Russian Cyber-Criminal Convicted of 38 Counts Related to Hacking Businesses and Stealing More Than Two Million Credit Card Numbers

Hacking Scheme Defrauded Banks of More Than $169 Million

A federal jury today convicted a Vladivostok, Russia, man of 38 counts related to his scheme to hack into point-of-sale computers to steal and sell credit card numbers to the criminal underworld, announced Assistant Attorney General Leslie R. Caldwell of the Justice Department’s Criminal Division and U.S. Attorney Annette L. Hayes of the Western District of Washington. 

Roman Valerevich Seleznev, aka Track2, 32, was convicted after an eight-day trial of 10 counts of wire fraud, eight counts of intentional damage to a protected computer, nine counts of obtaining information from a protected computer, nine counts of possession of 15 or more unauthorized access devices and two counts of aggravated identity theft.  U.S. District Judge Richard A. Jones of the Western District of Washington scheduled sentencing for Dec. 2, 2016.

According to testimony at trial and court documents, between October 2009 and October 2013, Seleznev hacked into retail point-of-sale systems and installed malicious software (malware) to steal credit card numbers from various businesses from a server he operated in Russia.  Many of the businesses were small businesses, some of which were restaurants in Western Washington, including the Broadway Grill in Seattle, which was forced into bankruptcy following the cyber assault.

Evidence presented at trial demonstrated that the malware would steal the credit card data from the point-of-sale systems and send it to other servers that Seleznev controlled in Russia, the Ukraine or in McLean, Virginia.  Seleznev then bundled the credit card information into groups called “bases” and sold the information on various “carding” websites to buyers who would then use the credit card numbers for fraudulent purchases, according to the trial evidence.  Testimony at trial revealed that Seleznev’s scheme caused 3,700 financial institutions more than $169 million in losses.

When Seleznev was taken into custody in July 2014 in the Maldives, his laptop contained more than 1.7 million stolen credit card numbers, some of which were stolen from businesses in Western Washington.  The laptop also contained additional evidence linking Seleznev to the servers, email accounts and financial transactions involved in the scheme.

Seleznev is charged in a separate indictment in the District of Nevada with participating in a racketeer influenced corrupt organization (RICO) and conspiracy to engage in a RICO, as well as two counts of possession of 15 or more counterfeit and unauthorized access devices.  Seleznev is also charged in the Northern District of Georgia with conspiracy to commit bank fraud, one count of bank fraud and four counts of wire fraud.  An indictment is merely an allegation, and the defendant is presumed innocent unless and until proven guilty beyond a reasonable doubt in a court of law.

The U.S. Secret Service Electronic Crimes Task Force investigated the case.  The task force includes detectives from the Seattle Police Department and the U.S. Secret Service Cyber Intelligence Section in Washington, D.C.   Trial Attorney Harold Chun of the Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS) and Assistant U.S. Attorneys Norman M. Barbosa and Seth Wilkinson of the Western District of Washington are prosecuting the case.   The CCIPS Cyber Crime Lab and its Director, Ovie Carroll, provided substantial support for the prosecution.  The Office of International Affairs and the U.S. Attorney’s Office of the District of Guam also provided assistance in this case.