Roman Seleznev

From Wikipedia, the free encyclopedia

Roman Valerevich Seleznev (also known by his hacker handle Track2) is a Russian computer hacker. He was indicted in Washington in 2011, and is accused of hacking into servers to steal credit card data. Seleznev's activities have been speculated to have caused damages to banks and credit card companies ranging in the millions of dollars. Seleznev was arrested in July 5, 2014 and faces five counts of bank fraud, eight counts of intentionally causing damage to a protected computer and five counts of aggravated identity theft.^[1]

Seleznev is the son of Valery Seleznev (ru), a member of the Duma, Russia’s parliament.^[2]

§Arrest[edit]

Seleznev's 2014 arrest caused controversy as he was apparently arrested outside of the United States and transported to Guam to stand trial. Citing "law enforcement reasons" the Justice Department would not disclose the location of Seleznev's arrest. Jeh Johnson, Secretary of Homeland Security, said in a statement that the arrest showed that "despite the increasingly borderless nature of transitional organized crime, the long arm of justice - and [the Department of Homeland Security] - will continue to disrupt and dismantle sophisticated criminal organizations".^[3][4]

Russian officials complained that Seleznev's arrest amounted to "kidnapping" and said the US had failed to notify Russian consulates of Seleznev's arrest. The Russian Foreign Ministry indicated that the Maldives had been the site of Seleznev's arrest, and criticized the Maldives for failing to following "international legal norms" in Seleznev's arrest.^[5]

Russian hacker arrested for widespread U.S. credit card data theft

Calling him "one the world's most prolific traffickers of stolen financial information," the U.S. Secret Service arrested a Russian national Monday for hacking retailers and stealing credit card information throughout the United States over a 16-month period.

Roman Valerevich Seleznev, who was indicted in Washington state in March 2011, is accused of hacking into servers and international carding forum websites to steal credit card data. Seleznev, who is known as "Track2" in the carding underground, remains in custody pending trial.

The Justice Department did not disclose the location of Seleznev's arrest for "law enforcement reasons."

The alleged criminal activity occurred between October 2009 and February 2011.According to Capitol Hill Seattle, Seleznev's 2010 data breach at Broadway Grillresulted in $1.7 million in losses to banks and credit card companies.

"This important arrest sends a clear message: despite the increasingly borderless nature of transitional organized crime, the long arm of justice - and this Department - will continue to disrupt and dismantle sophisticated criminal organizations," said Secretary of Homeland Security Jeh Johnson in a statement.

Seleznev faces multiple charges, including five counts of bank fraud, eight counts of intentionally causing damage to a protected computer and five counts of aggravated identity theft. The case remains under investigation by the U.S. Secret Service Electronic Crimes Task Force in Seattle and is being prosecuted by the U.S. Attorney's Office for the Western District of Washington.

"This scheme involved multiple network intrusions and data thefts for illicit financial gain," said Julia Pierson, Director of the U.S. Secret Service.

Seleznev also faces racketeering charges in Nevada, the Secret Service said.

Last month, a Russian computer hacker was accused of leading a worldwide conspiracy that targeted hundreds of thousands of computers with malware, enabling his group to steal more than $100 million from business and other bank accounts.

 The son of a Russian lawmaker has been arrested by the U.S. on charges of selling credit card information he stole by hacking into the computers of American retailers.

Roman Seleznev, 30, was arrested overseas by the U.S. Secret Service on July 5 and was ordered detained today during a hearing in federal court in Guam, the Justice Department said in a statement.

Seleznev is the son of Valery Seleznev, a member of the Duma, Russia’s parliament, according to two U.S. law enforcement officials who requested anonymity because they were not permitted to discuss a continuing investigation.

The Justice Department declined to say where Seleznev was arrested. He was indicted in March 2011 on charges of bank fraud and computer hacking. The indictment, which was unsealed today, alleged that Seleznev was part of a hacking scheme that operated between 2009 and 2011.

The indictment alleged that Seleznev and others stole more than 200,000 credit card numbers. During a three-month span ending in February 2011, the indictment alleges, Seleznev and others sold more than 140,000 credit card numbers in online forums, generating at least a $2 million profit. Losses to financial institutions hit by the hacking operation exceeded $1.2 million, the indictment says.

Russia Calls U.S. Arrest of Alleged Hacker 'Kidnapping'

Russia on Tuesday called the U.S. government's arrest of an alleged hacker "kidnapping" and said it was considering the move "the latest unfriendly action by Washington."

