Prosecutors charge Russian accused of hacking JP Morgan, Dow Jones

New York prosecutors have extradited a Russian hacker accused of breaking into JP Morgan, one of the world’s largest banking institutions. Moscow resident Andrei Tiurin, 35, was charged Friday after he was extradited from neighboring Georgia, with the theft of over 80 million records from the bank in 2014. The alleged hacker is said to have […]

New York prosecutors have extradited a Russian hacker accused of breaking into JP Morgan, one of the world’s largest banking institutions.

Moscow resident Andrei Tiurin, 35, was charged Friday after he was extradited from neighboring Georgia, with the theft of over 80 million records from the bank in 2014. The alleged hacker is said to have been under the direction of Gery Shalon, who was separately indicted a year later following the breach.

Tiurin was also charged wire and securities fraud, and aggravated identity theft, racking up the maximum possible prison time to over 80 years.

“Andrei Tyurin, a Russian national, is alleged to have participated in a global hacking campaign that targeted major financial institutions, brokerage firms, news agencies, and other companies,” said Manhattan U.S. attorney Geoffrey Berman in remarks.

Although the indictment did not name the New York-based financial news agency, The Wall Street Journal previously reported the victim as its parent company Dow Jones, following the following the first round of charges in 2015.

The hackers allegedly targeted other firms, including an unnamed Boston, Mass.-based mutual fund and online stock brokerage firm. The indictment said that the hackers exploited the “Heartbleed” vulnerability — a known flaw in the widely used OpenSSL cryptographic library — to gain a foothold into the institution’s network.

Tiurin was also accused of trying to artificially inflate the “price of certain stocks publicly traded in the United States,” and obtained “hundreds of millions of dollars in illicit proceeds” from various hacking campaigns.

“Today’s extradition marks a significant milestone for law enforcement in the fight against cyber intrusions targeting our critical financial institutions,” said Berman.

Dow Jones declined to comment. JP Morgan did not immediately respond to a request for comment.

Firefox now supports the newest internet security protocol

Last Friday, the Internet Engineering Task Force released the final version of TLS 1.3. This is a major update to TLS 1.2, the security protocol that secures much of the web by, among other things, providing the layer that handles the encryption of every HTTPS connection. The updated spec promises improved security and a bit […]

Last Friday, the Internet Engineering Task Force released the final version of TLS 1.3. This is a major update to TLS 1.2, the security protocol that secures much of the web by, among other things, providing the layer that handles the encryption of every HTTPS connection.

The updated spec promises improved security and a bit more speed, thanks to the reduced need for round trips as the browser and server negotiate the security settings. And the good news is, you can already use it today, because, as Mozilla today announced, Firefox already supports the new standard out of the box. Chrome, too, started supporting the new protocol (based on earlier drafts) in version 65.

TLS 1.3 has been a few years in the making and it’s been 10 years since the last version launched. It’s no secret that TLS 1.2 had its share of problems — though those were mostly due to its implementations, which are obviously a favorite target for hackers thanks to their ubiquity and which opened up bugs like the infamous Heartbleed vulnerability. But in addition to that, some of the algorithms that are part of TLS 1.2 have been successfully attacked.

It’s no surprise, then, that TLS 1.3 focuses on providing access to modern cryptographic methods (the folks over at Cloudflare have a more in-depth look at what exactly that means).

For users, all of this ideally means that they get access to a more secure web, as well as a slightly faster one, as the new protocol allows the browser and server to quickly negotiate which encryption to use without lots of back and forth.

Some of the companies that already support TLS 1.3 include Facebook (which says that it already serves almost half of its traffic over the new protocol), as well as Google and Cloudflare.