Russian Hacker Sentenced in One State, Two States to Go

In 2016, a federal jury in Washington convicted Roman Seleznev of 38 counts of various financial cybercrime charges. After the Washington court gave Seleznev a 27 year sentence, he traveled down south to Atlanta, GA. There, on May 19, a judge arraigned the 32-year-old Russian national on more cyber fraud charges.

In another indictment—the Atlanta one—a federal jury charged Seleznev with the 2008 hack of RBS Worldpay, an Atlanta-based payment processor. The hack was the “most sophisticated and organized computer fraud attack ever conducted,” at the time, that is. The hack was ultimately smaller in scale than his other crimes; the court in Washington found him guilty of causing $169 million in damage to businesses.

In the Northern District of Georgia, U.S. Magistrate Judge Linda Walker arraigned the 32-year-old hacker for a $9,000,000 hack. Seleznev, along with 13 other co-defendants, stole all of it in less than a day. The defendant, alone, cashed out $2,000,000—according to the indictment.

Also accused of participation in the 2008 heist were the following individuals: Viktor Pleschuk, Evgeniy Anikin, and Roman Seleznev of Russia; Sergei Tsurikov, Igor Grudijev, Ronald Tsoi, Eveilyn Tsoi, and Mikhail Jevgenov of Estonia; Oleg Covelin of Moldova; Vladimir Valeyrich Tailar and Evgeny Levitskyy of Ukraine; Ezenwa Chukukere of Nigeria; Sonya Martin of the United States; and Vladislav Horohorin of Russia, Israel, and Ukraine.

The group, or “team of hackers and cashers,” stole the money from ATMs in 280 cities during a 24-hour period. From 2,100 ATMs. He only stole (or used; vague wording) five debit card numbers. The cards did not belong to average ATM users, though; the group made sure to steal payroll debit cards—ones that the companies used for employee salaries.

Joseph Young wrote, in a previous DeepDotWeb article:

“Authorities tracked Roman Seleznev’s identity to a dark web marketplace, wherein he sold stolen credit card information of clients and customers of restaurants and small businesses he hacked. As reported by DeepDotWeb in September of 2016, the US Department of Justice noted that Seleznev hacked point-of-sale (PoS) systems of businesses in the US and sent sensitive financial data acquired from his hacking attacks to his private servers in Russia.”

After Seleznev finishes his time in Georgia—the time between arraignment and sentencing, not his sentence, assuming GA will convict and sentence him—he will head to Nevada. In Nevada, he faces cybercrime charges under the RICO act, along with 38 members of Carder.su [PDF].

Condensed, the indictment read:

“The defendants herein, and others known and unknown, are members of, employed by, and associates of a criminal organization, hereafter referred to as “the Carder.su organization,” whose members engage in acts of [cybercrime charges]. Members and associates of the Carder.su organization operate principally in Las Vegas, Nevada, and elsewhere.”

The Secret Service, Department of Justice, and FBI worked in unison to break up the so-called “complex hacking ring.” As the indictments and superseding indictments made clear, authorities tracked down many defendants. Seleznev captured media attention, majorly because of the man’s father, Valery Seleznev. Valery, a member of the Russian government, stated on numerous occasions that United States kidnapped his son. And furthermore, that the US tortures him in jail.