Credit Card Hacker Receives Stiff Prison Sentence
The news is peppered with accounts of hackers breaching company networks and stealing data. In fact, InterContinental Hotels Group (IHG), parent of Holiday Inn, is one of the latest companies under scrutiny for data breaches. The hotel company acknowledged in February that a few of its properties' systems had been attacked in December, and just this month, it released data showing that this breach extends to over 1,000 hotels around the world.
When a company has its systems breached, it's under fire to get rid of any malware and inform its customers about the fraud. But what happens to the hackers who are profiting from their attacks? Do they just lurk around the Internet and continue their crimes?
One such hacker is not. This month, the United States District Court in is the Western District of Washington convicted hacker Roman Valeryevich Seleznev, a 32-year-old man from Vladivostok, Russia, of 38 counts related to hacking crimes that allowed him to steal credit card numbers and sell them on the dark market. He was sentenced to 27 years in prison. According to the New York Times, this is the longest sentence given out in the United States for hacking.
"Today is a bad day for hackers around the world," said U.S. Attorney Annette L. Hayes, in a statement. "The notion that the Internet is a Wild West where anything goes is a thing of the past. As Mr. Seleznev has now learned, and others should take note--we are working closely with our law enforcement partners around the world to find, apprehend, and bring to justice those who use the Internet to steal and destroy our peace of mind. Whether the victims are multi-national banks or small pizza joints, we are all victims when our day-to-day transactions result in millions of dollars ending up in the wrong hands."
From evidence presented at the trial, Seleznev, who went by the online handle Track2, hacked into point-of-sale systems at retailers between October 2009 and October 2013. Once in a retailer's system, he installed malware designed to steal credit card numbers and send the data to his servers in Russia, Ukraine and Virginia. Once he had the card information, he'd bundle it into bases and sell it on carding websites. The people who bought that data would then use the card numbers as their own, making fraudulent purchases with them.
Prosecutors said that Seleznev tended to target small businesses, particularly restaurants. One restaurant in Seattle had to declare bankruptcy due to this scheme. Overall, about 3,700 financial institutions were involved in the aftermath of the attacks, which cost over $169 million in losses.
When apprehended, authorities found over 1.7 million stolen card numbers on Seleznev's laptop, and he himself earned tens of millions of dollars operating his crime spree.
"Mr. Seleznev's criminal enterprise was both sophisticated and expansive, with transnational implications. This investigation exemplifies the ability of the U.S. Secret Service and our law enforcement partners to hold accountable those who perpetrate such crimes," said Special Agent in Charge Robert L. Kierstead of the U.S. Secret Service, in a statement.
Kierstead said that taking down Seleznev involved cooperation among a number of government agencies, including the Secret Service, the U.S. Attorney's Office of the Western District of Washington, the Criminal Division's Computer Crime and Intellectual Property Section and the Seattle Police Department.
While apprehending and convicting a major cybercriminal like Seleznev is a victory for law enforcement, retailers and financial institutions, it hasn't quite stopped the onslaught of cyber attacks like the breach IHG is currently working through. However, it may be the beginning of justice that might deter some people from getting involved in hacking crime.