Russian credit-card hacker faces 30-year sentence
SEATTLE — In Russian cybercrime mastermind Roman Seleznev, the U.S. Department of Justice is boasting it finally caught and convicted a big fish in the often impenetrable world of global computer theft — and now the agency intends to make a lesson of him.
U.S. federal prosecutors will ask a Seattle judge today to sentence Seleznev, 32, to 30 years in prison for operating a massive — maybe unprecedented — credit-card theft scheme from behind keyboards in Vladivostok, Russia, and Bali, Indonesia. Over a decade, Seleznev stole and sold on the black market more than two million credit-card numbers, resulting in losses of at least $170 million US, and maybe into the billions, according to documents filed in U.S. District Court in Seattle.
“Never before has a criminal engaged in computer fraud of this magnitude been identified, captured and convicted by an American jury,” prosecutors wrote.
In an 11-page handwritten letter to U.S. District Judge Richard Jones, Seleznev admits it all, saying he turned his considerable computer skills to crime out of desperation after he found himself alone on the streets of Vladivostok after his mother, divorced from his Russian politician father, died from alcoholism at age 40.
Seleznev wrote that he found her dead in the bathtub of their tiny flat, which was shared with four other families. After that, he was on the streets.
“I was 17, struggle hard, and lose my way into bad world,” he wrote.
The prosecution of Seleznev has proved as epic as his crimes. According to federal sentencing documents, he first appeared on U.S. law-enforcement radar screens in 2005 as the hacker “nCuX,” a translation of the Russian word for “psycho.”
By 2009, Seleznev had “become one of the world’s leading providers of stolen credit-card data,” prosecutors wrote.
During this time, prosecutors say, agents learned the identity of Seleznev, the son of Valery Seleznev, a member of the Duma, Russia’s parliament. Prosecutors contend the senior Seleznev has tried to protect his son.
In May 2009, according to the sentencing documents, agents with the FBI and Secret Service met with members of the Russian Federal Security Service in Moscow and presented evidence of Roman Seleznev’s crimes.
“The agents’ attempt at international co-ordination backfired,” prosecutors wrote. “Shortly after that, nCuX completely disappeared from the Internet.”
Prosecutors say Seleznev reappeared in Indonesia using new identities — “Track2” and “Bulba” — and employed new innovations that “took his carding enterprise to the next level.”
On a single day in April 2011, he posted one million stolen credit-card numbers for sale.
He was living a lavish lifestyle, according to the documents. Prosecutors have released photographs of him with stacks of cash, and he was known to purchase American muscle cars and race them through Moscow.
In April 2011, Seleznev travelled with his wife to Marrakech, Morocco, to “reunite” with his father, according to documents filed by his attorney. He was in a café when a suicide bomber struck, killing 27 people and leaving Seleznev nearly dead with a severe head injury.
Seleznev, in a coma, was flown to Moscow, where he said his wife left with his child after being told he would likely never recover. He was hospitalized until 2012. In 2013, he started hacking again using a new identity, “2Pac.”
Around the same time, a federal grand jury in Seattle handed up a sealed indictment naming Seleznev in more than 30 computer fraud-related counts. Many of the businesses he was accused of hacking were in Washington state, including the former Broadway Grill on Capitol Hill, Grand Central Bakery, Mad Pizza locations in Seattle and Tukwila, Village Pizza in Anacortes and the Casa Mia Italian Restaurant in Yelm, Thurston County.
Agents were unable to arrest him, however, because he avoided travelling to countries that have extradition treaties with the U.S.
In June 2014, agents learned that Seleznev intended to travel to the tropical island country of the Maldives in the Indian Ocean.
While the U.S. did not have a treaty with the Maldives, officials there agreed to let U.S. agents arrest Seleznev. He was taken into custody at the airport without incident, despite official protests from Russian authorities that he was kidnapped.
In Seattle, his prosecution has maintained its drama over the past three years. Seleznev accused government agents of misconduct and burned through six sets of attorneys in the case. Prosecutors at one point were concerned that he and his father were plotting an escape from the Federal Detention Center in Sea Tac.
Seleznev was convicted last August following a nine-day jury trial on 38 computer fraud-related charges. Given the number of victims and the amount of losses, the federal sentencing guidelines — which must be considered by a judge but not necessarily followed — conclude Seleznev should go to prison for life.
A Russian cybercrime mastermind stole and sold on the black market more than two million credit-card numbers.