24
Apr 17

The Backstory Behind Carder Kingpin Roman Seleznev’s Record 27 Year Prison Sentence

Roman Seleznev, a 32-year-old Russian cybercriminal and prolific credit card thief, was sentenced Friday to 27 years in federal prison. That is a record punishment for hacking violations in the United States and by all accounts one designed to send a message to criminal hackers everywhere. But a close review of the case suggests that Seleznev’s record sentence was severe in large part because the evidence against him was substantial and yet he declined to cooperate with prosecutors prior to his trial.

Maldives_(orthographic_projection).svg

The Maldives is a South Asian island country, located in the Indian Ocean, situated in the Arabian Sea. Source: Wikipedia.

The son of an influential Russian politician, Seleznev made international headlines in 2014 after he was captured while vacationing in The Maldives, a popular vacation spot for Russians and one that many Russian cybercriminals previously considered to be out of reach for western law enforcement agencies.

However, U.S. authorities were able to negotiate a secret deal with the Maldivian government to apprehend Seleznev. Following his capture, Seleznev was whisked away to Guam for more than a month before being transported to Washington state to stand trial for computer hacking charges.

The U.S. Justice Department says the laptop found with him when he was arrested contained more than 1.7 million stolen credit card numbers, and that evidence presented at trial showed that Seleznev earned tens of millions of dollars defrauding more than 3,400 financial institutions.

Investigators also reportedly found a smoking gun: a password cheat sheet that linked Seleznev to a decade’s worth of criminal hacking.

Seleznev was initially identified as a major cybercriminal by U.S. government investigators in 2011, when prosecutors in Nevada named him as part of a conspiracy involving more than three dozen popular merchants on carder[dot]su, a bustling fraud forum where he and other members openly marketed various cybercrime-oriented services.

Known by the hacker handle “nCux,” Seleznev operated multiple online shops that sold stolen credit and debit card data. According to Seleznev’s indictment in the Nevada case, he was part of a group that hacked into restaurants between 2009 and 2011 and planted malicious software to steal card data from store point-of-sale devices.

In Seattle on Aug. 25, 2016, Seleznev was convicted of 10 counts of wire fraud, eight counts of intentional damage to a protected computer, nine counts of obtaining information from a protected computer, nine counts of possession of 15 or more unauthorized access devices and two counts of aggravated identity theft.

“Simply put, Roman Seleznev has harmed more victims and caused more financial loss than perhaps any other defendant that has appeared before the court,” federal prosecutors charged in their sentencing memorandum. “This prosecution is unprecedented.”

Seleznev’s lawyer Igor Litvak called his client’s sentence “draconian,” saying that Seleznev was gravely injured in a 2011 terrorist attack in Morocco, has Hepatitis B and is not well physically.

Litvak noted that his client also faces two more prosecutions — in Georgia and Nevada, and that his client is likely to be shipped off to Nevada soon.

“It’s unprecedented, yes, but it’s also a draconian sentence for a person who is very gravely ill,” Litvak said in an interview with KrebsOnSecurity. “He’s not going to live that long. He’s going to die in jail. I’m certain of that.”

ANALYSIS

As for the severity of his sentence, Seleznev did himself no favors by rededicating himself to his carding empire after having been clearly marked by U.S. investigators in the 2011 indictment as a key figure in an online organized crime ring.

Many of the documents related to Seleznev’s prosecution and conviction in Washington state last week remain sealed, as he still faces federal criminal hacking charges in Nevada and Georgia. But former black hat Russian hacker turned political and cybersecurity blogger Andrey “Sporaw” Sporov published snippets from documents apparently related to Seleznev’s prosecution indicating that investigators with the U.S. Secret Service and FBI met with the Russian Federal Security Service (FSB) in 2009 to discuss Seleznev’s activities, presenting “substantial” evidence that Seleznev was a bigtime cybercrook.

The 2pac[dot]cc credit card shop that Seleznov operated.

2pac[dot]cc credit card shop that Seleznov operated, among others.

