 to 20 years, U.S. District Judge Hon. Laura Taylor Swain finally reduced his sentence due to the harsh treatment he’d received in Tbilisi, Georgia before being extradited to the U.S. There, he contracted COVID-19 while in custody.
From 2012 to mid-2015, Tyurin and others targeted JP Morgan, Scottrade, E-Trade, and the Wall Street Journal, stealing over 100 million customers’ data.
Tyruin used servers located across five continents, which he commanded from his home in Moscow, maintaining persistent access over extended periods to the victims’ networks, frequently refreshing the stolen data by repeatedly downloading information from these businesses.
The defendant, who the US court said participated in those crimes under the leadership of his spouse, Gery Shalon, also took part in other crimes involving fraud schemes, making him more than $19 million.
For instance, in an attempt to artificially inflate the price of certain stocks publicly traded in the US, Shalon and his co-conspirators promoted the shares deceptively and misleadingly to clients of the victim companies whose contact information Tyurin stole, said the DoJ.
Tyurin also ran cyber-attacks against numerous companies in the US and other countries, including unlawful online gambling businesses and international payment processors.
To avoid detection of the group’s criminal schemes, Tyurin targeted a retailer risk intelligence firm based in the US which was responsible for auditing potentially fraudulent online credit card transactions on behalf of major payment processing networks.
“Once his hacking activities were detected, Tyurin worked with Shalon to destroy the evidence of the criminal activity and undermine US law enforcement’s efforts to identify and detain them,” said the DoJ.
In addition to his 12-year sentence, Tyurin has been ordered to serve three years’ supervision upon his release and to repay the $19.2 million.
He has been in US custody since he was extradited by the nation of Georgia in September 2018 and will begin his sentence immediately.