Roman Seleznev, the Russian MP’s son who was found guilty last year of hacking into point-of-sale (PoS) systems and stealing millions of credit cards, has received the longest-ever sentence for hacking to be handed down in the US.
The prosecutors had asked for 30 years, referring to Selznev in a sentencing memorandum as “a pioneer” in the online theft and monetization of card data. At 27 years, the final sentencing came in close to what prosecutors were after.
He was convicted for running a vast credit card and identity theft operation from his homes in Bali, Indonesia, and Vladivostok, Russia, and for selling more than 2m credit card numbers on the black market.
Losses from his crimes, which targeted 3,700 financial institutions and 500 businesses around the world, came to at least $170m. Among his prey were small businesses, some of which struggled to defend against his attacks, and some of which failed to recover at all. Court documents said that total losses could grow to billions of dollars.
One of the victimized businesses that went belly-up was a Seattle pizza parlor that had been in business for 22 years. It was forced to declare bankruptcy after its PoS system was breached and it got swamped by a wave of credit card fraud.
One of the owners of The Grill on Broadway told Seattle Gay Scene that a small business like theirs just couldn’t recover from the blow:
The effects were devastating to The Grill, generating massive amounts of negative publicity and drastically reduced revenue at the restaurant.
Seleznev, 32, is from Vladivostok, Russia. The son of ultra-nationalist Liberal Democratic Party MP Valery Seleznev, he was convicted in August of 10 counts of wire fraud, eight counts of intentional damage to a protected computer, nine counts of obtaining information from a protected computer, nine counts of possession of 15 or more unauthorized access devices, and two counts of aggravated identity theft.
He was arrested while vacationing with his girlfriend in the Maldives in 2014. Seleznev was then sent to Guam for his initial court appearance: a move that his father called foul and the Russian government labelled a “hostile move by Washington” that ignored proper procedure in dealing with foreign nationals suspected of crimes.
The sentencing memorandum noted that this guy didn’t just participate in the stolen credit card market: he helped to create that market:
He was not simply a market participant – he was a market maker whose automated vending sites and tutorials helped grow the market for stolen card data. His final vending site, 2pac.cc became one of the leading marketplaces for stolen credit card data and sold stolen data from some of the most significant credit card breaches of the last decade.
It went on to say that Seleznev apparently had no compunction about the illegality of his business, saying things like “remember this is illegal way”.
Maybe he was bragging then, but he’s expressing plenty of guilt now. The New York Times published an 11-page, handwritten letter Seleznev wrote to the court. In it, he described a life of hardship, starting with the divorce of his parents.
He described finding his mother dead in a bathtub from alcohol poisoning when he was 17, being nearly killed by a suicide bomber in Marrakesh, and having his wife leave him when Moscow surgeons said he’d be a vegetable if he survived.
From his telling, Seleznev has had a hard life, but it’s also been a lucrative one.
The New York Times reports that evidence found on Seleznev’s computers included photos of him driving sports cars and vacationing in the tropics, as well as photos showing him surrounded by piles of what look like 5,000-rouble bills.