Mystery JPMorgan Hacker Is in U.S. Hands. What Does He Know?

September 8, 2018, 4:32 PM UTC

The mystery figure behind what prosecutors call the biggest financial hack of all time is now in U.S. custody.

Andrei Tyurin, a Russian citizen who is alleged to have performed key cyber-work in a hack of JPMorgan Chase & Co. and about a dozen other companies, was extradited to New York on Friday from the republic of Georgia. It was the unlikely culmination of a years-long hunt by U.S. authorities, who had closely tracked a hacker they said led cyber breaches of financial firms that fed an array of activities including securities fraud, money laundering, credit-card fraud and fake pharmaceuticals.

Federal authorities in New York laid out most of those details three years ago when describing a breach of a swath of the financial system that created more than 80 million victims. Other targeted companies include Fidelity Investments, Dow Jones & Co., E*Trade Financial Corp. and Scottrade Financial Services Inc.

What the earlier court filings didn’t disclose was the identity of the central hacker — revealed finally in an unsealed indictment on Friday as Tyurin. Moments after the jet carrying Tyurin, 35, touched down at New York’s Stewart International Airport at 1:44 p.m., prosecutors called his extradition a “significant milestone” in the fight against hacking.

Tyurin appeared in Manhattan federal court on Friday afternoon in a white T-shirt, black pants and sneakers, pleading not guilty to charges of conspiracy, computer hacking, identity theft and wire fraud. His lawyer, Florian Miedel, declined to comment.

With others in the JPMorgan hacking case cooperating with authorities, Tyurin may need to decide whether to cut a deal or face prosecution, an unexpected turn for a suspect that few believed would be handed over to the U.S. His deep web of contacts in the criminal underground could make him useful in a wide range of investigations, including the hacking of the 2016 presidential election.

Two-Track Hacks

In previous prosecutions, U.S. authorities have alleged that Russian hackers have worked on dual tracks — profiting from criminal hacking, while also providing valuable information to their Russian minders.

In the JPMorgan matter, American spy agencies suspected there had been attempts by Russian intelligence to recruit Tyurin and had provided evidence of those efforts to the Federal Bureau of Investigation, according to person with knowledge of the probe. The hacker also appeared to do an extensive reconnaissance of bank systems and undertook other activity not strictly related to Shalon’s stock scheme.

That activity and other clues led some security officials at JPMorgan to fear that the hacker might also be providing information on the the firm’s vulnerabilities to Russian intelligence agencies. The FBI concluded this was a strictly criminal endeavor, the person said.

Tyurin was wanted for extradition by the U.S. as well as Russia, according to Nino Kvatadze, a spokeswoman for the Georgian prosecutor’s office. The matter went before a Georgian court, she said.

Tyurin was detained in December by Georgian authorities while entering Tbilisi International Airport, police said. He was unaware he was a wanted man. At his client’s instruction he said, Tyurin’s Tblisi lawyer, Pavle Abaidze, also declined to comment.

He is one of several Russian hackers sought by the U.S. over Russia’s objection. This week, Greece’s supreme court heard arguments over whether to extradite Alexander Vinnik, a Russian accused of cybercrimes in the U.S., France and Russia. Vinnik allegedly oversaw a bitcoin exchange used by Russian government hackers accused of stealing Democrats’ emails.

Scheme’s Mastermind

In the financial firms’ hack, Tyurin allegedly worked in concert with Gery Shalon, an Israeli who the U.S. accuse of masterminding the scheme. From 2012 to 2015, according to prosecutors, Tyurin purloined personal information about more than 100 million of the firms’ clients by infiltrating corporate computer networks, locating customer databases and exporting profile information to computers overseas.

The information from the hacks was used in stock manipulation, Internet gambling, credit-card fraud and bitcoin money laundering, prosecutors say, allegedly generating hundreds of millions of dollars in illicit proceeds.

Shalon was arrested in Israel in 2015 and shipped to the U.S. the next year. Several other figures in the case have either pleaded guilty or were convicted after trial. But more than two years later, U.S. authorities haven’t brought Shalon to trial in the matter, signaling that he may be cooperating with U.S. authorities.