Convicted Russian Cyber Criminal Roman Seleznev Faces Charges in Atlanta

A convicted Russian cybercriminal has been arraigned on federal cyber fraud charges associated with the 2008 hack and theft of banking credentials from RBS Worldpay.

May 19, 2017

4 Min Read


ATLANTA – Roman Seleznev, of Vladivostok, Russia, has been arraigned on federal cyber fraud charges associated with the 2008 hack and theft of banking credentials from RBS Worldpay, a payment processing company located in Atlanta, Georgia. Seleznev was indicted by a federal grand jury on Dec. 22, 2014.

"In 2008, an American credit card processor was hacked in what was then the most sophisticated and organized computer fraud attack ever conducted," said U. S. Attorney John Horn. "Using banking credentials stolen during the hack, a team of hackers and cashers in 280 cities around the world stole over $9 million dollars in only 12 hours from 2,100 ATMs worldwide. The defendant is alleged to have stolen over $2,000,000 as part of that scheme."

"We must continue to impose real costs on criminals who believe they are protected by geographic boundaries and can prey on the American people and institutions with impunity. This arraignment highlights the benefits of global cooperation among the United States and international law enforcement. It further demonstrates the FBI’s long-term commitment to identifying and pursuing cyber criminals worldwide, and serves as a strong deterrent to others targeting America’s financial institutions," said David J. LeValley, special agent in charge, FBI Atlanta Field Office.

"The Secret Service worked closely with the Department of Justice and the FBI to share information and resources that ultimately brought these cyber criminals to justice," said Kenneth Cronin, special agent in charge of the Secret Service's Atlanta Field Office. "Our longstanding role in transnational cyber investigations and network intrusions was crucial in combatting this complex hacking ring and today’s arraignment proves that there is no such thing as anonymity for those engaging in data theft and fraudulent schemes."

According to U.S. Attorney Horn, the charges and other information presented in court: During November 2008, a team of hackers, including Estonian national Sergei Tšurikov and others, obtained unauthorized access to the computer network of RBS WorldPay, what was then the U.S. payment processing division of the Royal Bank of Scotland Group, located in Atlanta, GA.

The group used sophisticated hacking techniques to compromise the data encryption that was then used by RBS WorldPay to protect customer data on payroll debit cards. Payroll debit cards are used by various companies to pay their employees. By using a payroll debit card, employees are able to withdraw their regular salaries from an ATM.

Once the encryption on the card processing system was compromised, the hacking ring raised the account limits on compromised accounts to amounts exceeding $1,000,000. The hackers then provided a network of cashers with 44 counterfeit payroll debit cards, which were used to withdraw more than $9 million from over 2,100 ATMs in at least 280 cities worldwide, including cities in the United States, Russia, Ukraine, Estonia, Italy, Hong Kong, Japan and Canada. The $9 million loss occurred within a span of less than 12 hours.

The hackers then sought to destroy data stored on the card processing network in order to conceal their hacking activity. The cashers were allowed to keep 30 to 50 percent of the stolen funds, but transmitted the bulk of those funds back to Tšurikov and his co-defendants. Upon discovering the unauthorized activity, RBS WorldPay immediately reported the breach, and has substantially assisted in the investigation.

Throughout the duration of the cashout, Tšurikov and another hacker monitored the fraudulent ATM withdrawals in real-time from within the computer systems of RBS WorldPay.

Roman Seleznev, 32, a Russian national from Vladivosotk, was arraigned before U.S. Magistrate Judge Linda Walker. He is alleged to have been responsible for cashing out $2,178,349 associated with five hacked debit card numbers.

To date, the U.S. Attorney’s Office for the Northern District of Georgia has charged 14 individuals involved in the hack and cashout, including Russian nationals Viktor Pleschuk, Evgeniy Anikin, and Roman Seleznev; Estonian nationals Sergei Tsurikov, Igor Grudijev, Ronald Tsoi, Eveilyn Tsoi, and Mikhail Jevgenov; Moldovan national Oleg Covelin; Ukranian nationals Vladimir Valeyrich Tailar and Evgeny Levitskyy; Nigerian national Ezenwa Chukukere; American national Sonya Martin; and Vladislav Horohorin, who is citizen of Russia, Israel, and Ukraine.

On April 21, 2017, Seleznev was sentenced by the U.S. District Court for the Western District of Washington to 27 years in prison for other computer hacking crimes that caused more than $169 million in damage to small businesses and financial institutions. Seleznev is also charged in a separate indictment in the District of Nevada with participating in a racketeer influenced corrupt organization (RICO) and conspiracy to engage in a racketeer influenced corrupt organization, as well as two counts of possession of 15 or more counterfeit and unauthorized access devices.

Members of the public are reminded that the indictment only contains charges. The defendant is presumed innocent of the charges and it will be the government’s burden to prove the defendant’s guilt beyond a reasonable doubt at trial.

This case is being investigated by the Federal Bureau of Investigation and United States Secret Service.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights