Russian Hacker Roman Valerevich Seleznev was sentenced to prison on Friday, April 21. He was convicted in U.S. District Court in Seattle on multiple counts of wire fraud and identity theft. The sentence, 27 years in a US federal prison, is a record length sentence for a cyber crime. Prosecutors sought a 30-year sentence. Seleznev caused financial losses for 3,700 financial institutions and 500 businesses across the world Seleznev will also have to repay $170 in restitution. He also stole directly from small business.
Thirty-two-year-old Seleznev hacked financial institutions as well as small businesses from which he stole credit card information. The hacker operated a server from Russia that as used to install malware on point-of-sale systems (retail checkouts or any other credit card reader.) Seleznev’s credit card stealing malware copied the card numbers and transmitted them to his other servers in the US and the Ukraine. That information was then sold online on websites he operated and maintained.
According to court documents, he was ultimately convicted of 10 counts of wire fraud, nine counts of obtaining information from a protected computer and two counts of aggravated identity theft. In addition, he was convicted of nine counts of possession of 15 or more unauthorized access devices and eight counts of intentional damage to a protected computer.
Seleznev is not believed to be behind the hacking of behind the hackings of major retailers Target and Neiman Marcus.
Russia allows hackers to operate within its borders as long as they do not steal from government agencies or other targets within their own country. US authorities have been tracking him for over ten years. After his indictment in 2011, he was finally arrested in the Maldives in 2014 despite a lack of an extradition treaty with the United States. He is the son of a member of Russia’s parliament and his arrest is not without controversy. The Russian government claim that Seleznev is a kidnapping victim. It is clear that US officials are looking to make an example of him. Cybercrimes know no boundaries.
At the time of his arrest, Seleznev had in his possession a laptop containing over one million stolen credit cards numbers. The laptop also has a search history that showed Seleznev had searched online court records to find out if he was under investigation. The laptop also contained a password cheat list linking Seleznev to a long history of criminal hacking.
Seleznev still faces charges in two more states. Convictions in these cases would increase his prison time.