International Financial Law Prof Blog

Editor: William Byrnes
Texas A&M University
School of Law

Tuesday, August 12, 2014

Son of Russian MP Captured and Arraigned for Distributing Credit Card Data of Thousands of Americans

A Russian national indicted for hacking into point of sale systems at retailers throughout the United States and operating websites that distributed credit card data of thousands of credit card holders appeared [August 11] for arraignment in U.S. federal court... Read the DOJ Press Release here.

Secret serviceOn July 5, the Secret Service apprehended Roman Valerevich Seleznev in the Maldive Islands. See DHS press release on his arrest.  But Russia accused the US of "kidnapping" Roman Seleznev, the son of a Russian lawmaker MP Valery Seleznev.  See Reuters article on Russian perspective. 

Roman Valerevich Seleznev, aka “Track2,” 30, of Vladivostok, Russia, was indicted by a federal grand jury in the Western District of Washington on March 3, 2011, and the indictment was unsealed on July 7, 2014.   Seleznev is charged in connection with operating several carding forums, which are websites where criminals gather to sell stolen credit card numbers, and hacking into retail point of sale systems and installing malicious software on the systems to steal credit card numbers.   Seleznev was transferred to Seattle, Washington, from Guam, where he made his initial appearance on July 7, 2014.   Today, Seleznev entered pleas of “not guilty” to the charges in the indictment.   Trial is scheduled for October 6, 2014.

Credit Card Activities of Roman Seleznev

 According to the allegations in the indictment, Seleznev hacked into retail point of sale systems to steal credit card numbers between October 2009 and February 2011.   Seleznev also created and operated infrastructure using servers located all over the world to facilitate the theft and sale of credit card data and host carding forums.   

Seleznev is charged with 29 counts: five counts of bank fraud, eight counts of intentionally causing damage to a protected computer, eight counts of obtaining information from a protected computer without authorization, one count of possession with intent to defraud of 15 or more unauthorized access devices (stolen credit card numbers), two counts of trafficking in unauthorized access devices and five counts of aggravated identity theft.

Bank Fraud is punishable by up to thirty years in prison and a $2 million fine.  Intentionally causing damage to a protected computer resulting with a loss of more than $5,000 is punishable by up to ten years in prison and a $250,000 fine.  Obtaining information from a protected computer is punishable by up to five years in prison and a $250,000 fine.  Possession of more than 15 unauthorized access devices is punishable by up to ten years in prison and a $250,000 fine.  Trafficking in unauthorized access devices is punishable by up to 10 years in prison and a $250,000 fine.  Aggravated identity theft is punishable by an additional two years in prison on top of any sentence for the underlying crimes.  In determining the actual sentence, the Court will consider the United States Sentencing Guidelines, which are not binding but provide appropriate sentencing ranges for most offenders.

Credit card fraud costs financial institutions $40 billion annually.  In the Western District of Washington more than 180,000 stolen credit card numbers have been identified in recent cyber cases.

Website for Stolen Credit Card Informartion Leads to 25 Convictions (and more on the way)

Seleznev has also been charged in an indictment filed in the District of Nevada that was returned on Jan. 10, 2012, and unsealed on Nov. 13, 2013, alleging that he participated in a racketeer influenced corrupt organization, conspired to engage in a racketeer influenced corrupt organization, and possessed counterfeit access devices.  Seleznev, referenced as “Track2” in the indictment, and 54 others are charged with being members of the “Carder.su” organization, which allegedly trafficked in compromised credit card account data and counterfeit identifications and committed money laundering, narcotics trafficking, and various types of computer crime. Seleznev allegedly operated a website that sold stolen card information to members of the Carder.su organization.   

Thus far, at least 25 of the defendants have been convicted, and several others are fugitives.  Those charges carry maximum penalties of up to 20 years in prison for RICO and RICO conspiracy and up to 10 years in prison for possession of fifteen or more counterfeit and unauthorized access devices. 

https://lawprofessors.typepad.com/intfinlaw/2014/08/russian-captured-and-arraigned-for-distributing-credit-card-data-of-thousands-of-americans.html

| Permalink

Comments

Post a comment