Russian MP’s son found guilty of stealing over 2 million US credit cards

A US court has convicted the son of a Russian MP, finding Roman Valerevich Seleznev guilty of 38 counts of hacking into point-of-sale (PoS) systems to steal and sell credit card numbers to crooks.

After an 8-day trial held in a court in the state of Washington, the son of ultra-nationalist Liberal Democratic Party MP Valery Seleznev was convicted of 10 counts of wire fraud, 8 counts of intentional damage to a protected computer, 9 counts of obtaining information from a protected computer, 9 counts of possession of 15 or more unauthorized access devices, and 2 counts of aggravated identity theft.

Seleznev, 32, was arrested in July 2014 at an airport in the Maldives, where he was getting ready to return from a holiday with his girlfriend.

He was flown to the US territory of Guam: a grab that infuriated his father and the Russian government, which called it kidnapping.

When he was taken into custody, investigators seized his laptop and found that it contained more than 1.7 million stolen credit card numbers.

They also found evidence that linked Seleznev to a vast credit card scheme.

Prosecutors said that between October 2009 and October 2013, Seleznev worked from a server he operated in Russia to hack into retail PoS systems and to install malware to steal credit card numbers from various businesses.

The targets included small businesses. One such, the Broadway Grill in Seattle, was forced to declare bankruptcy following the cyberattack.

Prosecutors said that Seleznev, who went by the alias Track2, also used servers in the Ukraine and in McLean, Virginia.

He would bundle the credit card information into groups called “bases,” and then he’d sell it on to “carding” forums: the websites where criminals gather to sell stolen credit card numbers.

The scheme targeted some 3,700 financial institutions. All together, those businesses were defrauded of more than $169 million.

At a hearing in August 2014, the US refused Seleznev’s lawyers’ request to put their client on a $1 million bond, secured by $100,000 in cash, and to put him on what basically amounted to house arrest in a Seattle apartment, with electronic home monitoring and no access to computers.

Magistrate Judge James P. Donohue rejected the proposal, saying that Seleznev had no ties to the area, was a frequent international traveler, had large amounts of money in bank accounts around the world, and was computer savvy enough to create bogus travel documents that would enable him to flee.

In arguing for Seleznev to remain in custody, assistant US attorney Norman Barbosa told the court at the time that he hadn’t stopped his criminal behavior and that his profits just kept rolling in.

The US hadn’t managed to claw back any of the stolen funds, Barbosa told the court, meaning that Seleznev would have had the funds to skip out if he chose to.

Seleznev is now facing similar but unrelated charges in two other states: Nevada and Georgia.

Nevada’s charging him with participating in a racketeer influenced corrupt organization (RICO) and conspiracy to engage in a RICO, as well as two counts of possession of 15 or more counterfeit and unauthorized access devices.

The Northern District of Georgia is charging Seleznev with conspiracy to commit bank fraud, one count of bank fraud and four counts of wire fraud.

He’s scheduled to be sentenced on 2 December for the Washington conviction.

According to the Wall Street Journal, Seleznev is facing between 4 to 40 years in prison. He has already served two years.