Seleznev’s online alter ego nCux reportedly got word of the meeting, and was soon after seen deleting his identities on hacker forums and saying he was closing up shop:

“As U.S. Probation noted, the information that U.S. law enforcement was investigating Seleznev ‘clearly got back to Mr. Seleznev,'” reads the document. “Indeed, Seleznev had his own contacts inside the FSB. In chat messages between Seleznev and an associate from 2008, Seleznev stated that he had obtained protection through the law enforcement contacts in the computer crime squad of the FSB. Later, in 2010, Seleznev told another associate that the FSB knew his identity and was working with the FBI.”.

But nCux didn’t go away, he merely reinvented himself as “Bulba,” operating a number of carding sites including track2[dot]name, bulba[dot]cc, and 2Pac[dot]cc. These sites sold tens of thousands of “dumps,” data that thieves encode onto new plastic cards and use to buy high-priced electronics and gift cards from big box retailers. Seleznev’s sites specialized in selling tens of thousands of dumps at a time to criminal groups and street gangs operating throughout the United States

A private mesasge between card merchant "Bulba" and an interested buyer on the fraud bazaar carder[dot]pro.

A private mesasge between card merchant “Bulba” and an interested buyer on the fraud bazaar carder[dot]pro.

Seleznev reportedly used this money to live an extravagant lifestyle, buying up properties in Bali, Indonesia. Photographs seized from Seleznev show his associates with large bundles of cash, at luxurious resorts, and posing for photographs next to flashy sports cars. Just before his capture, Seleznev reportedly spent over $20,000 to stay in a resort in the Maldives and boasting of having rented the most expensive accommodations there.

Sporov’s documents describe Seleznev’s years to evade law enforcement officials following his then-sealed indictment in Nevada:

“Seleznev remained at large for over three years. During this period, Seleznev carefully evaded apprehension, employing practices like buying last-minute plane tickets to avoid giving authorities advance notice of his travel plans. Seleznev obtained an account with the U.S. Court’s PACER system, which he monitored for criminal indictments naming him or his nicknames. He avoided travel to countries that had entered into extradition treaties with the United States. Indeed, when Seleznev was finally confronted by U.S. agents in the Maldives, his first words were to question whether the United States had an extradition treaty with the Maldives.”

The defendant also apparently burned through multiple lawyers, almost all of whom appear to have advised him to seek a plea deal with the U.S. government:

“Seleznev repeatedly attempted to manipulate and protract these proceedings, resulting in a cumulative delay of 26 months, and six sets of counsel, between his capture and trial….Transcripts of jail calls previously submitted to the Court reveal that, in the days leading up to the hearing, Seleznev and his father resolved to delay the hearing so that they could work on a secret strategy they elliptically referred to as ‘Uncle Andrey’s option.’ To manufacture the delay, Seleznev’s father suggested that Seleznev either ‘get sick’ or ‘completely stop the communication with the lawyers.'”

Seleznev is the son of Valery Seleznev, a prominent member of the Russian Duma (Russia’s parliament) and is considered an ally of President Vladimir Putin. As the Seattle Times wrote at Seleznev’s conviction in 2016, “federal prosecutors accused Seleznev and his father of plotting to tamper with witnesses and possibly discussing an escape from the Federal Detention Center in SeaTac. The assertions were based on recorded conversations, according to the government.”

Seleznev posing with a sports car in Red Square. Image: DOJ.

Seleznev posing with a sports car in Red Square. Image: DOJ.

Perhaps Mr. Seleznev thought his father’s influence and/or his own apparent connections with Russian law enforcement officials would rescue him. Maybe Seleznev believed he could prevail against the U.S. government in court.

But it seems clear that Seleznev’s record 27-year sentence had at least as much to do with the impact of his crimes as it did the enormity of the charges and evidence against him combined with his refusal to cooperate with investigators.

Seleznev’s lawyer Igor Litvak said his client declined a plea deal prior to his trial, and by the time Seleznev had changed his mind the trial was over and the government no longer needed the information he could offer. Prosecutors sought to put him away for 35 years: They got eight years shy of that request.

“The prosecution said if he would have cooperated this case would have turned out very differently,” Litvak said.

