Man arrested at JFK Airport over largest financial cyber hacking in US history

The headquarters of JP Morgan Chase on Park Avenue in New York.
The headquarters of JP Morgan Chase on Park Avenue in New York. PHOTO: AFP

NEW YORK (BLOOMBERG) - An American fugitive who is accused of conspiring to organise the largest known cyber attack on Wall Street arrived back home in the US from Russia, resolving months of negotiations at a moment of high tension over hacking between Moscow and Washington.

Joshua Aaron landed on Wednesday afternoon (Dec 14) in New York and was arrested at John F. Kennedy International Airport, according to the office of Manhattan US Attorney Preet Bharara. 

His arrest, after a commercial flight from Moscow, follows negotiations with US authorities from a migrant detention centre near the Russian capital for more than seven months, according to people who asked not to be identified because the information is private.

Aaron's attorney Ben Brafman said his client waved extradition and is in the US voluntarily. A spokesman for Russia's Interior Ministry, which is in charge of the migration centre, couldn't be reached by phone for comment.


Joshua Aaron landed on Dec 14, 2016, in New York and was arrested at John F. Kennedy International Airport. PHOTO: FBI

Aaron, a Maryland native, is expected to appear in before a federal judge in Manhattan on Thursday morning.

He and two Israelis are accused of orchestrating what the US attorney called "securities fraud on cyber steroids" from 2007 to mid-2015. They're implicated in stealing data from more than 100 million customers from companies including JPMorgan Chase & Co. and using that information to manipulate stocks and undertake other schemes that netted hundreds of millions of dollars.

"Joshua Samuel Aaron allegedly worked to hack into the networks of dozens of American companies, ultimately leading to the largest theft of personal information from US financial institutions ever," Mr Bharara said in a statement.

What remains unclear in the case is who conducted the actual attacks. Court documents filed in relation to the breaches link it to an unidentified Russian-speaking hacker, making it possible that Aaron may have information on the hacking to share with US investigators.

His arrival in the US comes as members of the security community and cyber investigators say Russia is behind efforts to hack the Democratic National Committee to sow confusion in the US election and attempt to disrupt the failed campaign of Democratic presidential candidate Hillary Clinton.

The events leading to Aaron's return came together abruptly this week, with the 32-year-old roused early this morning and dispatched to the airport, one of the people said.

IMMEDIATE ARREST

US authorities issued an arrest warrant for Aaron in July 2015, accusing him and co-defendants Gery Shalon and Ziv Orenstein of participating in a ring that extracted non-public information from financial corporations, processed payment information for fake pharmaceuticals and fake anti-virus software, falsified passports and took control of a New Jersey credit union.

The three used 75 companies and bank and brokerage accounts around the world to launder money, authorities allege. Israel extradited Shalon and Orenstein to the US in July 2016.

The case is said to be the largest financial cyber-hacking in the US.  

Aaron arrived in Moscow from Ukraine in May 2015, just weeks before the US unveiled charges against him and his co-defendants.

Moscow police detained Aaron a year later, after he failed to produce a valid passport during a midnight check at his apartment above the Beverly Hills Diner near downtown. In a statement to Russian prosecutors on the day of his detention, Aaron said he wasn't aware of the US arrest warrant and denied breaking any US laws.

On May 20, a Russian judge ordered Aaron deported and fined him 5,000 rubles (S$116) for violating the rules of his three-year visa, which requires holders to exit and re-enter the country every six months. A second judge rejected his appeal in June. Aaron was moved to a detention centre for illegal immigrants near Moscow.

Aaron, who attended Florida State University, was negotiating his return to the US in October, and talks between his lawyers and US officials were progressing, people familiar with the matter said at the time. 

He requested asylum and the sides discussed a possible plea deal, these people said. Aaron would be subject to immediate arrest under any deal paving the way for his return home, the people said.

Russia, which doesn't extradite its citizens or have an extradition treaty with the US, had offered to hand him over in exchange for a "reciprocal" act, but received no reply from the US Embassy, court transcripts show. He had presumably been free to leave Russia for a county of his choice. 

Aside from JPMorgan, companies that have confirmed being attacked in connection with Aaron's group include Fidelity Investments Ltd., E Trade Financial Corp., Scottrade Financial Services Inc. and Dow Jones & Co., a unit of News Corp.