The U.S. Attorney's Office for the Southern District of New York recently announced the sentencing of Russian cybercriminal Andrei Tyurin.
Tyurin has been sentenced to 144 months in prison for "computer intrusion, wire fraud, bank fraud, and illegal online gambling offenses in connection with his involvement in a massive computer hacking campaign targeting U.S. financial institutions, brokerage firms, financial news publishers, and other American companies."
Three of Tyurin's co-conspirators have also been sentenced for committing the above crimes.
Russian hacker targeted U.S. victims
Acting U.S. Attorney Audrey Strauss weighed in the Tyurin case and how he carried out his crimes:
"From his home in Moscow, Andrei Tyurin played a major role in orchestrating and facilitating an international hacking campaign that included one of the largest thefts of U.S. customer data from a single financial institution in history, stealing the personal information of more than 80 million J.P. Morgan Chase customers. The conspiracy targeted major financial institutions, brokerage firms, news agencies, and other companies, and netted Tyurin over $19 million in criminal proceeds. Now Tyurin has been sentenced to 12 years in prison for his crimes."
Court filings show Tyurin was involved in an extensive computer hacking campaign that targeted financial institutions from 2012-2015. The targeted institutions include J.P. Morgan Chase Bank, E*Trade, Scottrade, and the Wall Street Journal, as well as others.
Tyurin was found to be responsible for stealing personal information of over 100 million customers of these institutions.
Tyurin was being directed by one of his co-conspirators, Gery Shalon, when they committed securities fraud schemes in the U.S. Here is an example of this from the Department of Justice:
"In an effort to artificially inflate the price of certain stocks publicly traded in the U.S., Shalon and his co-conspirators marketed the stocks in a deceptive and misleading manner to customers of the victim companies whose contact information Tyurin stole in the intrusions."
Additional crimes committed by Tyurin
From 2007 to 2015, Tyurin was also involved in cyberattacks against a number of U.S. and foreign companies at the direction of Shalon. Shalon, Tyurin, and their co-conspirators were mainly involved in unlawful internet gambling businesses and international payment processors.
Most of these illegal businesses they were running were a direct result of Tyurin's computer hacking campaigns. He targeted companies known to be used for their email marketing campaigns or competitor online casinos.
Another one of their targets was a merchant risk intelligence firm in the U.S. This was so Tyurin and his co-conspirators could "monitor the firm's efforts to audit potentially criminal online credit card transactions on behalf of major credit card networks, and thus avoid detection of their own criminal schemes."
The scope of Tyurin's computer hacking campaign was quite wide, as he used computer infrastructure across five continents that he controlled from Moscow. He was able to maintain persistent access over an extended period of time to his victim's networks.
As soon as his actions had been detected by authorities, he worked with his co-conspirators to destroy any incriminating evidence and undermine the efforts of U.S. law enforcement.
Tyurin earned over $19 million in profits through his efforts, and his group of co-conspirators collectively earned hundreds of millions of dollars.