The docket for Seleznev’s case is available here and includes a number of unsealed documents related to this case.

Update, Apr. 25, 5:09 p.m. ET: Added link in the third paragraph to documentation of Seleznev’s month-long hiatus in Guam.

Tags: , , , , , , , ,

65 comments

  1. IRS iTunes Card

    Thanks for posting this article

  2. Wow! Hope he serves a substantial part of this, maybe others will take note.
    Thanks again, Brian!

  3. Boo bloody boo hoo.

    I find it ironic that the Russian embassy tweeted that “Seleznev’s 2014 arrest amounted to a kidnapping and was “unlawful”” according to NBC News, when this is the government that restricts the religious freedom of its citizens among other things.

    When you break the law, you must be prepared for the consequences.

    • Lots of people steal more money than Seleznev, keep part of it, and do less time in jail. I’d venture to say that none of these people behave as stupidly and incompetently as he did after his initial indictment and eventual arrest. He’s completely isolated in the US–only his attorney (and possibly a few Russian embassy and consular officials) give a rat’s patooty about his fate.

      Russian hackers have no friends outside of Russia, not even in Cuba or Venezuela, where the limited number of WWW users can be their victims as easily as any US citizen. There’s no love lost between the Maldivean government and ours, but even they were happy to give Seleznev up. And you can bet that there won’t be any human rights outcry aside from the Russian government. Even they are probably appalled with the Seleznev family’s ineptitude.

      Any feel-good chest thumping about this perp’s “horrible” crime ignores the above described context. This is a message penalty for the ubiquitous hackers of Mother Russia and their government. If you don’t believe it, look up the story of Richard Martino, alias “Richie from the Bronx.” He and his Cosa Nostra crew committed online theft to the tune of several hundred million. He spent 10 years in federal custody, released in 2014.

    • Rube Goldberg's Razor

      What a defense. A guy kills his parents and is sentenced to hang, then begs the court for lenience since he is, after all, an orphan. };^D

  4. He might die in prison? Boo hoo! I’m glad a Russian was finally caught, tried, and sentenced.

    • Clint's a douche

      Russian hacker*

      • He’s not a hacker, he’s a pickpocket. However, due to the fact his father is a Russian politician close to Putin, he’s now leverage. Of course the 27 years sentence may be more than what he deserved, but makes him more valuable. These are Russian tactics, the US pays them now with their own currency. Well done, US.

        • He’s a hacker. Not a particularly skilled one, more of a script kiddie, but certainly one with absolutely no ethics or morals. He’s not leverage, he’s just a criminal.

          While criminals can buy their way out of prison in Russia, that doesn’t happen in the US. The only way you get out is to cooperate with counsel and prosecution to get yourself a lighter sentence, and since he didn’t do either, he’s going to die in prison. Or not, seeing as his father requested he act sick, leading one to wonder how much of his illness is legitimate vs. a sympathy ploy/delaying tactic.

          He could always start cooperating once he starts his term but given his obstinacy (indicated by his expectations of a jailbreak), the likelihood is that’s not going to happen. At least not until a long enough time has passed that the information he’s sitting on will be of less value, which means a correspondingly smaller decrease in his sentence.

          If a jailbreak attempt is made, that will result in more charges – and a longer sentence.

  5. George Strauch

    I know it won’t happen but I’d love him to serve everyday of his sentence. NO parole!

    • The US federal prison system doesn’t have parole. There is time off for good behaviour so he can get out in around 20 years if he stays out of trouble inside.

  6. I’m bothered that the US apparently feels it has jurisdiction over the entire Internet, and can arrest anyone *anywhere in the world* who violates *US law* online.

    Sure, this guy was a crook … but what about the next guy?

    Consider this scenario. Street violence by rightwing militias in the US gets worse over April and May. Early in June, someone caps Trump. Pence becomes President and at the same time the assassination spurs a huge mobilization of Trump’s rightwing base. By the time everyone’s heads have stopped spinning, it’s martial law, draconian new legislation is being passed by the Republican congress (dominated by Tea Party evangelicals) and rubberstamped by Pence. A Supreme Court stacked with ultraconservative Christian judges (Gorsuch, et al) looks the other way as the Constitution is put to the torch. Trade unionists and Muslims are rounded up and “disappeared” or deported, after which a purge of Hispanics begins — later it will be the Jews, though until the new forces have cemented their power thoroughly they and their powerful lobby and bankster friends will be left alone or even, for a while, convinced that “this time won’t be like the last time” for them.

