Russian cyber-criminal pleads guilty to role in multimillion dollar online identity theft ring
ATLANTA – A Russian cyber-criminal who sold stolen credit card data and other personal information through the identity theft and credit card fraud ring known as “Carder.su” pleaded guilty Thursday to one count of participation in a racketeering enterprise and one count of conspiracy to commit bank fraud.
Roman Valeryevich Seleznev, aka Track2, aka Bulba, aka Ncux, 33, entered guilty pleas in two separate criminal cases at a hearing before U.S. District Judge Steve C. Jones of the Northern District of Georgia. Seleznev pleaded guilty to one count of participating in a racketeering enterprise related to an indictment returned in the District of Nevada, and one count of conspiracy to commit bank fraud as part of an indictment returned in the Northern District of Georgia. Seleznev will be sentenced Dec. 11. The charges are the result of a joint probe by U.S. Immigration and Customs Enforcement’s (ICE) Homeland Security Investigations (HSI) and the U.S. Secret Service.
In his guilty plea in the Nevada case, Seleznev admitted he became associated with the Carder.su organization in January 2009. Carder.su was an Internet-based, international criminal enterprise whose members trafficked in compromised credit card account data and counterfeit identifications and committed identity theft, bank fraud and computer crimes. Seleznev admitted the group tried to protect the anonymity and security of the enterprise from both rival organizations and law enforcement. For example, members communicated through various secure and encrypted forums, such as chatrooms, private messaging systems, encrypted email, proxies and encrypted virtual private networks. Gaining membership in the group required the recommendation of two current members in good standing.
Seleznev further admitted he sold compromised credit card account data and other personal identifying information to fellow Carder.su members. The defendant sold members such a large volume of product that he created an automated website, which he advertised on the Carder.su organization’s websites. His automated website allowed members to log into and purchase stolen credit card account data. The defendant’s website had a simple interface that allowed members to search for the particular type of credit card information they wanted to buy, add the number of accounts they wished to purchase to their “shopping cart” and upon check out, download the purchased credit card information. Payment of funds was automatically deducted from an established account funded through L.R., an online digital currency payment system. Seleznev admitted he sold each account number for approximately $20. The Carder.su organization’s criminal activities resulted in losses of more than $50 million to its victims.
In connection with his guilty plea in the Northern District of Georgia case, Seleznev admitted he acted as a “casher” who worked with hackers to coordinate a scheme to defraud an Atlanta-based company that processed credit and debit card transactions on behalf of financial institutions. Seleznev further admitted that as part of the scheme, in November 2008, hackers infiltrated the company’s computer systems and stole more than 45 million debit card numbers, some of which they used to fraudulently withdraw over $9.4 million from 2,100 ATMs in 280 cities around the world in less than 12 hours.
Fifty-five individuals were charged in four separate indictments as part of the probe targeting the Carder.su organization. To date, 33 individuals have been convicted and the rest are either fugitives or are pending trial.
The Nevada case is being prosecuted by Trial Attorney Catherine Dick of the Criminal Division’s Organized Crime and Gang Section and Assistant U.S. Attorney Kimberly M. Frayn of the District of Nevada. The Northern District of Georgia case is being prosecuted by Assistant U.S. Attorney Kamal Ghali of the Northern District of Georgia.
Seleznev is also a defendant in a wire fraud and computer hacking case brought by the Department of Justice in the Western District of Washington. In August 2016 a federal jury convicted Seleznev of 38 counts related to his role in a scheme to hack into point-of-sale computers to steal and sell credit card numbers to the criminal underworld. Earlier this year, Seleznev was sentenced to 27 years in prison for those crimes.