ATLANTA – Roman Seleznev has pleaded guilty to conspiracy to commit bank fraud for his role in the 2008 hack of RBS Worldpay. Seleznev was responsible for cashing out $2,178,349 associated with five hacked debit card numbers.
“The defendant and a sophisticated team of hackers stole over $2,000,000 from ATMs across the globe,” said U.S. Attorney John Horn. “This plea shows that we are committed to identifying and bringing to justice cybercriminals from across the globe, wherever they are and however long it takes.”
“This extensive investigation, and resulting guilty plea, truly illustrates that the FBI and its many domestic and international law enforcement partners have the commitment and the ability to reach out and touch the cyber criminals residing abroad that are doing so much harm from places that they feel we can’t go. Having Mr. Seleznev out of play and having dismantled his cyber based operations is a true success story for U.S. law enforcement,” said David J. LeValley, Special Agent in Charge, FBI Atlanta Field Office.
“This case demonstrates the Secret Service is committed to protecting our nation’s critical financial infrastructure and payment systems,” said Special Agent in Charge, Kenneth Cronin, U.S. Secret Service, Atlanta Field Office. “These types of cyber criminals use sophisticated hacking techniques to compromise computer systems and then utilize a global network of co-conspirators to withdraw millions of dollars from ATM machines from around the world. Our success in this case and other network intrusion investigations is a result of our close work with our domestic and international law enforcement partners.”
According to U.S Attorney Horn, the charges and other information presented in court: During November 2008, a team of hackers, including Estonian national Sergei Tšurikov and others, obtained unauthorized access into the computer network of RBS WorldPay, what was then the U.S. payment processing division of the Royal Bank of Scotland Group PLC, located in Atlanta, Georgia. The group used sophisticated hacking techniques to compromise the data encryption that was used then by RBS WorldPay to protect customer data on payroll debit cards. Payroll debit cards are used by various companies to pay their employees. By using a payroll debit card, employees are able to withdraw their regular salaries from an ATM.
Once the encryption on the card processing system was compromised, the hacking ring raised the account limits on compromised accounts to amounts exceeding $1,000,000. The hackers then provided a network of cashers, equipped with 44 counterfeit payroll debit cards, withdrew more than $9 million from over 2,100 ATMs in at least 280 cities worldwide, including cities in the United States, Russia, Ukraine, Estonia, Italy, Hong Kong, Japan and Canada. The $9 million loss occurred within a span of less than 12 hours. In addition, the hacking crew obtained access to files containing 45.5 million pre-paid payroll and gift card numbers.
The hackers then sought to destroy data stored on the card processing network in order to conceal their hacking activity. The cashers were allowed to keep 30 to 50 percent of the stolen funds, but transmitted the bulk of those funds back to Tšurikov and his co-defendants. Upon discovering the unauthorized activity, RBS WorldPay immediately reported the breach, and has substantially assisted in the investigation.
Throughout the duration of the cashout, Tšurikov and another hacker monitored the fraudulent ATM withdrawals in real-time from within the computer systems of RBS WorldPay.
Roman Seleznev, of Vladivostok, Russia, pleaded guilty before U.S. District Judge Steve C. Jones. Sentencing has not yet been scheduled.
To date, the U.S. Attorney’s Office for the Northern District of Georgia has charged 14 individuals involved in the hack and cashout, including Russian nationals Viktor Pleschuk, Evgeniy Anikin, and Roman Seleznev; Estonian nationals Sergei Tsurikov, Igor Grudijev, Ronald Tsoi, Eveilyn Tsoi, and Mikhail Jevgenov; Moldovan national Oleg Covelin; Ukranian nationals Vladimir Valeyrich Tailar and Evgeny Levitskyy; Nigerian national Ezenwa Chukukere; American national Sonya Martin; and Vladislav Horohorin, who is citizen of Russia, Israel, and Ukraine.
This case is being investigated by the Federal Bureau of Investigation and United States Secret Service.
Assistant U.S. Attorney Kamal Ghali is prosecuting the case. Assistance was provided by the U.S. Attorney’s Office for the Western District of Washington, the Justice Department’s Office of International Affairs, and the Criminal Division’s Computer Crime and Intellectual Property Section.