    By December the US is a defacto fundamentalist Christian theocracy. Free speech is outlawed. Non-Christian religions, the teaching of evolution or climate change, p0rn, etc. are all outlawed.

    And the US continues to act as if its borders contain the entire Internet.

    Now someone in Cambodia blogs about climate change, or a European scientist publishes online a paper about evolutionary biology. Plenty of websites exist for mosques, synagogues, Buddhist temples, etc. online, run out of various corners of the world. And of course the net is awash in p0rn.

    Do the proprietors of all of these websites start getting rounded up and renditioned, “extradited”, or similarly? After all, though they’re not inside US borders, what they are doing is illegal under US law and they are doing it online …

    Now are you worried?

    • I feel you.

      But this is actually one of the few cases they seem to be doing it right. I mean, credit card fraud is a crime anywhere in the world, not just in the US. They also got in touch with the foreign country and had full cooperation. He had access to lawyers and counseling and generally due process was respected.

      Contrast it to people like Dotcom, Assange, Snowden. So the crook had all due process but the innocent men had not. Of course whether Dotcom is innocent or not is up for debate but the shady things the US has been doing in his case hardly makes one sympathetic to the US govt.

      • There’s still a problem if, no matter what local laws prescribe as the penalty for credit card fraud, in actuality anyone who commits credit card fraud will be subjected to the *US* penalty instead. That seems like an infringement on national sovereignty. No country but the US gets to decide the penalty for this particular crime?

        • If you commit crimes against the US (stealing and selling US credit card numbers) then they will find and arrest you. Get used to it.

    • Yes, I’m so incredibly worried now! Mike Pence will probably electroshock me to death trying to remove the gay, personally, likely on the 38th parallel before he personally fires nuclear weapons at Pyongyang.

      • Pence personally got me my job, Obama tried to take it… ill take the guys getting me a job vs the bozos trying to give them to the under qualified. (IT Sys Admin)

    • You’re mistaking philosophy and ideology with straight up criminal behavior.

      BTW, republicans would love nothing more than to be rid of Trump. When he resigns or is impeached, nobody is going to carry on whatever legacy he thinks he’s going to have.

      I’m not going to stupid enough to post publicly anything like you did when you mentioned ‘June’ above, but let’s paint a more realistic picture.

      For whatever reason, Trump is no longer president. Pence steps in and we have another Bush II era, and almost everything goes back to normal.

    • Worried? Yeah, I’m worried that you’re gonna OD on all that kool-aid you’ve been slurping up.

      Good grief… some people… *massive eye-roll*

    • to Jeff Fridge, yes i agree with you leave your contact will ne nice to discuss about it all with you.
      as i can undestood something much bigger behind all this circus

    • Love You SciFI

      While raving and frothing at the mouth, Left Wing Wacko Jeff Fridges has a coronary and dies. Congresscritter Maxine Waters immediately blames the NRA. Former SoS Hillary Clinton laments that he couldn’t be rushed to Chelsea’s apartment for medical care, claiming insurance companies are more interested in profits than in installing state-of-the-art medical facilities in every home. President Obama says, “If I had a son, he’s look like Jeff Fridges.”

      Keep up the good work, Jeff! We need more comedy in our lives.

    • But what’s your point Jeff? The bad guy violated the rights on tens of thousands of people, so he got paid back in spades. Karma is a bear sometimes.

    • Mr. Fridges,

      For the sake of the record – could you please confirm that this is an attempt at humour and that you are not just ANOTHER mad paranoid YANK ??

      You are so far up your own ar*e !!