The suspect, Roman Valerevich Seleznev, who the U.S. Secret Service said it arrested in the Pacific island nation of the Maldives on Friday and brought to the U.S. territory of Guam to face justice as "one of the world's most prolific traffickers of stolen financial information," is reportedly the 30-year-old son of a Russian federal lawmaker.

The Russian Foreign Ministry said in a statement that the arrest is "not the first time that the U.S. government, ignoring a bilateral agreement on mutual legal cooperation regarding criminal issues, has conducted a literal kidnapping of a Russian citizen."

Lawmaker Valery Seleznev, who represents the nationalist LDPR party in Russia's federal parliament, told state news agency RIA Novosti on Tuesday that his son, who he is sure did not have a U.S. visa, could likely have been "kidnapped" and taken to the U.S.

U.S. officials accuse Roman Seleznev of participating in a crime ring that sold more than 100,000 credit card numbers obtained from American stores' computers, generating a copious profit for the group and causing over a million dollars in damages.

U.S.-Russian relations are at a low point after the U.S. backed the deposition of Ukraine's pro-Russian president in February and Russia annexed the Ukrainian peninsula of Crimea a month later.

The U.S. Justice Department has piled on more charges against alleged cybercrime kingpin Roman Seleznev, a Russian national who made headlines in July when it emerged that he’d been whisked away to Guam by U.S. federal agents while vacationing in the Maldives. The additional charges against Seleznev may help explain the extended downtime at an extremely popular credit card fraud shop in the cybercrime underground.

The 2pac[dot]cc credit card shop.

The government alleges that the hacker known in the underground as “nCux” and “Bulba” was Roman Seleznev, a 30-year-old Russian citizen who wasarrested in July 2014 by the U.S. Secret Service. According to Russian media reports, the young man is the son of a prominent Russian politician.

Seleznev was initially identified by the government in 2012, when it named him as part of a conspiracy involving more than three dozen popular merchants on carder[dot]su, a bustling fraud forum where Bulba and other members openly marketed various cybercrime-oriented services (see the original indictment here).

According to Seleznev’s original indictment, he was allegedly part of a group that hacked into restaurants between 2009 and 2011 and planted malicious software to steal card data from store point-of-sale devices. The indictment further alleges that Seleznev and unnamed accomplices used his online monikers to sell stolen credit and debit cards at bulba[dot]cc and track2[dot]name. Customers of these services paid for their cards with virtual currencies, including WebMoney andBitcoin.

But last week, U.S. prosecutors piled on another 11 felony counts against Seleznev, charging that he also sold stolen credit card data on a popular carding store called2pac[dot]cc. Interestingly, Seleznev’s arrest coincides with a period of extended downtime on 2pac[dot]cc, during which time regular customers of the store could be seen complaining on cybercrime forums where the store was advertised that the proprietor of the shop had gone silent and was no longer responding to customer support inquiries.

A few weeks after Seleznev’s arrest, it appears that someone new began taking ownership of 2pac[dot]cc’s day-to-day operations. That individual recently posted a message on the carding shop’s home page apologizing for the extended outage and stating that fresh, new cards were once again being added to the shop’s inventory.

The message, dated Aug. 8, 2014, explains that the proprietor of the shop was unreachable because he was hospitalized following a car accident:

“Dear customers. We apologize for the inconvenience that you are experiencing now by the fact that there are no updates and [credit card] checker doesn’t work. This is due to the fact that our boss had a car accident and he is in hospital. We will solve all problems as soon as possible. Support always available, thank you for your understanding.”

(Bloomberg) -- For more than a decade, the U.S. Secret Service hunted Roman Seleznev, a computer wizard suspected of being one of the world’s most prolific traffickers in stolen credit cards.

But agents had a problem: Despite three separate federal hacking-related indictments against the 30-year-old son of a prominent Russian lawmaker, Seleznev remained out of reach, in Vladivostok, Russia.

Then he made a mistake last July and visited a luxurious resort in the Indian Ocean for a family vacation. U.S. authorities pounced, enlisting local police in a fast-paced operation that was nearly foiled by bad weather thousands of miles away. Seleznev is now in jail in Seattle, awaiting trial in November.

Seleznev’s arrest was a rare victory for U.S. investigators seeking alleged cybercriminals in countries like Russia that do not have extradition treaties with the U.S. nor histories of cooperating with American authorities.

