EXTRADITION OF RUSSIAN HACKER RESPONSIBLE FOR MASSIVE NETWORK INTRUSIONS AT U.S. FINANCIAL INSTITUTIONS, U.S. BROKERAGE FIRMS, A MAJOR NEWS PUBLICATION, AND OTHER COMPANIES:

EXTRADITION OF RUSSIAN HACKER RESPONSIBLE FOR MASSIVE NETWORK INTRUSIONS AT U.S. FINANCIAL INSTITUTIONS, U.S. BROKERAGE FIRMS, A MAJOR NEWS PUBLICATION, AND OTHER COMPANIES:

(NEW YORK) Today the Secret Service, in coordination with the Federal Bureau of
Investigation and the U.S. Attorney’s Office announce the extradition of a Russian hacker
responsible for an extensive computer hacking campaign, including the largest theft of
consumer data from a U.S. financial institution in history. ANDREI TYURIN, a/k/a “Andrei
Tiurin,” was extradited from the country of Georgia. TYURIN was arrested by Georgian
authorities at the request of the United States for charges arising from his participation in a massive
computer hacking campaign targeting U.S. financial institutions, brokerage firms, financial news
publishers, and other American companies. The Secret Service would like to thank Assistant
Director in Charge of New York William F. Sweeney Jr. and District Attorney for the Southern
District of New York, Geoffrey S. Berman for their work on this case.
U.S. Secret Service Special Agent of the in Charge of the New York Field Office, David E.
Beach said, “This case represents the core of the U.S. Secret Service’s integrated mission to secure
our nation’s cyber related financial infrastructure and protect our nation’s leadership,” said Special
Agent in Charge David Beach. “The collaboration between the Secret Service New York Field
Office Electronic Crimes Task Force, FBI New York Field Office Cyber Division and our global
law enforcement partners demonstrates the commitment to combating cyber-enabled financial
crimes and ensuring those responsible are held accountable.”
FBI Assistant Director William F. Sweeney Jr. said, “Andrei Tyurin allegedly engaged in a
long-running effort to hack into the systems of U.S. based financial institutions, brokerage firms
and financial news publishers, all from the perceived safety of operating outside our borders. As
alleged, his illegal acts included the historically largest theft of customer data from a U.S. financial
institution. Today’s charges and extradition should serve as a lesson to all those who would
conspire to engage in similar activity that the FBI and our partners will continue to bring these
hackers to justice, regardless of where they may hide. I’d like to specifically thank our partners
with the United States Secret Service, whose collaboration was crucial to seeing this case to
fruition.”
Mr. Berman also praised the investigative work of the USSS and the FBI, and expressed his
sincere gratitude to the Chief Prosecutor General’s Office of Georgia and the Ministry of Justice of

Georgia for their support and assistance with the extradition proceedings. He also thanked the
Securities and Exchange Commission, Homeland Security Investigations, the Financial Industry
Regulatory Authority, the Office of International Affairs of the U.S. Department of Justice, and the
Financial Services Information Sharing and Analysis Center, which significantly aided the
investigation by facilitating information-sharing among the victim institutions.
Mr. Berman said, “Andrei Tyurin, a Russian national, is alleged to have participated in a
global hacking campaign that targeted major financial institutions, brokerage firms, news agencies,
and other companies. Tyurin’s alleged hacking activities were so prolific, they lay claim to the largest
theft of U.S. customer data from a single financial institution in history, accounting for a staggering
80 million-plus victims. As Americans increasingly turn to online banking, theft of online personal
information can cause devastating effects on their financial wellbeing, sometimes taking years to
recover. Today’s extradition marks a significant milestone for law enforcement in the fight against
cyber intrusions targeting our critical financial institutions.”
TYURIN, a Russian citizen, arrived in the Southern District of New York earlier today,
and will be presented this afternoon in Manhattan federal court before United States Magistrate
Judge Henry B. Pitman. TYURIN is expected to appear before United States District Judge Laura
Taylor Swain on September 25, 2018 at 2:00 PM.

According to the allegations contained in the superseding indictments unsealed today in
Manhattan federal court, other filings in this case, and statements made during court proceedings:
From approximately 2012 to mid-2015, TYURIN engaged in an extensive computer hacking
campaign targeting financial institutions, brokerage firms, and financial news publishers in the
United States, including the theft of personal information of over 100 million customers of the
victim companies. TYURIN’s hack of one financial institution headquartered in Manhattan
resulted in the theft of personal information of over 80 million customers, making it the largest
theft of customer data from a U.S. financial institution in history. TYURIN engaged in these
crimes at the direction of Shalon and in furtherance of other criminal schemes overseen and
operated by Shalon and his co-conspirators, including securities fraud schemes in the United
States. For example, in an effort artificially to inflate the price of certain stocks publicly traded in
the United States, Shalon and his co-conspirators marketed the stocks in a deceptive and
misleading manner to customers of the victim companies whose contact information TYURIN
stole in the intrusions.

In addition to the U.S. financial sector hacks, TYURIN also conducted cyberattacks against
numerous U.S. and foreign companies in furtherance of various criminal enterprises operated by
Shalon and his co-conspirators, including unlawful internet gambling businesses and international
payment processors. Nearly all of these illegal businesses, like the securities market manipulation
schemes, exploited the fruits of TYURIN’s computer hacking campaigns. Through these various
criminal schemes, TYURIN, Shalon, and their co-conspirators obtained hundreds of millions of
dollars in illicit proceeds.
TYURIN, 35, of Moscow, Russia, is charged with one count of conspiracy to commit
computer hacking, which carries a maximum prison term of five years; one count of wire fraud,
which carries a maximum prison term of 30 years; four counts of computer hacking, each of which
carries a maximum prison term of five years; one count of conspiracy to commit securities fraud,
which carries a maximum prison term of five years; one count of conspiracy to violate the Unlawful Internet Gambling Enforcement Act, which carries a maximum prison term of five
years; one count of conspiracy to commit wire fraud and bank fraud, which carries a maximum
prison term of 30 years; and aggravated identity theft, which carries a mandatory consecutive term
of imprisonment of two years.
The maximum potential sentences are prescribed by Congress and are provided here for
informational purposes only, as any sentencing of the defendant will be determined by Judge
Swain.
Shalon and Orenstein were arrested by Israeli authorities in July 2015 and were extradited from
Israel in June 2016. Aaron was arrested by United States authorities in December 2016. The cases
against Shalon, Aaron, and Orenstein remain pending.
The prosecution of this case is being overseen by the Office’s Complex Frauds and
Cybercrime Unit. Assistant U.S. Attorneys Eun Young Choi, Noah Solowiejczyk, and Sarah Lai
are in charge of the prosecution. Assistant U.S. Attorney Daniel Tracer is in charge of the
forfeiture aspects of the case.
The charges contained in the indictments are merely accusations and the defendants are
presumed innocent unless and until proven guilty.

September 7, 2018
CMR 48-18

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s