Russian Hacker Arrested for Computer Hacking Scheme that Victimized Thousands of Credit Card Customers
A Russian man, indicted in the Western District of Washington for hacking into point of sale systems at retailers throughout the United States was arrested this weekend and transported to Guam for an initial appearance, announced U.S. Attorney Jenny A. Durkan. ROMAN VALEREVICH SELEZNEV, 30, of Vladivostok, also known as “Track2” in the criminal carding underground, was indicted in March 2011, for operating several carding forums that engaged in the distribution of stolen credit card information. At his first appearance in Guam today, SELEZNEV was ordered detained pending a further hearing scheduled for July 22, 2014.
“Cyber crooks should take heed: you cannot hide behind distant keyboards. We will bring you to face justice,” said U.S. Attorney Jenny A. Durkan, who leads the Justice Department’s Cybercrime and Intellectual Property Enforcement Subcommittee of the Attorney General’s Advisory Committee. “I want to thank the U.S. Secret Service for their work in investigating this case and in apprehending the defendant. I also want to give credit to the work of the Electronic Crimes Task Force, and Seattle Police Department in particular, and our partners in the United States Attorney’s Office in Guam, the Department of Justice’s Office of International Affairs, and the Computer Crime and Intellectual Property section of the Department of Justice’s Criminal Division.”
The indictment, unsealed today following his arrest on July 5, 2014, details a bank fraud scheme in which SELEZNEV is charged with hacking into retail point of sale systems and installing malicious software on the systems to steal credit card numbers. The illegal hacking outlined in the indictment occurred between October 2009, and February 2011. The indictment alleges that SELEZNEV created and operated infrastructure to facilitate the theft and sales of credit card data and used servers located all over the world to facilitate the operation. This infrastructure included servers that hosted carding forum websites where cybercriminals gathered to sell stolen credit card numbers. The charges in the indictment include five counts of bank fraud, eight counts of intentionally causing damage to a protected computer, eight counts of obtaining information from a protected computer, one count of possession of fifteen or more unauthorized access devices (stolen credit card numbers), two counts of trafficking in unauthorized access devices and five counts of aggravated identity theft.
“The arrest of Roman Seleznev is yet another example of how the Secret Service continues to successfully combat data theft and financial crimes,” said Robert Kierstead, Special Agent in Charge of the U.S. Secret Service Seattle Field Office. “The Secret Service utilized state-of-the-art investigative techniques to dismantle this criminal network. Our success in this case and other similar investigations is a result of the extraordinary work of our investigators and our close work with our network of law enforcement partners.”
Bank Fraud is punishable by up to thirty years in prison and a $2 million fine. Intentionally causing damage to a protected computer resulting with a loss of more than $5,000 is punishable by up to ten years in prison and a $250,000 fine. Obtaining information from a protected computer is punishable by up to five years in prison and a $250,000 fine. Possession of more than 15 unauthorized access devices is punishable by up to ten years in prison and a $250,000 fine. Trafficking in unauthorized access devices is punishable by up to 10 years in prison and a $250,000 fine. Aggravated identity theft is punishable by an additional two years in prison on top of any sentence for the underlying crimes. In determining the actual sentence, the Court will consider the United States Sentencing Guidelines, which are not binding but provide appropriate sentencing ranges for most offenders.
SELEZNEV is also charged in a separate indictment in the District of Nevada with participating in a racketeer influenced corrupt organization (RICO) and conspiracy to engage in a racketeer influenced corrupt organization as well as two counts of possession of fifteen or more counterfeit and unauthorized access devices. Those charges carry maximum penalties of up to 20 years in prison for RICO and RICO conspiracy and up to 10 years in prison for possession of fifteen or more counterfeit and unauthorized access devices.
Credit card fraud costs financial institutions $40 billion annually. In the Western District of Washington more than 180,000 stolen credit card numbers have been identified in recent cyber cases.
The charges contained in the indictment are only allegations. A person is presumed innocent unless and until he or she is proven guilty beyond a reasonable doubt in a court of law.
The case is being investigated by the U.S. Secret Service Electronic Crimes Task Force which includes detectives from the Seattle Police Department. The Office of International Affairs, the Computer Crime and Intellectual Property Section of the Department of Justice’s Criminal Division and the U.S. Attorney’s Office for the District of Guam provided substantial assistance. Assistant United States Attorney Norman M. Barbosa is prosecuting the case in the Western District of Washington.
For additional information please contact Todd Greenberg, Assistant United States Attorney for the United States Attorney’s Office, at (206) 553-7970.