Source: U.S. Attorney’s Office, Northern District of Georgia. The U.S. Attorney’s Office for the District of Nevada also issued a press release about the two cases in which Seleznev pleaded guilty:
LAS VEGAS, Nev. – A Russian cyber-criminal who sold stolen credit card data and other personal information through the identity theft and credit card fraud ring known as “Carder.su” pleaded guilty yesterday in two separate criminal cases to one count of participation in a racketeering enterprise and one count of conspiracy to commit bank fraud.
Acting Assistant Attorney General Kenneth A. Blanco of the Justice Department’s Criminal Division, Acting U.S. Attorney Steven W. Myhre of the District of Nevada, U.S. Attorney John A. Horn of the Northern District of Georgia, Assistant Special Agent in Charge Michael Harris of U.S. Immigration and Customs Enforcement’s Homeland Security Investigations (ICE HSI), and Special Agent in Charge Brian Spellacy of the U.S. Secret Service in Las Vegas made the announcement.
Roman Valeryevich Seleznev, aka Track2, aka Bulba, aka Ncux, 33, entered guilty pleas in both criminal cases at a hearing before U.S. District Judge Steve C. Jones of the Northern District of Georgia. Seleznev pleaded guilty to one count of participation in a racketeering enterprise pursuant to an indictment returned in the District of Nevada, and one count of conspiracy to commit bank fraud pursuant to an indictment returned in the Northern District of Georgia. He will be sentenced on December 11.
In connection with his guilty plea in the Nevada case, Seleznev admitted that he became associated with the Carder.su organization in January 2009. According to Seleznev’s admissions in his plea agreement, Carder.su was an Internet-based, international criminal enterprise whose members trafficked in compromised credit card account data and counterfeit identifications and committed identity theft, bank fraud and computer crimes. Seleznev admitted that the group tried to protect the anonymity and the security of the enterprise from both rival organizations and law enforcement. For example, members communicated through various secure and encrypted forums, such as chatrooms, private messaging systems, encrypted email, proxies and encrypted virtual private networks. Gaining membership in the group required the recommendation of two current members in good standing.
Seleznev further admitted that he sold compromised credit card account data and other personal identifying information to fellow Carder.su members. The defendant sold members such a large volume of product that he created an automated website, which he advertised on the Carder.su organization’s websites. His automated website allowed members to log into and purchase stolen credit card account data. The defendant’s website had a simple interface that allowed members to search for the particular type of credit card information they wanted to buy, add the number of accounts they wished to purchase to their “shopping cart” and upon check out, download the purchased credit card information. Payment of funds was automatically deducted from an established account funded through L.R., an on-line digital currency payment system. Seleznev admitted that he sold each account number for approximately $20. The Carder.su organization’s criminal activities resulted in loss to its victims of at least $50,983,166.35.
In connection with his guilty plea in the Northern District of Georgia case, Seleznev admitted that he acted as a “casher” who worked with hackers to coordinate a scheme to defraud an Atlanta-based company that processed credit and debit card transactions on behalf of financial institutions. Seleznev admitted that pursuant to the scheme, in November 2008, hackers infiltrated the company’s computer systems and stole 45.5 million debit card numbers, certain of which they used to fraudulently withdraw over $9.4 million from 2,100 ATMs in 280 cities around the world in less than 12 hours.
Fifty-five individuals were charged in four separate indictments in Operation Open Market, which targeted the Carder.su organization. To date, 33individuals have been convicted and the rest are either fugitives or are pending trial.
The cases were investigated by HSI and the U.S. Secret Service. The Nevada case is being prosecuted by Trial Attorney Catherine Dick of the Criminal Division’s Organized Crime and Gang Section and Assistant U.S. Attorney Kimberly M. Frayn of the District of Nevada. The Northern District of Georgia case is being prosecuted by Assistant U.S. Attorney Kamal Ghali of the Northern District of Georgia.
Seleznev is also a defendant in a wire fraud and computer hacking case brought by the Department of Justice in the U.S. District Court for the Western District of Washington. On Aug. 25, 2016, a federal jury convicted Seleznev of 38 counts related to his role in a scheme to hack into point-of-sale computers to steal and sell credit card numbers to the criminal underworld. On April 21, Seleznev was sentenced to 27 years in prison for those crimes.