The U.S. Justice Department recently announced that 32-year-old Roman Valeryevich Seleznev, known as "Track2," was sentenced to 27 years in prison for a series of cyber attacks that caused over $169 million in damages.
It's the longest prison sentenced ever given to a hacker in the United States.
Seleznev was convicted in August 2016 for hacking into point-of-sale (PoS) systems and installing malware designed to steal millions of credit card numbers from more than 500 U.S. businesses between October 2009 and October 2013. Approximately 3,700 financial instutitions were impacted by the attacks.
The stolen data was then transferred to servers under Seleznev's control in Russia, the Ukraine, and McLean, Virginia, after which Seleznev sold stole the credit card numbers on carding websites.
Among the businesses Seleznev targeted was Seattle, Washington's Broadway Grill, which was forced into bankruptcy following the attack.
When Seleznev was arrested in July 2014 in the Maldives, more than 1.7 million stolen credit card numbers were found on his laptop.
"Mr. Seleznev's criminal enterprise was both sophisticated and expansive, with transnational implications," Special Agent in Charge Robert L. Kierstead of the U.S. Secret Service said in a statement. "This investigation exemplifies the ability of the U.S. Secret Service and our law enforcement partners to hold accountable those who perpetrate such crimes."
"The ultimate success of this case is the result of an extraordinary collaborative effort by the Secret Service, the U.S. Attorney's Office of the Western District of Washington, the Criminal Division's Computer Crime and Intellectual Property Section and the Seattle Police Department," Kierstead added.
Seleznev also faces RICO charges in the District of Nevada and bank fraud charges in the Northern District of Georgia.
Valery Seleznev, Roman Seleznev's father, is a member of the Russian Parliament. The New York Times reports that the elder Seleznev has accused the U.S. of "kidnapping" his son, and says the charges against him are a "monstrous lie."
A Message to Cybercriminals
Thycotic chief security scientist Joseph Carson told eSecurity Planet by email that the fact that Seleznev is the son of a Russian MP may mean that the arrest has broader implications. "It could be the start of the tit for tat of nation states laws coming down on a number of foreign cybercriminals," he said.
"It is a major indication for cybercriminals to be more cautious when traveling to countries with extradition treaties with the U.S., and a concern for Julian Assange, founder of WikiLeaks, that the U.S. Department of Justice is focused on finding a way to press charges and bring him to U.S. soil," Carson added.
Still, AsTech chief security strategist Nathan Wenzler said by email that he doubts Seleznev's sentencing will service as a deterrent for hackers in general. "Consider it like speeding laws," he said. "Everyone knows it's wrong and what the speed limits are, but not everyone who speeds gets caught and ticketed. And the benefits to most who break those laws outweigh the potential fines."
"The same would hold true here," Wenzler added. "The amount of money to be had from cybercrime is very, very high, and since it's well established that very few hackers of this type actually are caught and prosecuted, I don't see that much will change due to this ruling. It will certainly set some precedent for future cases in terms of the scope of any punishments, but ultimately will not change the minds of any hacker or cybercrime organization from pursuing these kinds of activities."
Photo courtesy of Shutterstock.