The American Fugitive From the JPMorgan Hack Turns Up in a Russian Cellby and
American was detained in Moscow in May for violating visa
Two Israeli suspects were extradited to New York in July
The only American suspect named in the largest known hack of Wall Street is negotiating his return to the U.S. from a detention cell in Russia, where he’s no longer welcome, people familiar with the talks said.
Joshua Aaron, a Maryland native who attended Florida State University, has been held at a facility for illegal immigrants outside Moscow since failing to show police a valid passport during a midnight check at his apartment above the Beverly Hills Diner near downtown in May, court records show.
He and two Israelis are suspected of perpetrating what U.S. Attorney Preet Bharara called “securities fraud on cyber steroids” from 2007 to mid-2015. They’re accused of stealing data on more than 100 million customers from JPMorgan Chase & Co. and other companies, using it in schemes such as stock manipulation that generated hundreds of millions of dollars in illicit gains.
Along the way, members of the ring tried to extract nonpublic information from financial corporations, processed payment information for fake pharmaceuticals and fake anti-virus software, falsified passports and took control of a New Jersey credit union, prosecutors say. They used 75 companies and bank and brokerage accounts around the world to launder money, authorities allege.
But one mystery of the case has remained: While Aaron, 32, and the two Israelis are described as the architects of a global cyber criminal enterprise, the identity of the hacker behind it all has remained unknown.
Aaron’s frequent trips to Russia during the time the alleged schemes took place raises the possibility that he may have met in person with the hacker, who is believed to be Russian or Russian-speaking. His cooperation in the case could provide new insight into the country’s cyber underworld at a moment when U.S. officials are publicly accusing Russia of trying to destabilize the American elections with state-sponsored hacks.
A Russian judge on May 20 ordered Aaron deported and fined him 5,000 rubles ($80) for violating the rules of his three-year visa, which requires holders to exit and re-enter the country every six months. Aaron arrived via Ukraine on May 23, 2015 -- just weeks before the U.S. issued arrest warrants for him and co-defendants Gery Shalon and Ziv Orenstein. A second judge rejected his appeal of the deportation ruling in June 2016.
Aaron applied for a refugee status early June, according to court documents. The argument for the request was that he would be subject to a disproportionate punishment in the U.S., according to people with knowledge of the petition. Russian authorities declined the request and Aaron submitted an appeal that is still being reviewed, these people said.
In a statement to Russian prosecutors on the day of his detention, Aaron said he wasn’t aware of the arrest warrant issued about a year earlier and denied breaking any U.S. laws. Russia, which doesn’t extradite its citizens or have an extradition treaty with the U.S., offered to hand him over in exchange for a “reciprocal” act, but received no reply from the U.S. Embassy, according to court transcripts. He is presumably free to leave Russia for a county of his choice.
Talks between Aaron’s lawyers and U.S. officials are progressing and a deal paving the way for his return home, where he would be subject to immediate arrest, may be reached this month, the people familiar with the matter said.
Aaron’s parents, who live in Potomac, Maryland, didn’t respond to a request for comment and it’s not clear who is serving as Aaron’s lawyer in the U.S. Aaron declined to comment via his Moscow lawyer, Ashot Muradyan.
Russia has a history of sheltering alleged criminals actively sought by Washington, particularly now that disputes from Ukraine to Syria and U.S. accusations of Russian hacking have driven relations to a post-Cold War low.
Edward Snowden, the NSA whistle-blower who was lauded by President Vladimir Putin for disclosing mass surveillance programs, lives comfortably in Russia, as does Semion Mogilevich, who spent years on the FBI’s Ten Most Wanted list for being “the most dangerous mobster in the world.”
The U.S. Embassy in Moscow and James Margolin, a spokesman for the U.S. Attorney’s office in Manhattan, declined to comment, as did Russian Interior Ministry officials. Kelly Langmesser, a spokeswoman for the FBI in New York, said Aaron wasn’t presently in U.S. custody and declined to comment further.
Ilya Sachkov, head of Moscow-based cyberforensics firm Group-IB, called Aaron’s case particularly "strange," the first one he knows of involving a U.S. citizen accused of cybercrime who was then detained in Russia.
“Naturally, he is not alone, and his group most probably includes Russian citizens,” Sachkov said. "Putin and Obama agreed to cooperate against cybercriminals. This case doesn’t look like there is any cooperation."
While Russia may consider Aaron little more than a bit player in its contentious relationship with Washington, he may have substantial value for U.S. prosecutors, allowing them to push their case deeper into Russia’s underground. One court document identifies a co-conspirator in the scheme as “a computer hacker who is believed to have resided in Russia.” Two people familiar with the case say his identity is known to U.S. officials and describe him as highly skilled.
Aside from JPMorgan, companies that have confirmed being attacked by Aaron’s group include Fidelity Investments Ltd., E*Trade Financial Corp., Scottrade Financial Services Inc. and Dow Jones & Co., a unit of News Corp.
Aaron, who has been living in Russia with his Israeli wife, speaks only a few words of Russian. During his immigration proceedings, the court hired an interpreter for Aaron but he couldn’t translate "administrative code violation," according to people who were in the courtroom.
If Aaron does return to the U.S, he’ll join his alleged co-conspirators. Israeli authorities detained Shalon and Orenstein within a month of the arrest warrants being issued in the summer of 2015 and extradited them to New York this July.