Fraud Management & Cybercrime , Next-Generation Technologies & Secure Development

Russian Receives Record-Setting US Hacking Sentence

POS Malware Attacker Roman Seleznev to Serve 27 Years in Prison
Russian Receives Record-Setting US Hacking Sentence
Convicted hacker Roman Seleznev. (Source: Department of Justice)

A federal judge has slammed a 32-year-old Russian hacker, who ran a massive malware scheme that targeted U.S. businesses, with a nearly three-decade prison sentence.

See Also: 2024 Threat Hunting Report: Insights to Outsmart Modern Adversaries

On April 21, Roman Valeryevich Seleznev, aka "Track2," was sentenced by U.S. District Judge Richard A. Jones to serve 27 years in prison - apparently the longest sentence ever handed down in the United States tied to hacking charges. And he faces even more potential jail time via cases that remain underway in federal courts in Georgia and Nevada.

In August 2016, a jury found Seleznev guilty on 38 counts related to defrauding 3,700 financial institutions in the United States of at least $169 million.

Between 2009 and 2013, according to evidence presented at the trial, Seleznev oversaw an operation that involved hacking into point-of-sale devices and installing malware designed to steal payment card numbers. Seleznev then bundled the stolen credit and debit card numbers into groups called "bases," which were then sold via dark market websites for the purpose of committing fraud, according to the Department of Justice.

Seleznev had pleaded not guilty to the charges and sought a free defense on the grounds that he had no assets, which prosecutors contested. After being convicted, he admitted to the charges and asked for forgiveness, according to court documents. But prosecutors, in seeking a nearly three-decade prison term for the convicted hacker, argued in court documents that his contrition had come too late.

His harsh sentence is no doubt meant to deter those who seek to profit via cybercrime, as was the life sentence imposed in 2015 on Ross Ulbricht, the mastermind behind the Silk Road darknet marketplace, via which everything from hacking tools and illegal narcotics to firearms and assassinations for hire were marketed (see The Myth of Cybercrime Deterrence).

"The notion that the internet is a Wild West where anything goes is a thing of the past," U.S. Attorney Annette L. Hayes said in a statement. "As Mr. Seleznev has now learned, and others should take note, we are working closely with our law enforcement partners around the world to find, apprehend and bring to justice those who use the internet to steal and destroy our peace of mind."

Seleznev has also been charged in two other separate indictments. One, in Nevada federal court, includes charges relating to participating in a racketeer-influenced corrupt organization - aka RICO - and possessing counterfeit and unauthorized access devices. The other indictment, in Georgia federal court, includes bank fraud, wire fraud and conspiracy charges.

Son of Russian Lawmaker

Seleznev is the son of Russian lawmaker Valery Seleznev, who is part of the country's Liberal Democratic party - which is often described as a far-right ultranationalist party. The legislator is a close ally of Russian President Vladimir Putin, the New York Times reports.

"My son was tortured because being in jail in a foreign country after abduction is torture in itself. He is innocent," Valery Seleznev told the RIA Novosti news agency.

In July 2014, while on vacation, Seleznev was grabbed by U.S. Secret Service agents at an airport in Maldives - an island nation in the Indian Ocean that has no extradition treaty with the United States. He was then flown by agents to the U.S. territory of Guam, where he was arrested.

The Russian government previously criticized Seleznev's arrest as kidnapping.

Legal experts, however, say the U.S. government tends to refer to these types of tactics as informal extradition, "because kidnapping is such a dirty word," according to cybersecurity attorney Mark Rasch, who created the computer crime unit at the U.S. Department of Justice.

Levashov Extradition Sought

Meanwhile, another Russian national, arrested in Spain at the request of the Justice Department, now faces U.S. extradition in relation to alleged hacking activities.

Peter Yuryevich Levashov, 36, aka Petr Levashov, Peter Severa, Petr Severa and Sergey Astakhov, was arrested April 7 in the Spanish city of Barcelona (see Spanish Police Arrest Russian Computer Programmer).

As with Seleznev, Levashov's arrest was made possible thanks to the suspect - who resides in St. Petersburg, Russia - being on vacation, apparently with his family.

The Justice Department says in a statement that Levashov has been accused of "harvesting login credentials, distributing bulk spam emails, and installing ransomware and other malicious software."

A criminal complaint and an arrest warrant for Levashov were issued March 24 in Connecticut federal court. He has been charged with one count each of intentional damage to a protected computer, conspiracy, accessing protected computers in furtherance of fraud, wire fraud, threatening to damage a protected computer, aggravated identity theft and two counts of fraud in connection with email.

Levashov allegedly ran the Kelihos botnet, which controlled PCs infected with Kelihos malware, stole access credentials for online bank accounts as well as generated and distributed 2,500 spam emails in a 24-hour period, primarily designed to inflate stock prices as part of pump-and-dump stock schemes, according to the indictment.

"To further the scheme, Levashov allegedly disseminated spam and distributed other malware - such as banking Trojans and ransomware, and advertised the Kelihos botnet spam and malware services to others for purchase in order to enrich himself," according to the Justice Department.

Some initial news reports on Levashov's arrest had repeated a claim disseminated from state-owned Russian propaganda arm RT that his arrest related to hacking that was "linked to Trump's election win." But U.S. officials have dismissed that claim (see The U.S. Presidential Election Hacker Who Wasn't).

More Arrests in Spain

It's been a busy month for operations involving alleged cybercriminals based in - or passing through - Spain.

Also in April, police from the northwest of England - part of the TITAN regional organized crime unit - traveled to Spain to execute warrants in relation to an ongoing cybercrime investigation as part of a joint operation involving the Spanish national police, "Policia Nacional," as well as the Joint Cybercrime Action Taskforce, J-CAT, which is part of Europol's European Cyber Crime Center - aka EC3.

Police say that on April 6, three men were arrested - a 20-year-old from Spain, a 21-year-old from Mexico and a 20-year-old from Colombia - on charges relating to developing online-attack tools. That followed the arrest of two men, both 21, in Southport, England, on similar charges in April 2016, as part of a long-running investigation.

"This is a complex investigation which focuses on individuals involved in cybercrime, particularly those involved in the development and sale of malware, which can be used to attack another individual's computer or devices," Detective Chief Superintendent Chris Green says in a statement.

Officials say cybersecurity firm Trend Micro assisted with the investigation.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.