Georgian Andrei Tyurin was allegedly part of the hacking ring that breached JPMorgan Chase and other US financial firms, making hundreds of millions from stolen data
US authorities have charded an extradited Russian man with taking part in a series of massive cyberattacks that targeted JPMorgan Chase and other US firms in the finance sector.
Andrei Tyurin was a key member of a gang that conducted “extensive hacking” from 2012 to 2015, US prosecutors said.
JPMorgan Chase was one of the most high-profile targets, disclosing in 2014 that about 83 million customer accounts had been accessed.
E*Trade Financial, Scottrade and Dow Jones & Co., the publishers of the Wall Street Journal, were amongst the others affected.
In total more than 100 million customers’ data was accessed, the office of US Attorney Geoffrey Berman in Manhattan said late on Friday.
Tyurin was arrested in Georgia at the request of US authorities and faces charges of wire and bank fraud and computer hacking, prosecutors said.
The gang of which Tyurin was allegedly a part used numerous technical tricks to gain access to targets’ systems, including the infamous Heartbleed bug, an issue with the widely used OpenSSL cryptography library that remained unpatched from 2012 to 2014 and is still believed to affect large numbers of devices.
Aside from directly accessing customers’ accounts, the group is believed to have used stolen contact information in order to artificially inflate the market value of companies in which members own shares.
Prosecutors said Tyurin and the other group members made hundreds of millions of dollars through these and other criminal schemes.
Tyurin is believed to be one of the last of the group members still at large, with four other men already having been arrested to face charges, including Israeli Gery Shalon, believed to be the scheme’s leader.
The most serious of the charges against Tyurin carry a maximum sentence of 30 years in prison.