US court hits Russian PoS hacker with record 27 year jail sentence
For four years, between October 2009 and October 2013, Roman Valeryevich Seleznev hacked into retail point-of-sale (PoS) systems, installing malware that stole payment card details from purchasers, and selling the data to the criminal underworld.
Many of the 32-year-old Russian’s victims were small businesses – including a number of US restaurants, including one (the Broadway Grill in Seattle) that was forced into bankruptcy through the attack.
In all, more than 500 American businesses and 3,700 financial institutions are said to have fallen victim to malware planted by Seleznev.
At his trial, evidence was presented that Seleznev hacks sent stolen credit card data from infected point-of-sale systems to servers under his control in Russia, Ukraine and Virginia.
In all, Seleznev’s activities are said to have cost 3,700 financial institutions a jaw-dropping $169 million.
All that came to an end in July 2014 when Seleznev was taken into custody in the Maldives, while holidaying with his girlfriend. When his laptop was later forensically examined it was found to contain more than 1.7 million stolen credit card details, as well as other evidence linking him to the servers and financial transactions linked to the scheme.
It must suck to have your vacation in the Maldives ruined by law enforcement agencies taking you into custody. It must grate to find that the authorities have a wealth of evidence against you, implicating you in a multi-million criminal scheme.
But you know what must really hurt Seleznev? That he has now been sentenced to an astonishing 27 years in prison for his crimes – the longest sentence ever handed down for hacking-related charges in the United States.
And, if you believe the prosecutors, there’s good reason for Roman Seleznev – who used the online handle “Track2” – to receive such a tough sentence:
“Simply put, Roman Seleznev has harmed more victims and caused more financial loss than perhaps any other defendant that has appeared before the court. This prosecution is unprecedented.”
Perhaps Seleznev was lucky to only get a 27 year prison sentence, as it appears he could potentially have received a life sentence due to the scale of his crimes.
Perhaps he hoped that an 11-page handwritten apology he wrote to the court admitting his guilt, would reduce the amount of time he would have to serve.
But 27 years in the clink is what he has been given. And anyone else considering following a life of cybercrime would be wise to remember that. Yes, there are undoubtedly riches that can be earnt through breaking the law – but you would be wiser to live an honest life and not lose your freedom.
Kenneth Blanco, Acting Assistant Attorney General sent out a warning to others engaged in computer crime that the authorities were prepared to pursue them wherever they were in the world:
“This investigation, conviction and sentence demonstrates that the United States will bring the full force of the American justice system upon cybercriminals like Seleznev who victimize U.S. citizens and companies from afar. And we will not tolerate the existence of safe havens for these crimes – we will identify cybercriminals from the dark corners of the Internet and bring them to justice.”
Seleznev is the son of Russian parliamentarian Valery Seleznev, who reportedly feels his son was “abducted” to face trial in the United States.
Author Graham Cluley, We Live Security