Attacks/Breaches

12/1/2017
09:40 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Russian Cybercriminal Sentenced to 14 Years in Prison for Role in Organized Cybercrime Ring Responsible for $50 Million in Online Identity Theft and $9 Million Bank Fraud Conspiracy

A Russian cyber-criminal was sentenced today to 14 years in prison  for his role in a $50 million cyberfraud ring and for defrauding banks of $9 million through a hacking scheme.

Acting Assistant Attorney General John P. Cronan of the Justice Department’s Criminal Division, Acting U.S. Attorney Steven W. Myhre of the District of Nevada, U.S. Attorney Byung J. Pak of the Northern District of Georgia, Assistant Special Agent in Charge Michael Harris of U.S. Immigration and Customs Enforcement’s Homeland Security Investigations (ICE HSI), Special Agent in Charge Brian Spellacy of the U.S. Secret Service in Las Vegas, and FBI Special Agent in Charge David J. LeValley in Atlanta made the announcement.

Roman Valeryevich Seleznev aka Track2, Bulba and Ncux, 33, was sentenced by U.S. District Judge Steve C. Jones of the Northern District of Georgia to serve 168 months in prison for one count of participation in a racketeering enterprise pursuant to an indictment returned in the District of Nevada, and to 168 months in prisonfor one count of conspiracy to commit bank fraud pursuant to an indictment returned in the Northern District of Georgia, with the sentences to run concurrent to one another. In both cases, Seleznev was ordered three years of supervised release to run concurrently.  He was also ordered restitution in the amount of $50,893,166.35 in the Nevada case and $2,178,349 in the Georgia case.Seleznev pleaded guilty to the charges on Sept. 7. 

In connection with his guilty plea in the Nevada case, Seleznev admitted that he became associated with the Carder.su organization, an identify theft and credit card fraud ring, in January 2009.  According to Seleznev’s admissions in his plea agreement, Carder.su was an Internet-based, international criminal enterprise whose members trafficked in compromised credit card account data and counterfeit identifications and committed identity theft, bank fraud, and computer crimes.  Seleznev admitted that the group tried to protect the anonymity and the security of the enterprise from both rival organizations and law enforcement.  For example, members communicated through various secure and encrypted forums, such as chatrooms, private messaging systems, encrypted email, proxies and encrypted virtual private networks. Gaining membership in the group required the recommendation of two current members in good standing.

Seleznev further admitted that he sold compromised credit card account data and other personal identifying information to fellow Carder.su members.  The defendant sold members such a large volume of product that he created an automated website, which he advertised on the Carder.su organization’s websites.  His automated website allowed members to log into and purchase stolen credit card account data.  The defendant’s website had a simple interface that allowed members to search for the particular type of credit card information they wanted to buy, add the number of accounts they wished to purchase to their “shopping cart” and upon check out, download the purchased credit card information.  Payment of funds was automatically deducted from an established account funded through L.R., an online digital currency payment system.

Seleznev further admitted that he sold each account number for approximately $20.  The Carder.su organization’s criminal activities resulted in loss to its victims of at least $50,893,166.35.

In connection with his guilty plea in the Northern District of Georgia case, Seleznev admitted that he acted as a “casher” who worked with hackers to coordinate a scheme to defraud an Atlanta-based company that processed credit and debit card transactions on behalf of financial institutions.  Seleznev admitted that pursuant to the scheme, in November 2008, hackers infiltrated the company’s computer systems and accessed 45.5 million debit card numbers, certain of which they used to fraudulently withdraw over $9.4 million from 2,100 ATMs in 280 cities around the world in less than 12 hours.

Fifty-five individuals were charged in four separate indictments in Operation Open Market, which targeted the Carder.su organization. To date, 33 individuals have been convicted and the rest are either fugitives or are pending trial.

The cases were investigated by HSI, the U.S. Secret Service, and FBI.  The Nevada case was prosecuted by Trial Attorney Catherine K. Dick of the Criminal Division’s Organized Crime and Gang Section and Assistant U.S. Attorney Kimberly M. Frayn of the District of Nevada.  The Northern District of Georgia case was prosecuted by Assistant U.S. Attorney Kamal Ghali of the Northern District of Georgia.

Seleznev is also a defendant in a wire fraud and computer hacking case brought by the Department of Justice in the U.S. District Court for the Western District of Washington.  On Aug. 25, 2016, a federal jury convicted Seleznev of 38 counts related to his role in a scheme to hack into point-of-sale computers to steal and sell credit card numbers to the criminal underworld.  On April 21, Seleznev was sentenced to 27 years in prison for those crimes, which will run concurrent to his sentences today.    

Press Release Number: 
17-1354

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
WSJ Report: Facebook Breach the Work of Spammers, Not Nation-State Actors
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/19/2018
6 Security Trends for 2018/2019
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/15/2018
6 Reasons Why Employees Violate Security Policies
Ericka Chickowski, Contributing Writer, Dark Reading,  10/16/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.