Russian authorities have handed over an American fugitive who the U.S. accuses of conspiring to organize the largest known cyber attack on Wall Street, according to people familiar with the matter, resolving months of negotiations at a moment of high tension over hacking between Moscow and Washington.
Joshua Aaron, a Maryland native, was put aboard a commercial flight from Moscow to New York on Wednesday after negotiating with U.S. authorities from a migrant detention center near the Russian capital for more than seven months, according to the people, who asked not to be identified because the information is private.
Aaron and two Israelis are accused of orchestrating what U.S. Attorney Preet Bharara in Manhattan called “securities fraud on cyber steroids” from 2007 to mid-2015. They’re implicated in stealing data from more than 100 million customers from companies including JPMorgan Chase & Co. and using that information to manipulate stocks and undertake other schemes that netted hundreds of millions of dollars.
What remains unclear in the case is who conducted the actual attacks. Court documents filed in relation to the breaches link it to an unidentified Russian-speaking hacker, making it possible that Aaron may have information on the hacking to share with U.S. investigators.
A spokesman for Russia’s Interior Ministry, which is in charge of the migration center, couldn’t be reached by phone for comment. Dawn Dearden, a spokeswoman for Bharara, declined to comment.
Aaron’s arrival in the U.S. comes as members of the U.S. security community and cyber investigators say Russia is behind efforts to hack the Democratic National Committee to sow confusion in the U.S. election and attempt to disrupt the failed campaign of Democratic presidential candidate Hillary Clinton.
The decision to send Aaron to the U.S. seemed to have come abruptly this week, with Aaron roused early this morning and dispatched to the airport, one of the people said. Aeroflot’s SU100, the only direct flight between Moscow and New York on Wednesday, left Russia in the morning and was due to arrive at John F. Kennedy International Airport after 1:30 p.m. local time.
U.S. authorities issued an arrest warrant for Aaron in July 2015, accusing him and co-defendants Gery Shalon and Ziv Orenstein of participating in a ring that extracted nonpublic information from financial corporations, processing payment information for fake pharmaceuticals and fake anti-virus software, falsifying passports and taking control of a New Jersey credit union. The three used 75 companies and bank and brokerage accounts around the world to launder money, authorities allege. Israel extradited Shalon and Orenstein to the U.S. in July 2016.
Aaron arrived in Moscow from Ukraine in May 2015, just weeks before the U.S. unveiled charges against him.
Moscow police detained Aaron a year later after he failed to produce a valid passport during a midnight check at his apartment above the Beverly Hills Diner near downtown. In a statement to Russian prosecutors on the day of his detention, Aaron said he wasn’t aware of the arrest warrant issued about a year earlier and denied breaking any U.S. laws.
A Russian judge ordered Aaron deported and fined him 5,000 rubles ($82) for violating the rules of his three-year visa, which requires holders to exit and re-enter the country every six months. A second judge rejected his appeal in June.
Aaron, who attended Florida State University, was negotiating his return to the U.S. in October, and talks between his lawyers and U.S. officials were progressing, people familiar with the matter said at the time. He requested asylum and the sides discussed a possible plea deal, these people said. Aaron would be subject to immediate arrest under any deal paving the way for his return home, the people said.
Russia, which doesn’t extradite its citizens or have an extradition treaty with the U.S., had offered to hand him over in exchange for a “reciprocal” act, but received no reply from the U.S. Embassy, court transcripts show. He had presumably been free to leave Russia for a county of his choice.
Aside from JPMorgan, companies that have confirmed being attacked in connection with Aaron’s group include Fidelity Investments Ltd., E*Trade Financial Corp., Scottrade Financial Services Inc. and Dow Jones & Co., a unit of News Corp.
