Roman Seleznev
Roman Valerevich Seleznev[lower-alpha 1] (or Seleznyov,[2] Russian: Роман Валерьевич Селезнёв; born 1984), also known by his hacker name Track2, is a Russian computer hacker. Seleznev was indicted in the United States in 2011, and was convicted of hacking into servers to steal credit-card data. His activities are estimated to have caused more than $169 million in damages to businesses and financial institutions.[3] Seleznev was arrested on July 5, 2014, and was sentenced to 27 years in prison for wire fraud, intentional damage to a protected computer, and identity theft.[3]
Roman Seleznev | |
---|---|
Роман Валерьевич Селезнёв | |
Born | 1984 (age 36–37) |
Nationality | Russian |
Other names | nCuX, Track2, Bulba, Zagreb, shmak, smaus (hacker names)[1] |
Citizenship | Russian |
Known for | Hacking |
Criminal charge(s) | Hacking, wire fraud, racketeering |
Parent(s) |
|
Hacking career
He began his activities in early 2003 on the credit card fraud site CarderPlanet, providing paid Social Security numbers and criminal-history research using (among others) stolen LexisNexis accurint.com accounts. Seleznev's employee later created a scanner which allowed a user to scan the internet for MSRDP open ports (3389 by default). Default configurations provided poor protection at the time, and many administrator accounts were not secured by passwords. Exploiting this vulnerability, Seleznev and his partner accessed many remote computers, including those with financial and credit-card data.
He contacted BadB, another hacker, to gain more experience in exploiting financial systems. BadB, a cybercriminal identified in 2009 as Vladislav Horohorin, provided Seleznev with an automated script to look for credit card traces in systems and networks. With this script, Seleznev obtained his first credit-card dumps, which he resold to Horohorin. He became dissatisfied with Horohorin, and decided to begin his own credit-card-dump operation using the nickname nCuX (from Russian: псих, "psycho").
Seleznev expanded his operations in 2008 from scanning MSRDP with default (or no) passwords to developing sophisticated malware which could intercept network traffic and search network shares, distributing it through flaws in Internet browsers by injecting malicious code into advertising traffic. He infected many computers, primarily in the United States.
By May 2009, USSS believed they had collected enough information to come to the conclusion that nCuX was probably the identity of Roman Seleznev. They had a meeting with the Russian intelligence agency FSB in which they shared information from their investigation and their belief that nCuX was Seleznev.[5] Shortly after this meeting, in June 2009, nCuX closed all of his accounts and disappeared from the Internet; USSS suspected FSB had tipped Seleznev off.[5]
After shutting down nCuX, Seleznev created two other names (Track2 and Bulba)[5] and used them to operate his own automated stolen-credit-card shops. He bought advertising space in the "Dumps" section of the illegal carding forum carder.su,[6] which was shut down in a 2012 Department of Homeland Security operation.[7] Horohorin's advertising campaign on carder.su was also shut down, and a denial-of-service attack ensued. He was arrested by USSS in August 2010, leaving Seleznev without competition.
During a vacation in Morocco, Seleznev received a severe head injury in the 2011 Marrakesh bombing and was evacuated to Moscow for surgery.
Arrest and trial
Seleznev's 2014 arrest was controversial in Russia. Russian officials called his arrest a "kidnapping", and said that the U.S. had failed to notify Russian consulates. The DOJ initially refused to disclose the location of Seleznev's arrest, but prosecutors later revealed he was arrested while on vacation at Kanifushi Resort in the Maldives.[8] The Russian Foreign Ministry criticized the island country for failing to follow "international legal norms",[9] which prosecutors said was justified based on the noncooperation of the FSB in 2009 and the scope of Seleznev's crimes.[10] As the Maldives does not have an extradition treaty with the United States, the USSS negotiated directly with the Maldivian government to arrange an expulsion of Seleznev into U.S. law enforcement custody,[10] from which he was sent to Guam to await trial.[8]
DHS Secretary Jeh Johnson said in a statement the arrest showed that "despite the increasingly borderless nature of transitional organized crime, the long arm of justice – and the Department of Homeland Security – will continue to disrupt and dismantle sophisticated criminal organizations".[11]
In 2016, after a 1½-week trial in the U.S. District Court for the Western District of Washington,[12] a jury found Seleznev guilty on 38 counts;[13][14] the following year, he was sentenced to 27 years' imprisonment.[3][15] On May 19, 2017, Seleznev faced charges in Atlanta[16] and Nevada;[17] he pled guilty that September to conspiracy to commit bank fraud,[18] and was sentenced to 14 years in prison in November.[19] This sentence will run concurrently with his original sentence.[19]
Later reporting indicated that Selznev's arrest may have been the result of a cooperative effort between the U.S. government and an officer working within the FSB.[20]
Seleznev is currently being held at the medium security prison FCI Butner in North Carolina, after being transferred from USP Atlanta in 2018.[21] He requested to be transferred to FCI Butner due to the prison's good living conditions and hospital.[21][22]
Notes
- Because Seleznev was a politician's child his name had to be redacted on Department of Justice documents when Operation Open Market had occurred initially.
