The United States extradicted Andrei Tyurin, a 35-year old hacker tied to the Affactive, RevenueJet, Milore Limited, and NetAd Management online casino scam sites. U.S. law enforcement officials also believe Andrei Tyurin is tied to the 2014 cyber-attack on JPMorgan-Chase and other U.S. financial institutions.
Andrei Tyurin is the fourth man charged by US officials in the JPMorgan-Chase case, along with Gery Shalon, Ziv Orenstein, and Joshua Samuel Aron. The JPMorgan-Chase hack is the largest ever cyber-attack on US financial institutions.
The hackers targeted 76 million individual bank accounts and 7 million business accounts in the United States. When it happened, the attack was so sophisticated and wide-ranging that the FBI believed the hack was state-sponsored.
They quickly realized the case was tied to a pump-and-dump scheme to make hundreds of millions of dollars off a stock market scam. By that time, they were aware of a network of global scam artists based in Israel, the United States, and Russia.
Affactive Media and RevenueJet
The Affactive, RevenueJet, and NetAd Management scams were not a major part of the investigation, though those scams made their perpetrators an estimated $75 million a month in revenues. The online casinos long had been considered rogue sites by those who review the US online casino industry.
From 2010 to 2014, one or another of Gery Shalon and Ziv Orenstein’s websites were rated “Worst of the Year” by the CasinoMeister online casino review website. The reviewers did not know that, behind the scenes, all of the websites involved were owned by the same gaming group.
Andrei Tyurin: Russian Hacker
The government of former Soviet Union republic of Georgia extradited Tyurin to the United States. The hacker is a native of Moscow, Russia, but was detained by the Georgian government earlier this year.
Tyurin’s role in the criminal network was to hack thousands of abandoned or lightly-used WordPress blogs. Tyurin would put code in these blogs which pointed links to the Affactive Media and RevenueJet online casinos.
NetAd Management to RevenueJet
The scams came in two waves: the NetAd Management and the RevenueJet/Affactive Media phases. In the initial wave of scam sites, players reported up to 10 online casinos which eventually were blacklisted or declared rogue: Win Palace Casino, Casino Titan, Begado Casino, Grand Macau Casino, Jackpot Grand Casino, Golden Cherry Casino, Slots of Fortune, Slots Jungle Casino, WinpalacePlay, and Grand Macau Live Dealer Casino.
Within several years, those sites were well known to scam players. Many paid out winnings at a slow pace ($500 a week), while using terms and conditions to avoid paying at all. Other players found evidence that progressive jackpots never hit, while Rome Casino claimed the owners of NetAd Management hacked their site (highly likely after future evidence was discovered).
When the original sites were discovered, Gery Shalon and Ziv Orenstein simply launched the RevenueJet affiliate program and the Affactive Media online casinos: Loco Panda Casino, OnBling Casino, Classy Coin Casino, Grand Parker Casino (RTG), and Grand Parent Casino (TopGame Technology). This began the scam process all over, made worse because the same players scammed by NetAd Management remained in Shalon and Orenstein’s database.
July 2014 JPMorgan Chase Cyber-Attack
Scamming players of $75 million a month was not enough for the men. Eventually, Gery Shalon contacted Joshua Aron about a much bigger crime: hacking JPMorgan Chase, the largest US banking institution. Emails showed that the two men were concerned about US law enforcement’s ability to extradite hackers, but they eventually determined the US would never be able to extradite hackers from Israel.
From their seeming safe haven in an affluent Tel Aviv suburb, the men planned to hack JPMorgan Chase and up to 10 other American financial institutions. Using the technical expertise of Andrei Tyurin, they hacked JPMorgan Chase’s data banks at a time they were changing from one set of security consultants to another.
Weeks later in August 2014, JPMorgan Chase’s security spotted the hack and alerted the FBI, the Securities & Exchange Commission (SEC), and FinCEN. US officials believe the Russian Federation was behind the hack at first, because the attack derived from Moscow and it was only months after Russian invasion/annexation of Crimea and a wave of economic sanctions against Russia.
JPMorgan Chase Investigation
FBI experts in cyber-attacks quickly learned they were dealing with civilian hackers — men concerned about using US bank account information to back a pump-and-dump scheme. In a pump-and-dump, penny stocks are touted by seemingly respected individuals or institutions, raising the price of the stock. Then the scam artists sell at an inflated price, making possibly billions of dollars.
The fatal flaw in the plan was how ambitious it was. US authorities do not have the time, resources, and willpower to track down online casino scam artists. When the biggest financial institution in the US private sector is targeted, FBI officials are going to track down the culprits 100% of the time.
July 2015 Arrests
Even when officials determine the men behind the crime are minor figures, they will not stop until those men are extradited. On or around July 24, 2015, the FBI arrested a man, Anthony Murgio, who was old college buddies and sometime conspirator with Joshua Aron, in Florida.
Meanwhile, Israeli police arrested Gery Shalon and Ziv Orenstein in Tel Aviv. The two men were extradited from Israel to the United States in November of 2015 and have faced trial. On May 22, 2017, Gery Shalon signed an agreement with the Israeli Ministry of Justice and the US Securities and Exchange Commission (SEC) to pay a $403 million in restitution. US online gamblers can be certain that was money scammed from gamblers like themselves.
At the same time of the initial arrests, officials seized the domains of various Affactive Media, NetAd Management, and RevenueJet websites. Revenues were seized, along with a parent company, Milore Limited. Affiliate marketers were told their funds were seized at the same time.
By that time, Joshua Aron had fled to Eastern Europe, while Andrei Tyurin was safe in Russia. In December 2016, the FBI arrested Joshua Aron of Maryland at John F. Kennedy International Airport in New York City as he departed a flight from Moscow. That left only Andrei Tyurin, who was extradicted this week.