Joshua Samuel Aaron, 32, a US citizen suspected of several high-profile hacks, has been detained by Russian authorities since May 2016, after violating the conditions of his visa.
US authorities indicted Aaron and two Israelis in the summer of 2015 on charges of hacking and stealing data from 12 international companies, including nine financial institutions, between 2007 and 2014.
The list of confirmed breached companies includes JPMorgan Chase, Scottrade, The Wall Street Journal, E*Trade Financial Corp, TD Ameritrade, and News Corp.
US authorities said Aaron and the two Israelis used the Heartbleed vulnerability to break into those companies’ servers and steal financial data of over 100 million customers.
A month after US authorities charged the trio, Israeli authorities arrested and extradited the two Israeli suspects, Gery Shalon and Ziv Orenstein.
According to a Bloomberg report, Aaron escaped US law enforcement after he traveled to the Ukraine in May 2015, and then Russia, two months before US authorities filed official charges.
Unbeknownst to US investigators, Aaron and his Israeli-born wife had been living in Moscow since then.
According to RIA Novosti, Russian police arrested Aaron in May this year after he broke the country’s visa rules. Russia mandates that immigrants leave the country and re-enter after six months.
Aaron remained in Russia since entering the country on an expired visa, living in an apartment above the Beverly Hills Diner, in Moscow.
Authorities detained Aaron, fined him 5,000 rubles ($80) for breaking visa rules, and a judge ordered his deportation. To avoid being sent to the US, Aaron asked for political asylum, but a judge denied his request over the summer. In the meantime, Aaron has filed an appeal, delaying his deportation.
Bloomberg cites an inside source saying that Russian authorities tried to exchange Aaron for an unspecified “reciprocal” act, most likely as a favor between the two countries, which do not have a mutual extradition treaty in place.
Since May, Aaron has been living at a special Russian facility for detained illegal immigrants. After his asylum appeal concludes, Aaron is free to travel to the country of his choosing.
Aaron and a college friend, Anthony Murgio, frequently traveled to Russia in their youth. Authorities suspect that the group may have had help from a Russian-based hacker. Murgio is under arrest after being indicted on several charges, related to taking over a New Jersey credit union and using it to launder Bitcoin.