Stole and Sold Millions of Credit Card Numbers – Defrauding Victims of More Than $169 Million
WASHINGTON – A 32-year-old Vladivostok, Russia, man was sentenced today to 27 years in prison for his computer hacking crimes that caused more than $169 million in damage to small businesses and financial institutions, announced Acting Assistant Attorney General Kenneth A. Blanco of the Justice Department’s Criminal Division, and U.S. Attorney Annette L. Hayes of the Western District of Washington.
Roman Valeryevich Seleznev, aka Track2, was convicted in August 2016, of 38 counts related to his scheme to hack into point-of-sale computers to steal credit card numbers and sell them on dark market websites. U.S. District Judge Richard A. Jones of the Western District of Washington imposed the sentence.
“This investigation, conviction and sentence demonstrates that the United States will bring the full force of the American justice system upon cybercriminals like Seleznev who victimize U.S. citizens and companies from afar,” said Acting Assistant Attorney General Blanco. “And we will not tolerate the existence of safe havens for these crimes – we will identify cybercriminals from the dark corners of the Internet and bring them to justice.”
“Today is a bad day for hackers around the world,” said U.S. Attorney Annette L. Hayes. “The notion that the Internet is a Wild West where anything goes is a thing of the past. As Mr. Seleznev has now learned, and others should take note — we are working closely with our law enforcement partners around the world to find, apprehend, and bring to justice those who use the internet to steal and destroy our peace of mind. Whether the victims are multi-national banks or small pizza joints, we are all victims when our day-to-day transactions result in millions of dollars ending up in the wrong hands.”
According to evidence presented at trial, between October 2009 and October 2013, Seleznev hacked into retail point-of-sale systems and installed malicious software (malware) that allowed him to steal millions of credit card numbers from more than 500 U.S. businesses and send the data to servers that he controlled in Russia, the Ukraine and McLean, Virginia. Seleznev then bundled the credit card information into groups called “bases” and sold the information on various criminal “carding” websites to buyers who used them for fraudulent purchases, according to evidence introduced during the trial of this case.
Many of the businesses targeted by Seleznev were small businesses, and included restaurants and pizza parlors in Western Washington, including Broadway Grill in Seattle, which was forced into bankruptcy following the cyber assault. Testimony at trial revealed that Seleznev’s scheme caused approximately 3,700 financial institutions more than $169 million in losses.
Seleznev was taken into custody in July 2014 in the Maldives, and the laptop in his custody at that time contained more than 1.7 million stolen credit card numbers, including some from businesses in Western Washington. The laptop also contained additional evidence linking Seleznev to the servers, email accounts and financial transactions involved in the scheme. Evidence presented at trial showed that Seleznev earned tens of millions of dollars from his criminal activity.
Seleznev was convicted on August 25, 2016, of ten counts of wire fraud, eight counts of intentional damage to a protected computer, nine counts of obtaining information from a protected computer, nine counts of possession of fifteen or more unauthorized access devices and two counts of aggravated identity theft.
Mr. Seleznev’s criminal enterprise was both sophisticated and expansive, with transnational implications. This investigation exemplifies the ability of the U.S. Secret Service and our law enforcement partners to hold accountable those who perpetrate such crimes,” said U.S. Secret Service Special Agent in Charge Robert L. Kierstead. “The ultimate success of this case is the result of an extraordinary collaborative effort by the Secret Service, the U.S. Attorney’s Office of the Western District of Washington, the Criminal Division’s Computer Crime and Intellectual Property Section and the Seattle Police Department.”
“Crime has no borders,” said Seattle Police Chief Kathleen O’Toole. “This individual is responsible for defrauding victims out of millions of dollars in Seattle alone, and we are proud to work with our federal partners to bring him to justice.”
Seleznev is also charged in a separate indictment in the District of Nevada with participating in a racketeer influenced corrupt organization (RICO) and conspiracy to engage in a racketeer influenced corrupt organization, as well as two counts of possession of 15 or more counterfeit and unauthorized access devices. Additionally, Seleznev is charged in the Northern District of Georgia with conspiracy to commit bank fraud, one count of bank fraud and four counts of wire fraud. An indictment is merely an allegation, and the defendant is presumed innocent unless and until proven guilty beyond a reasonable doubt in a court of law.
The U.S. Secret Service Electronic Crimes Task Force investigated the case. Assistant U.S. Attorneys Norman M. Barbosa and Seth Wilkinson of the Western District of Washington and Trial Attorneys Harold Chun and Ethan Arenson of the Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS) prosecuted the case. The CCIPS Cyber Crime Lab, and its Director, Ovie Carroll, provided substantial support for the prosecution. The Office of International Affairs and the U.S. Attorney’s Office for the District of Guam also provided assistance in this case.