DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Convicted Russian Cyber Criminal Roman Seleznev faces charges in Atlanta

Posted on May 21, 2017 by Dissent

May 19 – Roman Seleznev, of Vladivostok, Russia, has been arraigned on federal cyber fraud charges associated with the 2008 hack and theft of banking credentials from RBS Worldpay, a payment processing company located in Atlanta, Georgia. Seleznev was indicted by a federal grand jury on December 22, 2014.

“In 2008, an American credit card processor was hacked in what was then the most sophisticated and organized computer fraud attack ever conducted,” said U. S. Attorney John Horn. “Using banking credentials stolen during the hack, a team of hackers and cashers in 280 cities around the world stole over $9 million dollars in only 12 hours from 2,100 ATMs worldwide. The defendant is alleged to have stolen over $2,000,000 as part of that scheme.”

“We must continue to impose real costs on criminals who believe they are protected by geographic boundaries and can prey on the American people and institutions with impunity. This arraignment highlights the benefits of global cooperation among the United States and international law enforcement. It further demonstrates the FBI’s long-term commitment to identifying and pursuing cyber criminals world-wide, and serves as a strong deterrent to others targeting America’s financial institutions,” said David J. LeValley, Special Agent in Charge, FBI Atlanta Field Office.

“The Secret Service worked closely with the Department of Justice and the FBI to share information and resources that ultimately brought these cyber criminals to justice,” said Kenneth Cronin, Special Agent in Charge of the Secret Service’s Atlanta Field Office. “Our longstanding role in transnational cyber investigations and network intrusions was crucial in combatting this complex hacking ring and today’s arraignment proves that there is no such thing as anonymity for those engaging in data theft and fraudulent schemes.”

According to U.S. Attorney Horn, the charges and other information presented in court: During November 2008, a team of hackers, including Estonian national Sergei Tšurikov and others, obtained unauthorized access into the computer network of RBS WorldPay, what was then the U.S. payment processing division of the Royal Bank of Scotland Group PLC, located in Atlanta, Georgia.

The group used sophisticated hacking techniques to compromise the data encryption that was then used by RBS WorldPay to protect customer data on payroll debit cards. Payroll debit cards are used by various companies to pay their employees. By using a payroll debit card, employees are able to withdraw their regular salaries from an ATM.

Once the encryption on the card processing system was compromised, the hacking ring raised the account limits on compromised accounts to amounts exceeding $1,000,000. The hackers then provided a network of cashers with 44 counterfeit payroll debit cards, which were used to withdraw more than $9 million from over 2,100 ATMs in at least 280 cities worldwide, including cities in the United States, Russia, Ukraine, Estonia, Italy, Hong Kong, Japan and Canada. The $9 million loss occurred within a span of less than 12 hours.

The hackers then sought to destroy data stored on the card processing network in order to conceal their hacking activity. The cashers were allowed to keep 30 to 50 percent of the stolen funds, but transmitted the bulk of those funds back to Tšurikov and his co-defendants. Upon discovering the unauthorized activity, RBS WorldPay immediately reported the breach, and has substantially assisted in the investigation.

Throughout the duration of the cashout, Tšurikov and another hacker monitored the fraudulent ATM withdrawals in real-time from within the computer systems of RBS WorldPay.

Roman Seleznev, 32, a Russian national from Vladivosotk, was arraigned before U.S. Magistrate Judge Linda Walker. He is alleged to have been responsible for cashing out $2,178,349 associated with five hacked debit card numbers.

To date, the U.S. Attorney’s Office for the Northern District of Georgia has charged 14 individuals involved in the hack and cashout, including Russian nationals Viktor Pleschuk, Evgeniy Anikin, and Roman Seleznev; Estonian nationals Sergei Tsurikov, Igor Grudijev, Ronald Tsoi, Eveilyn Tsoi, and Mikhail Jevgenov; Moldovan national Oleg Covelin; Ukranian nationals Vladimir Valeyrich Tailar and Evgeny Levitskyy; Nigerian national Ezenwa Chukukere; American national Sonya Martin; and Vladislav Horohorin, who is citizen of Russia, Israel, and Ukraine.

On April 21, 2017, Seleznev was sentenced by the U.S. District Court for the Western District of Washington to 27 years in prison for other computer hacking crimes that caused more than $169 million in damage to small businesses and financial institutions. Seleznev is also charged in a separate indictment in the District of Nevada with participating in a racketeer influenced corrupt organization (RICO) and conspiracy to engage in a racketeer influenced corrupt organization, as well as two counts of possession of 15 or more counterfeit and unauthorized access devices.

Members of the public are reminded that the indictment only contains charges. The defendant is presumed innocent of the charges and it will be the government’s burden to prove the defendant’s guilt beyond a reasonable doubt at trial.

This case is being investigated by the Federal Bureau of Investigation and United States Secret Service.

Assistant U.S. Attorney Kamal Ghali is prosecuting the case. Assistance was provided by the U.S. Attorney’s Office for the Western District of Washington, the Justice Department’s Office of International Affairs, and the Criminal Division’s Computer Crime and Intellectual Property Section.

SOURCE: U.S. Attorney’s Office, Northern District of Georgia

Category: Financial SectorHackU.S.

Post navigation

← Font sharing site DaFont has been hacked, exposing thousands of accounts
Tax worker fired after biggest privacy breach at Revenue Canada →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident
  • U.S. Government Employee Arrested for Attempting to Provide Classified Information to Foreign Government
  • St. Cloud Provides Update on Ransomware Attack in 2024
  • Bradford Health Systems detected abnormal network activity in December 2023. They first sent out breach notices this week.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans
  • The US Is Storing Migrant Children’s DNA in a Criminal Database

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.