A U.S. federal judge on Thursday sentenced Andrei Tyurin, a 37-year-old Russian man, to 12 years in prison for his role in a hacking scheme that prosecutors say involved the theft of personal data from over 100 million customers of big U.S. financial firms.
The brazen hacking operation, which ran from 2012 to 2015, is one of the biggest to hit Wall Street in recent memory. It involved Tyurin allegedly working with an Israeli man named Gery Shalon, among others, to breach big-name companies like JPMorgan Chase, ETrade and The Wall Street Journal. The scammers then sought to inflate stock prices by marketing them to people whose data they had stolen.
Tyurin’s breach of JPMorgan Chase alone saw data on 80 million customers stolen, according to prosecutors. The Russian man made $19 million altogether from the hacking, the Justice Department said in a statement.
The case is a win for U.S. law enforcement officials who look for opportunities to arrest and extradite alleged cybercriminals once they leave Russia, which does not have an extradition agreement with the U.S. Tyurin was extradited from the Republic of Georgia in 2018. Shalon was arrested in Israel in 2015 and extradited to the U.S. in 2016, but his case has yet to come to trial.
Tyurin pleaded guilty in September to carrying out wire and bank fraud, computer intrusions and illegal online gambling.
“From his home in Moscow, Andrei Tyurin played a major role in orchestrating and facilitating an international hacking campaign that included one of the largest thefts of U.S. customer data from a single financial institution in history,” Audrey Strauss, the acting U.S. Attorney for the Southern District of New York, said in a statement on Thursday.
The prosecution of Tyurin is part of a long-running effort by U.S. law enforcement agencies to dismantle lucrative cybercriminal rings. U.S. and European agencies in October cracked down on QQAAZZ, a gang that has allegedly laundered millions of dollars for criminal hackers, by announcing charges against 14 of its members.
The crackdowns, while significant, will only go so far in putting a dent in cybercriminal schemes that, according to one study, cost the global economy hundreds of billions of dollars a year.