The only American suspect named in the largest known hack of Wall street is negotiating his return to the U.S. from a detention cell in Russia, where hes no longer welcome, people familiar with the talks said.

Joshua Aaron
Source: FBI

Joshua Aaron, a Maryland native who attended Florida State University, has been held at a facility for illegal immigrants outside Moscow since failing to show police a valid passport during a midnight check at his apartment above the Beverly Hills Diner near downtown in May, court records show.

He and two Israelis are suspected of perpetrating what U.S. Attorney Preet Bharara called securities hoax on cyber steroids from 2007 to mid-2 015. Theyre accused of stealing data on more than 100 million clients from JPMorgan Chase& Co. and other companies, use it in schemes such as stock manipulation that generated millions of dollars in illicit gains.

Along the style, members of the ring tried to extract nonpublic info from fiscal corporations, processed payment datum for fake pharmaceuticals and fake anti-virus software, falsified passports and took control of a New Jersey credit union, prosecutors tell. They used 75 companies and bank and brokerage accounts around the world to launder money, authorities allege.

Mystery Hacker

But one mystery of the case has remained: While Aaron, 32, and the two Israelis are described as the architects of a global cyber criminal enterprise, the identity of the hacker behind it all has remained unknown.

Aarons frequent journeys to Russia during the time the alleged schemes took place creates the possibility that he may have met in person with the hacker, who is believed to be Russian or Russian-speaking. His cooperation in the case could provide new insight into the countys cyber underworld at a few moments when U.S. officials are publicly accusing Russia of trying to destabilize the American elections with state-sponsored hacks.

A Russian judge on May 20 ordered Aaron deported and penalty him 5,000 rubles ($ 80) for infringing the rules of his three-year visa, which requires holders to exit and re-enter the country every six months. He arrived via Ukraine on May 23, 2015, merely weeks before the U.S. issued arrest warrants for him and co-defendants Gery Shalon and Ziv Orenstein. A second magistrate repudiated his appeal of the expulsion ruling in June.

Russian Reciprocity

In statement to Russian attorneys on the working day of his detention, Aaron said he wasnt well informed the arrest warrant and denied violating any U.S. statutes. Russia, which doesnt extradite its citizens or have an extradition pact with the U.S ., offered to hand him over in exchange for a reciprocal act, but obtained no reply from the U.S. Embassy, according to court transcripts. He is presumably free to leave Russia for a district of his choice.

Talks between Aarons lawyers and U.S. officers are progressing and a deal paving the way for his return home, where he would be subject to immediate apprehend, may be reached this month, the people familiar with the issues said.

Aarons mothers, who live in Potomac, Maryland, didnt respond to a request for comment and its not clear who is serving as Aarons lawyer in the U.S. Aaron declined to comment via his Moscow lawyer, Ashot Muradyan.

Snowden, Putin

Russia has a history of sheltering alleged offenders actively sought by Washington, particularly now that disagreements from Ukraine to Syria and U.S. accusations of Russian hacking have driven relations to a post-Cold War low.

Edward Snowden, the NSA whistle-blower who was lauded by President Vladimir Putin for disclosing mass surveillance programs, lives comfortably in Russia, as does Semion Mogilevich, who spent years on the FBIs Ten Most Wanted list for being the most dangerous mobster in the world.

For a Q& A on hacking U.S. elections, click here

The U.S. Embassy in Moscow and James Margolin, a spokesman for the U.S. Attorneys office in Manhattan, declined to comment, as did Russian Interior Ministry officers. Kelly Langmesser, a spokeswoman for the FBI in New York, said Aaron wasnt presently in U.S. detention and declined to comment further.

Ilya Sachkov, head of Moscow-based cyberforensics firm Group-IB, called Aarons case particularly “strange, ” the first one he knows of involving a U.S. citizen accused of cybercrime who was then detained in Russia.

Naturally, he is not alone, and his group most probably includes Russian citizens, Sachkov said. “Putin and Obama agreed to cooperate against cybercriminals. This occurrence doesnt look like there is any cooperation.”

Fidelity, E* Trade

While Russia may consider Aaron little more than a bit player in its contentious relationship with Washington, he may have substantial value for U.S. prosecutors, allowing them to push their example deeper into Russias underground. One court document identifies a co-conspirator in the scheme as a computer hacker who is believed to have resided in Russia. Two people familiar with the lawsuit say his identity are aware of U.S. public officials and describe him as highly skilled.

Aside from JPMorgan, companies that have confirmed being attacked by Aarons group include Fidelity Investments Ltd ., E* Trade Financial Corp ., Scottrade Financial Services Inc. and Dow Jones& Co ., a unit of News Corp.

Aaron, who has been living in Russia with his Israeli wife, speaks only a few words of Russian. During his immigration proceedings, the court hired an interpreter for Aaron but he couldnt translate “administrative code violation, ” according to people who were in the courtroom.

If Aaron does return to the U.S, hell join his alleged co-conspirators. Israeli authorities imprisoned Shalon and Orenstein within a month of the arrest warrants being issued and extradited them to New York this July.

Read more: