COURT DOC: Russian Cyber-Criminal Sentenced to 27 Years in Prison for Hacking and Credit Card Fraud Scheme

A 32-year-old Vladivostok, Russia, man was sentenced today to 27 years in prison for his computer hacking crimes that caused more than $169 million in damage to small businesses and financial institutions.

Roman Valeryevich Seleznev, aka Track2, was convicted in August 2016, of 38 counts related to his scheme to hack into point-of-sale computers to steal credit card numbers and sell them on dark market websites.

According to evidence presented at trial, between October 2009 and October 2013, Seleznev hacked into retail point-of-sale systems and installed malicious software (malware) that allowed him to steal millions of credit card numbers from more than 500 U.S. businesses and send the data to servers that he controlled in Russia, the Ukraine and McLean, Virginia. Seleznev then bundled the credit card information into groups called bases and sold the information on various criminal ‘carding’ websites to buyers who used them for fraudulent purchases, according to evidence introduced during the trial of this case.

Many of the businesses targeted by Seleznev were small businesses, and included restaurants and pizza parlors in Western Washington, including Broadway Grill in Seattle, which was forced into bankruptcy following the cyber assault. Testimony at trial revealed that Seleznevs scheme caused approximately 3,700 financial institutions more than $169 million in losses.

Seleznev was taken into custody in July 2014 in the Maldives, and the laptop in his custody at that time contained more than 1.7 million stolen credit card numbers, including some from businesses in Western Washington. The laptop also contained additional evidence linking Seleznev to the servers, email accounts and financial transactions involved in the scheme. Evidence presented at trial showed that Seleznev earned tens of millions of dollars from his criminal activity.

Seleznev was convicted on Aug. 25, 2016, of 10 counts of wire fraud, eight counts of intentional damage to a protected computer, nine counts of obtaining information from a protected computer, nine counts of possession of 15 or more unauthorized access devices and two counts of aggravated identity theft. (Source: U.S. Department of Justice)