The U.S. Justice Department released
the below information:
A 32-year-old Vladivostok,
Russia, man was sentenced today to 27 years in prison for his computer hacking
crimes that caused more than $169 million in damage to small businesses and
financial institutions, announced Acting Assistant Attorney General Kenneth A.
Blanco of the Justice Department’s Criminal Division and U.S. Attorney Annette
L. Hayes of the Western District of Washington.
Roman Valeryevich Seleznev,
aka Track2, was convicted in August 2016, of 38 counts related to his scheme to
hack into point-of-sale computers to steal credit card numbers and sell them on
dark market websites. U.S. District
Judge Richard A. Jones of the Western District of Washington imposed the
sentence.
“This investigation,
conviction and sentence demonstrates that the United States will bring the full
force of the American justice system upon cybercriminals like Seleznev who
victimize U.S. citizens and companies from afar,” said Acting Assistant
Attorney General Blanco. “And we will
not tolerate the existence of safe havens for these crimes – we will identify
cybercriminals from the dark corners of the Internet and bring them to
justice.”
“Today is a bad day for
hackers around the world,” said U.S. Attorney Annette L. Hayes. “The notion
that the Internet is a Wild West where anything goes is a thing of the
past. As Mr. Seleznev has now learned,
and others should take note – we are working closely with our law enforcement
partners around the world to find, apprehend, and bring to justice those who
use the internet to steal and destroy our peace of mind. Whether the victims are multi-national banks
or small pizza joints, we are all victims when our day-to-day transactions
result in millions of dollars ending up in the wrong hands.”
According to evidence
presented at trial, between October 2009 and October 2013, Seleznev hacked into
retail point-of-sale systems and installed malicious software (malware) that
allowed him to steal millions of credit card numbers from more than 500 U.S.
businesses and send the data to servers that he controlled in Russia, the
Ukraine and McLean, Virginia. Seleznev
then bundled the credit card information into groups called “bases” and sold
the information on various criminal “carding” websites to buyers who used them
for fraudulent purchases, according to evidence introduced during the trial of
this case.
Many of the businesses
targeted by Seleznev were small businesses, and included restaurants and pizza
parlors in Western Washington, including Broadway Grill in Seattle, which was
forced into bankruptcy following the cyber assault. Testimony at trial revealed that Seleznev’s
scheme caused approximately 3,700 financial institutions more than $169 million
in losses.
Seleznev was taken into
custody in July 2014 in the Maldives, and the laptop in his custody at that
time contained more than 1.7 million stolen credit card numbers, including some
from businesses in Western Washington.
The laptop also contained additional evidence linking Seleznev to the
servers, email accounts and financial transactions involved in the scheme. Evidence presented at trial showed that
Seleznev earned tens of millions of dollars from his criminal activity.
Seleznev was convicted on
Aug. 25, 2016, of 10 counts of wire fraud, eight counts of intentional damage
to a protected computer, nine counts of obtaining information from a protected
computer, nine counts of possession of 15 or more unauthorized access devices
and two counts of aggravated identity theft.
“Mr. Seleznev’s criminal
enterprise was both sophisticated and expansive, with transnational
implications. This investigation
exemplifies the ability of the U.S. Secret Service and our law enforcement
partners to hold accountable those who perpetrate such crimes,” said Special
Agent in Charge Robert L. Kierstead of the U.S. Secret Service. “The ultimate success of this case is the
result of an extraordinary collaborative effort by the Secret Service, the U.S.
Attorney’s Office of the Western District of Washington, the Criminal
Division’s Computer Crime and Intellectual Property Section and the Seattle
Police Department.”
“Crime has no borders,” said
Seattle Police Chief Kathleen O’Toole. “This
individual is responsible for defrauding victims out of millions of dollars in
Seattle alone, and we are proud to work with our federal partners to bring him
to justice.”
Seleznev is also charged in a
separate indictment in the District of Nevada with participating in a racketeer
influenced corrupt organization (RICO) and conspiracy to engage in a racketeer
influenced corrupt organization, as well as two counts of possession of 15 or
more counterfeit and unauthorized access devices. Additionally, Seleznev is charged in the
Northern District of Georgia with conspiracy to commit bank fraud, one count of
bank fraud and four counts of wire fraud.
An indictment is merely an allegation, and the defendant is presumed
innocent unless and until proven guilty beyond a reasonable doubt in a court of
law.
The U.S. Secret Service
Electronic Crimes Task Force investigated the case. Assistant U.S. Attorneys Norman M. Barbosa
and Seth Wilkinson of the Western District of Washington and Trial Attorneys
Harold Chun and Ethan Arenson of the Criminal Division’s Computer Crime and
Intellectual Property Section (CCIPS) prosecuted the case. The CCIPS Cyber Crime Lab, and its Director,
Ovie Carroll, provided substantial support for the prosecution. The Office of International Affairs and the
U.S. Attorney’s Office for the District of Guam also provided assistance in
this case.