A Russian man will do 27 years in federal prison after his conviction last August for hacking point of sale computers and stealing credit card numbers.
Roman Valeryevich Seleznev, aka Track2, 32, last week received the longest hacking sentence to date in the United States.
He ended up convicted last August of 38 counts (intentional damage to a protected computer, obtaining information from a protected computer, possession of unauthorized access devices and aggravated identity theft) related to his scheme to hack into point-of-sale computers to steal credit card numbers and sell them on dark market websites.
The long prison sentence he received is believed to be partly the result of his role as a pioneer in the carding industry.
“Under the nickname ‘Track2,’ Seleznev created two automated vending sites, an innovation that made it possible for criminals to efficiently search for and purchase stolen credit card data through a process as easy as buying a book on Amazon,” prosecutors said in a sentencing memorandum.
“Later, under the nickname ‘2Pac,’ Seleznev built a global resale operation, creating an online marketplace where scores of notorious hackers offered for sale the credit card data they had stolen through their own hacking activities. And, at the same time Seleznev was organizing the supply of credit card data in this manner, he worked to stimulate the demand for stolen card data by establishing a website known as ‘POS Dumps,’ which trained thousands of new criminals in the basics of how to use the data to commit fraud.”
Seleznev, originally fro Vladivostok, Russia, ended up arrested in July 2014 in the Maldives, and the laptop in his custody contained over 1.7 million stolen credit card numbers. The laptop also contained additional evidence linking Seleznev to the servers, email accounts and financial transactions involved in the scheme.
According to evidence presented at trial, between October 2009 and October 2013, Seleznev hacked into retail point-of-sale systems and installed malware that allowed him to steal millions of credit card numbers from more than 500 U.S. businesses and send the data to servers that he controlled in Russia, the Ukraine and McLean, Virginia. He then bundled the credit card information into groups called “bases” and sold the information on various criminal “carding” websites to buyers who used them for fraudulent purchases, according to evidence introduced during the trial.
Many of the businesses targeted by Seleznev were small businesses, and included restaurants and pizza parlors in Western Washington, including Broadway Grill in Seattle, which ended up in bankruptcy following the cyber assault. Testimony at trial revealed his scheme caused approximately 3,700 financial institutions more than $169 million in losses.
Seleznev still faces charges in other U.S. federal courts.
He is also charged in a separate indictment in the District of Nevada with participating in a racketeer influenced corrupt organization (RICO) and conspiracy to engage in a racketeer influenced corrupt organization, as well as two counts of possession of 15 or more counterfeit and unauthorized access devices, and in the Northern District of Georgia with conspiracy to commit bank fraud, one count of bank fraud and four counts of wire fraud.