More than three dozen overseas hackers remain outside the reach of the law, including Russians accused of siphoning millions from U.S. consumers and Chinese military officials charged with industrial espionage, two law enforcement officials said.

Until now, U.S. officials have shared few details about Seleznev’s arrest, which sparked a furious response by the Russian government and caused heartburn for authorities in the Maldives, where he was caught. Seleznev’s father said his son would die in captivity without daily medication for a brain injury suffered three years earlier; echoing complaints issued after other arrests, the Russian government accused the U.S. of kidnapping.

Internet Activities

For years, the Secret Service had been investigating Seleznev’s Internet activities, leading federal prosecutors to charge him with crimes including identity theft and racketeering, according to court filings, transcripts of court proceedings and extensive interviews with U.S. law enforcement officials. He is accused of hacking into retailers’ credit-card systems, installing malware to siphon off card numbers and running sophisticated forums where hackers could buy and sell the stolen information.

The officials, who spoke on condition of anonymity because the case is continuing and presents sensitive diplomatic issues, described Seleznev as a one of history’s most successful traffickers in stolen credit-card data.

Dennis Carroll, an assistant public defender representing Seleznev, declined to comment.

Muscle Car

His allegedly illicit work was lucrative and financed fancy cars, apartments and exotic vacations. Photos retrieved from his mobile phone show him posing in front of the Kremlin with his bright yellow Dodge Challenger SRT muscle car and bundles of cash on the back seat of an SUV. According to federal prosecutors, two of his bank accounts received more than $18 million from illegal schemes.

Knowing that they could only capture Seleznev outside of Russia, Secret Service agents kept close tabs on his travels. A few years ago, for example, they determined that he liked to frequent Bali, Indonesia, where he owned two luxury apartments costing nearly $800,000.

Agents met in 2012 with Indonesian authorities, who declined to help capture a foreign national of their soil for fear of upsetting Russia, or their own citizens, according to two U.S. law enforcement officials.

Maldives Vacation

On July 2 last year, the Secret Service got a new tip: Seleznev was visiting a five-star resort in the Maldives, a popular holiday destination for Europeans. They were told that Seleznev picked the Maldives because it did not have an extradition treaty with the U.S.

Agents in Washington wasted no time, contacting officials at the State Department, who had a close relationship with the Maldivian police superintendent. He agreed to help, despite the lack of a treaty.

A day later, a Secret Service agent based in Thailand and another from Hawaii were in the Maldives, drawing up a plan: Local police would arrest Seleznev before he boarded his flight home on the morning of July 5. They would formally expel him from their country and hand him over to the U.S. agents, who would hustle him aboard a private jet bound for the U.S. territory of Guam.

At the last minute the Maldivian police said they required an Interpol “red notice” to grab Seleznev. The Secret Service had avoided uploading such an alert that they were seeking a suspect on criminal charges because Russian authorities were notorious for tipping their citizens to the existence of arrest warrants.

Seaplane Trip

Anticipating the demand, Secret Service agents had drafted a red notice and uploaded it to Interpol as Seleznev was on a seaplane from his resort to the Maldives airport, leaving the Russians no time to act.

As Seleznev rode a bus from the seaplane to the airport, Maldivian police and a Secret Service agent sat just a few rows back, making sure he didn’t get a tip and try to slip away.

At the airport, police checked Seleznev’s passport and quickly turned him over to the Secret Service agents, who handcuffed the Russian and led him onto the jet.

As they were about to take off, however, another problem arose. A storm was reported near Guam.

If the pilots delayed taking off to allow the weather to clear, they would run afoul of duty-time regulations. They would be grounded at least a day, forcing agents to return Seleznev to Maldivian custody. Such a move risked a diplomatic and legal dispute with Russia.

Weather Risk

The other option was to take off and divert to a third country if the weather didn’t improve, raising the specter of another diplomatic imbroglio.

Agents in the Maldives made the call: take off and pray for better weather. Twelve hours later, the flight landed in Guam without incident, and Seleznev was transferred to Seattle.

His arrest came as relations between Washington and Moscow are more strained than at any time since the Cold War.

Warnings by the Russian government to its citizens who might be targets of U.S. law enforcement could make Seleznev a unique case going forward. The Federal Bureau of Investigation has all but conceded it may never catch another Russian hacker, Evgeniy Mikhailovich Bogachev, charged with creating a sophisticated computer virus that stole $100 million from U.S. businesses and consumers.