References
- "USA V. ROMAN SELEZNEV, No. 17-30085 (9th Cir. 2019)". Justia Law. Retrieved 2019-12-30.
- Dennis F. Poindexter, The New Cyberwar: Technology and the Redefinition of Warfare, 2015, P.115-116, ISBN 0-78-649843-9
- "Russian Cyber-Criminal Sentenced to 27 Years in Prison for Hacking and Credit Card Fraud Scheme". Department of Justice Office of Public Affairs. U.S. Department of Justice. April 21, 2017. Archived from the original on December 30, 2019.
- Wilber, Del Quentin (7 July 2014). "Russian Charged by U.S. as Hacker Is Duma Member's Son". Bloomberg L.P. Retrieved 8 July 2014.
- Barbosa, Norman; Chun, Harold (July 2017). "Ochko123 – How the Feds Caught Russian Mega-Carder Roman Seleznev". Black Hat Briefings. Archived from the original on June 18, 2018. Retrieved August 25, 2017.
- Phishme, Gary Warner, Uab / (2016-08-25). "CyberCrime & Doing Time: Roman Seleznev (AKA Track2 / Bulba / Zagreb / smaus) Found Guilty on 38 of 40 Charges". CyberCrime & Doing Time. Retrieved 2017-09-09.
- "Nevada Prosecutor And Homeland Security Investigations Special Agent Receive Awards For Their Work On Cybercrime Case". www.justice.gov. Retrieved 2017-09-09.
- Radia, Kirit (July 8, 2014). "Russia Claims Alleged Hacker Was 'Kidnapped' by US 'Agents'". ABC News. Archived from the original on December 30, 2019. Retrieved 2019-12-28.
- "Russia Calls U.S. Arrest of Alleged Hacker 'Kidnapping'". The Moscow Times. 8 July 2014. Archived from the original on December 30, 2019. Retrieved 8 July 2014.
- Barbosa, Norman; Chun, Harold (July 2017). "Ochko123 – How the Feds Caught Russian Mega-Carder Roman Seleznev". Black Hat Briefings. Archived from the original on June 18, 2018. Retrieved August 25, 2017.
- "U.S. arrests Russian in hacking of retail systems". Reuters. 7 July 2014. Retrieved 8 July 2014.
- Clarridge, Christine (August 26, 2016). "Son of Russian Parliament member convicted in massive hacking, ID-theft scheme". The Seattle Times. Retrieved 2019-12-28.
- "Russian Cyber-Criminal Convicted of 38 Counts Related to Hacking Businesses and Stealing More Than Two Million Credit Card Numbers". Department of Justice. August 25, 2016.
- Levi Pulkkinen (December 12, 2016). "The Seattle case against a Russian hacker just got weirder". Seattle Post-Intelligencer.
- Perlroth, Nicole (21 April 2017). "Russian Hacker Sentenced to 27 Years in Credit Card Case". Retrieved 21 May 2017 – via NYTimes.com.
- "Roman Seleznev — Krebs on Security". krebsonsecurity.com. Retrieved 21 May 2017.
- "Convicted Russian Cyber Criminal Roman Seleznev faces charges in Atlanta". www.justice.gov. Retrieved 21 May 2017.
- "Russian cybcercriminal Roman Seleznev pleads guilty in Atlanta" (Press release). Atlanta: U.S. Attorney's Office, Northern District of Georgia. September 8, 2017. Retrieved 2018-05-26.
- "Russian Cyber-Criminal Sentenced to 14 Years in Prison for Role in Organized Cybercrime Ring Responsible for $50 Million in Online Identity Theft and $9 Million Bank Fraud Conspiracy" (Press release). Washington, D.C.: U.S. Department of Justice. November 30, 2017. Retrieved 2018-05-26.
- Collier, Kevin (August 23, 2017). "Helping US Catch Criminal Hackers Led to Russian Treason Arrests". Archived from the original on June 15, 2020.
The timing of his arrest fueled speculation that Mikhailov and another Russian, Ruslan Stoyanov, who faces similar charges, were sources for the CIA’s public assessment that someone with high authority in the Russian government directly authorized an operation to swing the 2016 US election in favor of Donald Trump. But TV Rain, one of Russia's most reputable news organizations, reported that Mikhailov ran afoul of authorities in his country because he helped US authorities engineer the capture of Roman Seleznev, one of the most notorious credit card hackers in history, who also is the son of a prominent Russian legislator, Valery Seleznev.
- Norder, Lois (Feb 28, 2018). "Atlanta prison too harsh for Russian hacker". The Atlanta Journal-Constitution. Archived from the original on December 30, 2019. Retrieved December 30, 2019.
- "Russian citizen sentenced in US sent to prison with milder conditions". TASS. 28 Feb 2018. Retrieved 2019-12-30.