Russian cyber-criminal sentenced to 14 years in prison for role in massive online identity theft and bank fraud conspiracy

ATLANTA – Russian cyber-criminal Roman Valeryevich Seleznev has been sentenced to 14 years in prison for his role in a $50 million cyberfraud ring and for defrauding banks of $9 million through a hacking scheme.

“Cybercriminals have victimized our citizens from half-way around the world,” said U.S. Attorney Byung J. “BJay” Pak. “As Seleznev learned, this office has committed resources designed to target cyber-crime and we will pursue these criminals no matter where they reside.  The safety of our citizens is our priority, and we are committed to ending the damage they cause.”

“Modern-day hackers can often be considered project managers who oversee complex criminal schemes, and offer their services for hire to other cyber criminals.   Additionally, they rarely limit themselves to a single victim or to a single criminal scheme.  Seleznev was involved in at least three schemes, one of which was a scheme targeting an Atlanta-based company that resulted in the highly coordinated withdrawal of millions of dollars from ATMs throughout the world in under twelve hours. Seleznev's multiple sentences ensure he will no longer be a threat to American financial institutions and citizens for quite some time, and act as a strong deterrent to other cyber criminals offering their services for hire,” said David J. LeValley, Special Agent in Charge, FBI Atlanta Field Office.

“The Secret Service worked closely with our law enforcement partners to share information and resources that ultimately brought Seleznev and his conspirators to justice,” said Kenneth Cronin, Special Agent in Charge, U.S. Secret Service, Atlanta Field Office.  “Our longstanding role in transnational cyber investigations and network intrusions was crucial in combatting this complex hacking ring.  This sentence illustrates that there is no such thing as anonymity for those engaging in fraudulent schemes and cyber-criminals will not go unpunished.”

According to U.S. Attorney Pak, the charges and other information presented in court:  Seleznev, in connection with his guilty plea in the Northern District of Georgia case, admitted that he acted as a “casher” who worked with hackers to coordinate a scheme to defraud an Atlanta-based company that processed credit and debit card transactions on behalf of financial institutions.  Seleznev admitted that pursuant to the scheme, in November 2008, hackers infiltrated the company’s computer systems and accessed 45.5 million debit card numbers, certain of which they used to fraudulently withdraw over $9.4 million from 2,100 ATMs in 280 cities around the world in less than 12 hours.

To date, the U.S. Attorney’s Office for the Northern District of Georgia has charged 14 individuals involved in the hack and cashout, including Russian nationals Viktor Pleschuk, Evgeniy Anikin, and Roman Seleznev; Estonian nationals Sergei Tsurikov, Igor Grudijev, Ronald Tsoi, Eveilyn Tsoi, and Mikhail Jevgenov; Moldovan national Oleg Covelin; Ukranian nationals Vladimir Valeyrich Tailar and Evgeny Levitskyy; Nigerian national Ezenwa Chukukere; American national Sonya Martin; and Vladislav Horohorin, who is a citizen of Russia, Israel, and Ukraine.

In connection with his guilty plea in the Nevada case, Seleznev admitted that he became associated with the Carder.su organization in January 2009. According to Seleznev’s admissions in his plea agreement, Carder.su was an Internet-based, international criminal enterprise whose members trafficked in compromised credit card account data and counterfeit identifications and committed identity theft, bank fraud and computer crimes. Seleznev admitted that the group tried to protect the anonymity and the security of the enterprise from both rival organizations and law enforcement. For example, members communicated through various secure and encrypted forums, such as chatrooms, private messaging systems, encrypted email, proxies and encrypted virtual private networks. Gaining membership in the group required the recommendation of two current members in good standing.

Seleznev further admitted that he sold compromised credit card account data and other personal identifying information to fellow Carder.su members. The defendant sold members such a large volume of product that he created an automated website, which he advertised on the Carder.su organization’s websites. His automated website allowed members to log into and purchase stolen credit card account data. The defendant’s website had a simple interface that allowed members to search for the particular type of credit card information they wanted to buy, add the number of accounts they wished to purchase to their “shopping cart” and upon check out, download the purchased credit card information. Payment of funds was automatically deducted from an established account funded through L.R., an online digital currency payment system.

Seleznev further admitted that he sold each account number for approximately $20.  The Carder.su organization’s criminal activities resulted in loss to its victims of at least $50,983,166.35.

Roman Valeryevich Seleznev aka Track2, Bulba and Ncux, 33, was sentenced by U.S. District Judge Steve C. Jones of the Northern District of Georgia to serve 14 years in prison for one count of participation in a racketeering enterprise pursuant to an indictment returned in the District of Nevada, and to 14 years in prison for one count of conspiracy to commit bank fraud pursuant to an indictment returned in the Northern District of Georgia, with sentences to run concurrent to one another.  In both cases, Seleznev was ordered three years of supervised release to run concurrently.  He was also ordered restitution in the amount of $50,893,166.35 in the Nevada case and $2,178,349 in the Georgia case.  Seleznev pleaded guilty to the charges on Sept. 7. 

Seleznev is also a defendant in a wire fraud and computer hacking case brought by the Department of Justice in the U.S. District Court for the Western District of Washington.  On Aug. 25, 2016, a federal jury convicted Seleznev of 38 counts related to his role in a scheme to hack into point-of-sale computers to steal and sell credit card numbers to the criminal underworld.  On April 21, 2017, Seleznev was sentenced to 27 years in prison for those crimes, which will run concurrent to his sentences.   

The cases were investigated by the FBI, HSI, and the U.S. Secret Service. 

The Northern District of Georgia case was prosecuted by Assistant U.S. Attorney Kamal Ghali of the Northern District of Georgia.  The Nevada case was prosecuted by Trial Attorney Catherine K. Dick of the DOJ Criminal Division’s Organized Crime and Gang Section and Assistant U.S. Attorney Kimberly M. Frayn of the District of Nevada. 

For further information please contact the U.S. Attorney’s Public Affairs Office at USAGAN.PressEmails@usdoj.gov or (404) 581-6016.  The Internet address for the U.S. Attorney’s Office for the Northern District of Georgia is http://www.justice.gov/usao-ndga.