US Extradites Russian Hacker Connected to Affactive/Netad Management Scam Sites

Cybersecurity, computer hacker with hoodie and obscured face, computer code overlaying image

The United States has successfully extradited from Georgia a long-wanted Russian hacker, Andrei Tyurin, a member of the international criminal ring behind fraudulent online-gambling operations conducted under the Affactive, RevenueJet, and Netad Management names.

The office of the attorney for the Southern District of New York has announced the extradition of Andrei Tyurin, a Russian national long sought in connection with major hacking operations that included promoting a family of fraudulent online gambling operations last operated under the Netad Management brand.

Tyurin, 35, a resident of Moscow, is alleged to be the central computer hacker behind the multinational ring responsible for the largest-ever theft of data from an American-based financial securities company, JPMorgan. However, Tyurin and the people he worked for also engineered numerous crimes involved with online gambling as part of a ring originally known as Affactive. It was later known as RevenueJet, and still later launched a string of failed online sites operated under the Netad Management name.

Tyurin’s role, according to the New York complaint, included hacking thousands of lightly used or abandoned WordPress blogs. The blogs were then infected with source code that successfully compromised Google’s web-search algorithms, flooding Google’s top-level results for gambling-related search terms with links to the fraudulent Netad sites. Thousands of unwitting online gamblers were thus induced to gamble on the sites, which were notorious for not paying out withdrawals made by their players, and which were soon labeled as scam sites by several online-review listings.

Hacker charged under US’s UIGEA

Tyurin was arrested by authorities in the eastern European country of Georgia by request of the New York US Attorney’s Office and was delivered to US jurisdiction on Friday, September 7. Tyurin was arraigned later the same day and will face a formal indictment hearing on September 25.

According to a USAG statement, Tyurin was charged with one count of conspiracy to violate the Unlawful Internet Gambling Enforcement Act (UIGEA), which carries a maximum prison term of five years. The extensive WordPress hacking directly benefited the Netad Management sites, which operated in direct violation of US law. The statement noted: “In addition to the U.S. financial sector hacks, TYURIN also conducted cyberattacks against numerous US and foreign companies in furtherance of various criminal enterprises operated by [Gery] Shalon and his co-conspirators, including unlawful internet gambling businesses and international payment processors.”

However, Tyurin was charged with much more than the hacking supporting the bogus Netad Management sites, which folded in 2015. His activities targeting several large securities firms including JPMorgan were described as the “most prolific” extended hacking attack in US history.

Tyurin faces a lengthy list of felony charges. In addition to the UIGEA violation and its maximum five-year sentence, Tyurin was charged with:

  • One count of conspiracy to commit computer hacking (maximum prison term of five years)
  • One count of wire fraud (maximum prison term of 30 years)
  • Four counts of computer hacking (maximum prison term of five years for each)
  • One count of conspiracy to commit securities fraud (maximum prison term of five years)
  • One count of conspiracy to commit wire fraud and bank fraud (maximum prison term of 30 years)
  • One count of identity theft (mandatory consecutive sentence of two years).

Fourth arrest linked to Netad Management scams

Tyurin is the fourth individual connected with the Netad Management scam sites and the financial-services data thefts to face US justice. Ringleaders Gery Shalon, Zvi Orenstein, and Joshua Samuel Aaron were all indicted in 2015, though it took several months for the three men to be extradited to the US to face the charges. The online-gambling operations alone were asserted to have brought the group hundreds of millions of dollars in fraudulent profits. In 2016, Shalon (generally recognized as the group’s ringleader) agreed to pay a massive $403m (£312m) fine and was sentenced to the prison time he had already served.

The indictment against the group’s leaders also caused the collapse of at least ten fraudulent online gambling sites operated under the Netad Management banner. Those sites included: Win Palace Casino, Casino Titan, Slots Jungle Casino, Jackpot Grand Casino, Golden Cherry Casino, Slots of Fortune, Begado Casino, Grand Macau Casino, Grand Macau Live Dealer Casino, and WinpalacePlay.

Five other fraudulent sites connected to RevenueJet and a shadowy ownership entity known as Milore Limited folded in the wake of the 2015 indictments of the group’s leaders. Those Milore sites included Grand Parker Casino-RealTime Gaming, Loco Panda Casino, OnBling Casino, Classy Coin Casino, and Grand Parker Casino-TopGame. Unfortunately, like the Netad sites, they disappeared with little trace, leaving their customers with no way to recover their deposited funds.