A suspected Russian hacker was extradited Friday to the United States to face federal charges alleging he played a key role in massive hacks of consumer information from U.S. financial institutions, the Justice Department said.
Andrei Tyurin, 35, was arrested in the former Soviet republic of Georgia and arrived in New York on Friday. He was scheduled in the afternoon to make a brief appearance in federal court in Manhattan on an array of hacking-related charges, including allegations he participated in the largest cyber theft of consumer information from a U.S. financial institution in history: the heist in 2014 of personal information belonging to 80 million customers of JPMorgan Chase.
“Andrei Tyurin, a Russian national, is alleged to have participated in a global hacking campaign that targeted major financial institutions, brokerage firms, news agencies, and other companies,” Geoffrey Berman, the U.S. attorney for the Southern District of New York, said in a statement. “Tyurin’s alleged hacking activities were so prolific, they lay claim to the largest theft of U.S. customer data from a single financial institution in history, accounting for a staggering 80 million-plus victims.”
Berman called the arrest a “significant milestone for law enforcement in the fight against cyber intrusions targeting our critical financial institutions.”
The scam’s mastermind was Gery Shalon, an Israeli citizen who was extradited to face charges in the scheme in 2016, U.S. officials have said. Two others — Joshua Samuel Aaron, a U.S. citizen, and Ziv Orenstein, an Israeli — have also been charged in the case. No trial date has been set. An attorney for Tyurin could not be reached.
Working at the direction of Shalon, U.S. officials said, Tyurin engaged in an extensive computer hacking campaign from 2012 through 2015 that targeted banks and other financial institutions, brokerage firms and financial news publishers.
One of Shalon’s more lucrative scams, the officials said, involved artificially inflating the value of penny stocks and then duping investors into purchasing the shares through spam emails sent to addresses Tyurin had stolen.
Most of the allegations in the case were made public in 2015 with the indictments of Shalon and his alleged conspirators. It wasn’t clear whether the U.S. Secret Service or FBI would ever be able to catch the actual hacker. U.S. officials have faced obstacles in trying to capture Russians accused of cyber crimes. There is no extradition treaty with Moscow, and authorities often have to lure such suspects to third countries where they can be arrested. The circumstances surrounding Tyurin’s December 2017 capture in Georgia were not made public.