“If he remains there, it will be difficult to get him, unless there is a different approach taken by the Russian government working with the U.S. government,” said Joseph Demarest, assistant director for the FBI’s cyber division who last month announced a $3 million reward for information leading to Bogachev’s capture.

A Russian man accused of being one of the world’s most prolific traffickers of stolen financial information was arrested in Guam on Saturday, according to the Secret Service.

Roman Valerevich Seleznev was arrested on charges that he hacked into cash register systems at retailers throughout the United States from 2009 to 2011. The Secret Service would not say whether he was tied to the recent attacks that affected the in-store cash register systems at Target, Neiman Marcus, Michaels and other retailers last year.

The arrest of Mr. Seleznev provides a lens onto the shadowy world of Russian hackers, the often sophisticated programmers who seem to operate with impunity. As long ago as March 2011, the United States attorney’s office in Washington State identified Mr. Seleznev, a Russian citizen, in a sealed indictment as “Track2,” an underground alias that is an apparent reference to the data that can be pulled off the magnetic strips of credit and debit cards.

That data includes enough basic information — like account numbers and expiration dates — to make fraudulent purchases.

The indictment accuses Mr. Seleznev of hacking into the cash register systems of businesses across the United States and of operating computer servers and international online forums in Russia, Ukraine and elsewhere where such stolen data is traded in the digital underground.

It was not yet clear how the Secret Service arrested Mr. Seleznev, and the United States attorney’s office in Washington State declined to elaborate.

In a statement, the Secret Service said Mr. Seleznev’s charges included five counts of bank fraud, eight counts of intentionally causing damage to a protected computer, eight counts of obtaining information from a protected computer, one count of possession of 15 or more unauthorized access devices, two counts of trafficking unauthorized access devices, and five counts of aggravated identity theft.

According to the indictment, which was unsealed on Monday, Mr. Seleznev is accused of scanning devices for weaknesses and inserting so-called malware that was capable of stealing credit card information. He is accused of stealing 32,000 credit card numbers from computers at Broadway Grill, in Seattle, from December 2009 to October 2010. The restaurant did not discover the thefts until late October 2010.

Mr. Seleznev is also accused of similar heists at four other Washington State restaurants and a number of other American businesses, including Schlotzsky’s Deli in Coeur d’Alene, Idaho; Active Network in Frostburg, Md.; Day’s Jewelers in Maine; Latitude Bar and Grill in Manhattan; and the Phoenix Zoo.

In addition, Mr. Seleznev is also accused of stealing more than 200,000 credit card numbers from November 2010 to February 2011 and of selling 140,000 credit card numbers on underground sites with names like bulba.cc and Track2.name, generating profits of more than $2 million.

“This scheme involved multiple network intrusions and data thefts for illicit financial gain,” Julia Pierson, director of the Secret Service, said in a statement. “The adverse impact this individual and other transnational organized criminal groups have on our nation’s financial infrastructure is significant and should not be underestimated.”

Mr. Seleznev appeared at a court in Guam on Monday. He will be held in custody there until his next hearing in two weeks. He faces up to 30 years in prison if convicted of just the bank fraud. The other charges also carry significant sentences.

The case remains under investigation by the United States Secret Service Electronic Crimes Task Force in Seattle and is being prosecuted by the United States attorney’s office for the Western District of Washington.

According to one government official, who declined to be identified because of the current investigation, Mr. Seleznev was also among the members of a transnational criminal organization whose members bought and sold personal and financial information through online carding forums, such as the Russian underground website carder.su. In 2012, 19 members of that group were arrested, but Mr. Seleznev remained at large.

He still faces a separate indictment in the District of Nevada on charges of racketeering as well as two counts of possession of 15 or more counterfeit and unauthorized access devices.

Todd Greenberg, an assistant United States attorney, would not comment on the means by which Mr. Seleznev, a Russian national, was detained in Guam. However, arrests in Russia over computer crimes are rare, even when hackers living in Russia have been outed by outside groups like the Spamhaus Project, a spam-prevention service based in Europe. According to Spamhaus, Russia is the world’s third-biggest source of Internet spam, after the United States and China.

Just last week, American security researchers accused the Russian government of systematically hacking into oil and gas companies in the United States and other Western nations.

The United States has treated computer security as a law enforcement matter. But Russia has pushed for an international treaty that would regulate the use of online weapons by military or espionage agencies. The United States has been hesitant to press for such a treaty — in large part because its own National Security Agency is behind some of the broadest espionage operations — but it has continued to press for closer law enforcement cooperation on cybercrime.