    • Somebody is off their clozapine…

    • Put on your aluminum foil hat, step away from the keyboard and take a extra dose of your medication

    • Not really. Because the government you’re living in has to cooperate with the US government to get you, and they’re unlikely to cooperate just because you published a paper in a scientific journal that refutes the current US government’s fascination with fake news. By the time they manage to extradite you the president will be out of power and the current administration will be in no hurry to continue their work.

      Just look at Microsoft after GWB was elected – they were a monopoly, they were found to have abused their monopoly power, all matters of fact and law determined under Clinton, and… they got a slap on the wrist. At which point they went right back to doing the things that got them in trouble in the first place… hence Windows 10. Windows 7’s licensing practices came about due to EU & US government scrutiny, since then they’ve gone back to abusing their customers.

      Unless your “business” revolves around stealing the identities of and committing fraud in the name of foreign nationals, you really don’t have a whole lot to fear of that foreign nation extraditing you.

      I think the problem is that our Russian friends lack the understanding that US leadership changes regularly. Theirs stay the same for decades and critics of the regime’s leadership end up dying of questionable causes for that entire time. This is normal to them. They expect that it works the same everywhere else. Hell, if anything, they think it’s worse everywhere else.

  7. i can compare this guy with
    scott rotcstein. Ponzi scammer.
    they noth have similar factor that
    they been tricked in to this from the same cult.
    here is lesson number one. Dont trust illuminati.

  8. The Cult has taking young talented people into this and its just sick. Same thing they did with Pablo Escobar. Sick sick world

  9. Mr. Fridges,
    Do you have a tin foil hat in my size?

  10. Thanks for sharing this info. After so many stories about miscreants (mostly Russian or similar) who never even get apprehended, and so many more about those who get off with such light sentences, this was welcome news.

    • While is very aggravating that so many Russian criminals have been not been punished for the massive financial crimes that they have committed while targeting Americans. Its even more upsetting that Americans criminals have been getting away with their crimes (simply because prosecutors think the crimes are too complex to present to juries).

  11. The Night King is looking forward to more Russian scum being nabbed up by the almighty United States of America.

  12. The Night King is hoping more Russian scum gets kidnapped by the United State of Freedom.

  13. Here is great lesson you got to work for your money.
    i seen many people who got illicit gains…they not happy.
    bad health and this money earned this way never makes happy.
    you cant have more money then you are .

  14. His lawyer whines: “He’s going to die in jail.”

    And he says that as if it were a bad thing. 🙂

    Anyway, it’s Nice when we get such clear-cut evidence… as if any more were needed… that in the modern day kleptocracy that is Russia, everybody from Putin on down, including the whole FSB, is on the take, and is as crooked as a hairpin.

    Not that it is particularly different anywhere else. Just ask any mid-level Chinese, Indian, South African, Mexican, South Korean, or Brazillian mid-level government functionary. (But liquor them up first so that they’ll tell you the truth.)

    Meanwhile, can I perhaps interest anyone in some Ivanka[tm] perfume? Or perhaps your trade association that’s hoping for some special tax breaks in the upcoming U.S. tax overhaul bill would like to schedule your next executive retreat at the lovely Mar-a-Lago resort. (It couldn’t hurt.)

  15. Why wasn’t his computer encrypted???…

    • > Why wasn’t his computer encrypted???…

      It may have been encrypted…

      • I think if he crypted his computer

        Maybe he used VeraCrypt…

        But is that crackable???

        But I am guessing if they cracked it… it has to be Some Whhizkids From NASA that cracked it… because this was seriously high priority ..

        This is just A Classic example.. of Dont fuck with the USA …
        I live in europe and thank god for that
        Because if you dare to do something wrong in the USA ..they take iT to the MAX

  16. “According to the government, Seleznev’s laptop computer, seized during his July 2014 arrest in the Maldives, contained 1.7 million stolen credit-card numbers”

    What A smart thing to take with you on A vacation…

    I think this Guy thought he was untouchable

    • Of course I’m just guessing, but I suspect that he was taking a “working holiday”. His pattern suggests a workaholic or addiction to his profession given how he, after discovering he was being sought by the US Feds, he “shut down” and simply re-opened up shop with new aliases.

      If he really made millions he should have taken that as a hint to retire instead of putting a new color of lipstick on this pig.

