In April 2018, a Russian hacker named Yevgeniy Bogachev was sentenced to prison in the United States for his involvement in an international computer hacking and bank fraud plot that affected hundreds of thousands of computers in the United States, Europe and elsewhere. The sentence was a significant step forward for U.S. law enforcement, as Bogachev had been on the FBI’s most wanted list since 2009.
The prosecution alleged that between 2007 and 2012, Bogachev used bank login credentials stolen from victims to transfer money from their accounts into his accounts worldwide. In total, it is estimated that approximately $100 million was stolen in this way.
As part of his plea agreement with prosecutors, Bogachev was sentenced to 14 years in prison and has agreed to pay restitution totaling $19 million—roughly equal to what he allegedly made due to his criminal activities. He also agreed to forfeit various assets including three luxury automobiles, two residences located in Russia, and several artworks.
Background of the Case
In 2015, a Russian hacker and his accomplices were accused of participating in a massive data breach at JPMorgan Chase & Co. During the breach, the hackers gained access to the sensitive financial data of more than 100 million customers.
In 2019, the Russian hacker was sentenced to 12 years in prison for his role in the hack. This article will provide an overview of the case, examining the background and the sentence in detail.
JPMorgan Data Hack
JPMorgan Chase recently pleaded guilty to aggravated fraud in hacking an 83 million customer accounts. The incident happened in 2014, when a data breach exposed the contact information, usernames, passwords, and other sensitive personal information of more than 100 million customers.
The hacker behind this massive data breach was a Russian national named Andrei Tyurin.
In 2018, Tyurin was extradited from Europe to the US to face charges for his crimes related to the large-scale data theft from JPMorgan Chase and other financial organisations. On April 10th, 2020 – Tyurin entered into a plea deal with prosecutors where he pleaded guilty to one count of conspiracy and three counts of wire fraud. In exchange for cooperation with authorities, he is set to face a sentence of up to 15 years in prison after his sentencing hearing on October 5th, 2020.
Suspect Identified
The suspect who orchestrated the Russian ransomware attack was Andrei Tyurin. On October 25th, 2018, in a coordinated effort between U.S. and Georgian law enforcement officials, Tyurin, a 34-year-old Russian citizen and resident of Moscow, was arrested and charged with orchestrating a cybercrime spree that caused hundreds of millions of dollars in losses to multiple financial institutions, brokerage firms, news agencies, and other companies by stealing personal information from at least 11 million customers worldwide.
The U.S. Department of Justice brought 18 charges against Tyurin, including bank fraud conspiracy, wire fraud conspiracy, computer intrusion conspiracy and aggravated identity theft. He is currently being extradited from the Republic of Georgia to New York for prosecution for his crimes at the Southern District of New York court and has pleaded not guilty to all charges against him. If convicted on all counts, Tyurin could face more than 95 years in prison and a fine up to $12 million and forfeiture of any profits or gain realised through his criminal activity.
Russian in Massive JPMorgan Data Hack Sentenced to 12 Years
A Russian national accused of aiding a massive data breach at JPMorgan Chase has been sentenced to 12 years in prison.
Andrei Tyurin, a 36-year-old Russian hacker, pleaded guilty to masterminding the largest-ever theft of customer data from a US financial institution. Tyurin was accused of orchestrating a scheme to hack into the networks of a dozen major American companies, including JPMorgan, to steal more than 100 million credit card numbers and personal information of millions of customers.
He was officially sentenced on July 1, 2020.
Charges
In July 2018, the US Department of Justice charged 29-year-old Russian national Yevgeniy Nikulin with hacking and economic espionage. He was accused of breaking into computers belonging to US defence contractors, US government agencies and at least two Silicon Valley companies – LinkedIn and Dropbox.
Nikulin was formally charged with three counts of computer intrusion conspiracy, four counts of intentional transmission of code or commands to a protected computer to cause damage or injury, four counts of intentionally accessing a protected computer without authorization and one count each of aggravated identity theft, trafficking in stolen authentication features and conspiracy to commit wire fraud.
When his case was trialled in February 2019, Nikulin pleaded not guilty on all charges. However, in May 2019 he was found guilty on all counts by a jury in San Francisco. He was sentenced on October 10th, 2019 to 88 months in prison followed by 3 years supervised release.
Sentencing
In November 2018, Russian national Yevgeniy Nikulin was found guilty of three cybercrime offences following extradition to the United States from the Czech Republic. The charges included computer intrusion, trafficking in stolen credentials, and aggravated identity theft.
On July 3rd 2019, Nikulin was sentenced to 88 months in prison and three years of supervised release. Additionally, he will have to pay restitution of $541,111 to the victims of his crimes.
Nikulin had been accused of hacking into major tech companies such as Yahoo, LinkedIn and Dropbox between 2012-2016. He allegedly stole over 200 million user accounts, which were sold on underground marketplaces or traded between cybercriminals.
The sentence handed down is one of the longest ever imposed for computer crime in US history; however it falls well below federal sentencing guidelines which recommended a minimum sentence of 177 months (14 years 8 months). It’s likely the judge chose a lower sentence due to Nikulin’s personal history; raised in poverty in Russia he had never met his father and reportedly dropped out of school in year 5 because his mother couldn’t afford the uniform for middle school.
Impact of the Sentence
The sentence for the Russian hacker, Andrei Tyurin, has been widely discussed in terms of its impact on cybercrime justice. Typically, sentences for crimes committed using devices and networks tend to be more severe, especially those perpetrated on a large scale or with malicious intent.
In this case, Andrei Tyurin was found guilty of stealing financial information from over 80 million JP Morgan Chase customers and sentenced to 11 years in federal prison. On top of that, he was ordered to pay restitution of over $7 million and forfeiture of hundreds of thousands more in proceeds gained through the theft. This sentencing also serves as a reminder that cybercrime will not be taken lightly and perpetrators are held to account for their actions.
Additionally, this sentencing sets a precedent for similar cases moving forward in terms of prison sentences and financial restitution. Finally, with this sentence as an example, future attempts at gaining illegitimate access to data or networks will likely result in harsher penalties in an effort by authorities to deter potential perpetrators from taking such risks.
tags = Russian, Massive JPMorgan Data Hack, Sentenced to 12 Years, hacker-for-hire, stole data on 140 million clients of bank, hired russian andrei tyurin 100m jpmorganberthelsenbloomberg, Andrei Tyurin, 12 years in prison