Wirecard hacker sentenced to 80 months in prison

Unlock the Editor’s Digest for free

Roula Khalaf, Editor of the FT, selects her favourite stories in this weekly newsletter.

An Israeli private detective has been sentenced to 80 months in prison for his role in a $4.8mn hacking scheme that targeted journalists and critics of German fintech group Wirecard.

Aviram Azari, 52, pleaded guilty in April last year to computer intrusion, wire fraud and identity theft charges relating to work done on behalf of Wirecard, among others. The company collapsed in 2020 following the exposure of a massive fraud.

“From his home in Israel, Aviram Azari played a major role in orchestrating and facilitating an international hacking-for-hire spearphishing campaign,” said Damian Williams, the US attorney for the Southern District of New York, whose office brought the case.

“Today’s sentencing sends an unmistakable message about my office’s firm commitment to prosecuting hackers, domestic and foreign alike.”

Federal prosecutors had alleged that between 2014 and 2019 Azari, of Kiryat Yam, was involved in an “extensive” conspiracy to target individuals and unnamed companies in New York using phishing emails in an attempt to steal passwords.  

His victims included “climate change activists and individuals and financial firms that had been a critical part of the German payment processing company Wirecard”, they said in a statement on Thursday.

“Some of the hacked documents that were stolen from various of the victims’ online accounts were leaked to the press,” the US attorney’s office said, which resulted in articles related to investigations carried out by attorneys-general in New York and Massachusetts about what ExxonMobil knew about climate change and “potential misstatements” from the oil group about the issue.

The case related to a long-running federal investigation into an alleged Indian hacking group called BellTroX InfoTech Services, people familiar with the probe previously told the Financial Times.

The extent of BellTroX’s alleged operations was described in a 2020 report by Citizen Lab, part of the University of Toronto’s Munk School. It said that “spear phishing” emails tied to more than 28,000 personalised web pages were created by hackers attempting to steal passwords from advocacy groups, journalists, elected officials, lawyers, hedge funds and companies. BellTroX has previously denied involvement in hacking. 

A prolonged attack on Matthew Earl, a UK investor critical of Wirecard, helped Citizen Lab map the hacker’s shifting tactics. “​​Each day for three-plus years Aviram tried to hack me, undoubtedly at the behest of Wirecard,” Earl said at the time of Aviram’s guilty plea.

Hedge funds, researchers and journalists at the FT and Reuters who wrote about Wirecard were also targeted by hackers with elaborate personalised emails. 

Azari’s guilty plea in 2022 was this first successful prosecution following Wirecard’s collapse. Former chief executive Markus Braun and two other former Wirecard executives have been appearing in a Munich court on charges of fraud, breach of trust, and market and accounting manipulation since last December.

In addition to his prison term, Azari will serve three years of supervised release and will be forced to forfeit more than $4.8mn in illegal gains.