    • Remember, kids: Always encrypt data in motion, including everything on laptops.

  17. https://m.youtube.com/watch?v=MA3mg2rsoG4

    Video of seleznev

    This is just A Classic case

    Of Being weak to the female
    Girlfriend was tired of Russia
    And I think was also bored of all the money seleznev was taking home

    So he became weak and decided to go on A holiday
    I cant understanding this way of thinking
    I would be super paranoïd if I knew
    The LE were on me.. and I was stealing all that money…

    What A stupid choice to leave Russia..

    And in the video now he says.. I want to go home…

    Well thats TO LATE MY FRIEND

    • So…..Anna Otisko is living free, and free to travel, with no charges pending against her.
      She didn’t have to do any work to amass the fortune she now has partial control over, and the owner of that fortune is permanently out of the picture.

      Sounds like she played her cards well….

  18. Tony Pelliccio

    Now when are we going to go after the card issuers for having such crappy security on the cards themselves. As in why haven’t they rolled out two factor on them? Because pin and card aren’t good enough that means three factor might be necessary. Yet the banks don’t care because they’ve never been forced to pay the price.

  19. Right his sentence is wrong for his health, he should be put down. Or let him go, after putting out one cigarette on his skin for each person he robbed.
    I doubt he would do less if someone robbed him.

  20. I celebrate his conviction. But note that it took about 10 years from the time that he was identified as a criminal before he was arrested and convicted.

    Cyber crime is incredibly hard to prove when everything is hidden behind screen names and anonymous activities. This was not even a “follow the money” conviction. The thing that got him convicted was the laptop in his possession when he was arrested. There is nothing quite like carrying around enough evidence to get sent to jail for 27 years.

  21. Too bad he wasn’t tried in a country that cuts off your hands and feet. I’d like to see this scumbag be a real screaming example to all the other hackers out there. I’m so sick of spam and viruses on my computer and phone calls all day and night from the “IRS” and “Microsoft” trying to scam their way into my computer. All of these jerks need to be shut down hard, so it really hurts them. Convince the kids that this is not a good career path.

  22. This guy would make a logical prisoner trade for Edward Snowden, wonder if this is the larger plan.

    • wft are you smoking? one committed crimes against people, the other exposed crimes against people.

  23. Hackers like him frequently get caught with the goods. However, the information that helped convict him could’ve easily been encrypted, stored and accessed in the Cloud. Glad he got caught, but straight-forward opsec would’ve made it harder to get convicted: when doing his crimes he could’ve booted from a liveusb, ssh’d to the vm, and had a background script to erase the data if necessary – not foolproof but better than lugging 27 years around in your laptop.

  24. It is an acceptable practice to procecute a foreigner for commission of crimes against citizens. In this case the crime was commited remotely over the Internet. I’m sure any number of countries could have prusecuted him. I’m sure his actions were a crime in his own country. Most likely he avoided targeting Russians.

  25. Fridges. You should get in to comic books. You’ve got a very active imagination with no connection to reality. It would be a good fit.

  26. I can’t see any reasonable explanation why this guy should get 27 years and others get away with much less. In what sense?

    • He did not cooperate so they made an example out of him. It’s as simple as that.

      • How this is an example? Its rude and cruel.

        • Rude and cruel? Lmao. I’m sure the elderly people he robbed over the years are definitely worried about appearing ‘rude’ during sentencing. Truth is, the guy is a scumbag who shouldn’t have left his communist cover. All of the sudden, his health is bad and prison is too much to bear without his binky? Friggin’ millenials……

  27. Geoff Hinsliff

    If you don’t want the time, don’t do the crime.

  28. We are proud to have played a role in apprehending Roman Seleznev.

  29. this guy was part of Russian mafia.
    if you snich…then either you get killed or will go to prison.
    Rules Existing. Those who never brake rules will do good.
    i guess he broked the Rules.

  30. One of the guys he tried robbing had a personal security guard / bodyguard. When he got close to him and attempted to rob, the guard shot him with a taser but he took off before he could get arrested. Thank god for security. We live in a world where having a security guard is normal, especially in New York.