Hacking Scheme Defrauded Banks of More Than $169 Million
A federal jury today convicted a Vladivostok, Russia, man of
38 counts related to his scheme to hack into point-of-sale computers to steal
and sell credit card numbers to the criminal underworld, announced Assistant
Attorney General Leslie R. Caldwell of the Justice Department’s Criminal
Division and U.S. Attorney Annette L. Hayes of the Western District of
Washington.
Roman Valerevich Seleznev, aka Track2, 32, was convicted
after an eight-day trial of 10 counts of wire fraud, eight counts of
intentional damage to a protected computer, nine counts of obtaining
information from a protected computer, nine counts of possession of 15 or more
unauthorized access devices and two counts of aggravated identity theft. U.S. District Judge Richard A. Jones of the
Western District of Washington scheduled sentencing for Dec. 2, 2016.
According to testimony at trial and court documents, between
October 2009 and October 2013, Seleznev hacked into retail point-of-sale
systems and installed malicious software (malware) to steal credit card numbers
from various businesses from a server he operated in Russia. Many of the businesses were small businesses,
some of which were restaurants in Western Washington, including the Broadway
Grill in Seattle, which was forced into bankruptcy following the cyber assault.
Evidence presented at trial demonstrated that the malware
would steal the credit card data from the point-of-sale systems and send it to
other servers that Seleznev controlled in Russia, the Ukraine or in McLean,
Virginia. Seleznev then bundled the
credit card information into groups called “bases” and sold the information on
various “carding” websites to buyers who would then use the credit card numbers
for fraudulent purchases, according to the trial evidence. Testimony at trial revealed that Seleznev’s
scheme caused 3,700 financial institutions more than $169 million in losses.
When Seleznev was taken into custody in July 2014 in the
Maldives, his laptop contained more than 1.7 million stolen credit card
numbers, some of which were stolen from businesses in Western Washington. The laptop also contained additional evidence
linking Seleznev to the servers, email accounts and financial transactions
involved in the scheme.
Seleznev is charged in a separate indictment in the District
of Nevada with participating in a racketeer influenced corrupt organization
(RICO) and conspiracy to engage in a RICO, as well as two counts of possession
of 15 or more counterfeit and unauthorized access devices. Seleznev is also charged in the Northern
District of Georgia with conspiracy to commit bank fraud, one count of bank
fraud and four counts of wire fraud. An indictment
is merely an allegation, and the defendant is presumed innocent unless and
until proven guilty beyond a reasonable doubt in a court of law.
The U.S. Secret Service Electronic Crimes Task Force
investigated the case. The task force
includes detectives from the Seattle Police Department and the U.S. Secret
Service Cyber Intelligence Section in Washington, D.C. Trial Attorney Harold Chun of the Criminal
Division’s Computer Crime and Intellectual Property Section (CCIPS) and
Assistant U.S. Attorneys Norman M. Barbosa and Seth Wilkinson of the Western
District of Washington are prosecuting the case. The CCIPS Cyber Crime Lab and its Director,
Ovie Carroll, provided substantial support for the prosecution. The Office of International Affairs and the
U.S. Attorney’s Office of the District of Guam also provided assistance in this
case.