[BreachExchange] JPMorgan Hack Suspect Leaves Russia to Face U.S. Charges

[Inga Goddijn]

https://www.bloomberg.com/news/articles/2016-12-14/russia-said-to-send-jpmorgan-hack-suspect-back-home-to-u-s

An American fugitive who is accused of conspiring to organize the largest
known cyber attack on Wall Street arrived back home in the U.S. from
Russia, resolving months of negotiations at a moment of high tension over
hacking between Moscow and Washington.

Joshua Aaron pleaded not guilty in a Manhattan courtroom Wednesday evening
to 16 criminal counts, including hacking, securities fraud and conspiracy.
The most serious charges carry a possible sentence of as long as 20 years
in prison.

Aaron, 32, was taken into custody about 12:30 p.m. Wednesday at New York’s
John F. Kennedy International Airport, after arriving on a flight from
Moscow. His arrest follows negotiations with U.S. authorities from a
migrant detention center near the Russian capital for more than seven
months, according to people who asked not to be identified because the
information is private.

Aaron’s attorney, Ben Brafman, said his client waived extradition and is in
the U.S. voluntarily. A spokesman for Russia’s Interior Ministry, which is
in charge of the migration center, couldn’t be reached by phone for comment.

Aaron, a Maryland native, was ordered held without bail by U.S. Magistrate
Judge James Francis and is scheduled to appear in court again Thursday
morning.

Aaron and two Israelis are accused of orchestrating what Manhattan U.S.
Attorney Preet Bharara called “securities fraud on cyber steroids” from
2007 to mid-2015. They’re implicated in stealing data from more than 100
million customers from companies including JPMorgan Chase & Co.
<https://www.bloomberg.com/quote/JPM:US> and using that information to
manipulate stocks and undertake other schemes that netted hundreds of
millions of dollars.

“Joshua Samuel Aaron allegedly worked to hack into the networks of dozens
of American companies, ultimately leading to the largest theft of personal
information from U.S. financial institutions ever,” Bharara said in a
statement.
Unidentified Hacker

What remains unclear in the case is who conducted the actual attacks. Court
documents filed in relation to the breaches link it to an unidentified
Russian-speaking hacker, making it possible that Aaron may have information
on the hacking to share with U.S. investigators.

Aaron’s arrival comes as members of the U.S. security community and cyber
investigators say Russia is behind efforts to hack the Democratic National
Committee to sow confusion in elections and attempt to disrupt the failed
campaign of Democratic presidential candidate Hillary Clinton.

The events leading to Aaron’s return came together abruptly this week, with
the 32-year-old roused early this morning and dispatched to the airport,
one of the people said.

U.S. authorities issued
<http://www.bloomberg.com/news/articles/2015-07-21/fbi-israel-make-securities-fraud-arrests-tied-to-jpmorgan-hack>
an arrest warrant for Aaron in July 2015, accusing him and co-defendants
Gery Shalon and Ziv Orenstein of participating in a ring that extracted
nonpublic information from financial corporations, processed payment
information for fake pharmaceuticals and fake anti-virus software,
falsified passports and took control of a New Jersey credit union. The
three used 75 companies and bank and brokerage accounts around the world to
launder money, authorities allege. Israel extradited Shalon and Orenstein
to the U.S. in July 2016.

Aaron arrived in Moscow from Ukraine in May 2015, just weeks before the
U.S. unveiled charges against him and his co-defendants.

Moscow police detained Aaron a year later, after he failed to produce a
valid passport during a midnight check at his apartment above the Beverly
Hills Diner near downtown. In a statement to Russian prosecutors on the day
of his detention, Aaron said he wasn’t aware of the U.S. arrest warrant and
denied breaking any U.S. laws.

On May 20, a Russian judge ordered Aaron deported and fined him 5,000
rubles ($82) for violating the rules of his three-year visa, which requires
holders to exit and re-enter the country every six months. A second judge
rejected his appeal in June. Aaron was moved to a detention center for
illegal immigrants near Moscow.

Aaron, who attended Florida State University, was negotiating
<http://www.bloomberg.com/news/articles/2016-10-10/jpmorgan-hack-fugitive-said-to-seek-u-s-deal-from-russian-cell>
his return to the U.S. in October, and talks between his lawyers and U.S.
officials were progressing, people familiar with the matter said at the
time. The sides discussed a possible plea deal, these people said.

Russia, which doesn’t extradite its citizens or have an extradition treaty
with the U.S., had offered to hand him over in exchange for a “reciprocal”
act, but received no reply from the U.S. Embassy, court transcripts show.
He had presumably been free to leave Russia for a country of his choice.

Aside from JPMorgan, companies that have confirmed being attacked in
connection with the group linked to Aaron include Fidelity Investments Ltd.
<https://www.bloomberg.com/quote/FIIJ:JP>, E*Trade Financial Corp., Scottrade
Financial Services Inc. <https://www.bloomberg.com/quote/0454979D:US> and
Dow Jones & Co., a unit of News Corp.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161214/27a3f449/attachment.html>