Roman Seleznev pleads guilty to federal charges in Georgia and Nevada

ATLANTA – Roman Seleznev has pleaded guilty to conspiracy to commit bank fraud for his role in the 2008 hack of RBS Worldpay. Seleznev was responsible for cashing out $2,178,349 associated with five hacked debit card numbers. “The defendant and a sophisticated team of hackers stole over $2,000,000 from ATMs across the globe,” said U.S. Attorney John Horn. “This plea shows that we are committed to identifying and bringing to justice cybercriminals from across the globe, wherever they are and however long it takes.” “This extensive investigation, and resulting guilty plea, truly illustrates that the FBI and its many domestic and international law enforcement partners have the commitment and the ability to reach out and touch the cyber criminals residing abroad that are doing so much harm from places that they feel we can’t go. Having Mr. Seleznev out of play and having dismantled his cyber based operations is a true success story for U.S. law enforcement,” said David J. LeValley, Special Agent in Charge, FBI Atlanta Field Office. “This case demonstrates the Secret Service is committed to protecting our nation’s critical financial infrastructure and payment systems,” said Special Agent in Charge, Kenneth Cronin, U.S. Secret Service, Atlanta Field Office. “These types of cyber criminals use sophisticated hacking techniques to compromise computer systems and then utilize a global network of co-conspirators to withdraw millions of dollars from ATM machines from around the world. Our success in this case and other network intrusion investigations is a result of our close work with our domestic and international law enforcement partners.” According to U.S Attorney Horn, the charges and other information presented in court: During November 2008, a team of hackers, including Estonian national Sergei Tšurikov and others, obtained unauthorized access into the computer network of RBS WorldPay, what was then the U.S. payment processing division of the Royal Bank of Scotland Group PLC, located in Atlanta, Georgia. The group used sophisticated hacking techniques to compromise the data encryption that was used then by RBS WorldPay to protect customer data on payroll debit cards. Payroll debit cards are used by various companies to pay their employees. By using a payroll debit card, employees are able to withdraw their regular salaries from an ATM. Once the encryption on the card processing system was compromised, the hacking ring raised the account limits on compromised accounts to amounts exceeding $1,000,000. The hackers then provided a network of cashers, equipped with 44 counterfeit payroll debit cards, withdrew more than $9 million from over 2,100 ATMs in at least 280 cities worldwide, including cities in the United States, Russia, Ukraine, Estonia, Italy, Hong Kong, Japan and Canada. The $9 million loss occurred within a span of less than 12 hours. In addition, the hacking crew obtained access to files containing 45.5 million pre-paid payroll and gift card numbers. The hackers then sought to destroy data stored on the card processing network in order to conceal their hacking activity. The cashers were allowed to keep 30 to 50 percent of the stolen funds, but transmitted the bulk of those funds back to Tšurikov and his co-defendants. Upon discovering the unauthorized activity, RBS WorldPay immediately reported the breach, and has substantially assisted in the investigation. Throughout the duration of the cashout, Tšurikov and another hacker monitored the fraudulent ATM withdrawals in real-time from within the computer systems of RBS WorldPay. Roman Seleznev, of Vladivostok, Russia, pleaded guilty before U.S. District Judge Steve C. Jones. Sentencing has not yet been scheduled. To date, the U.S. Attorney’s Office for the Northern District of Georgia has charged 14 individuals involved in the hack and cashout, including Russian nationals Viktor Pleschuk, Evgeniy Anikin, and Roman Seleznev; Estonian nationals Sergei Tsurikov, Igor Grudijev, Ronald Tsoi, Eveilyn Tsoi, and Mikhail Jevgenov; Moldovan national Oleg Covelin; Ukranian nationals Vladimir Valeyrich Tailar and Evgeny Levitskyy; Nigerian national Ezenwa Chukukere; American national Sonya Martin; and Vladislav Horohorin, who is citizen of Russia, Israel, and Ukraine. This case is being investigated by the Federal Bureau of Investigation and United States Secret Service. Assistant U.S. Attorney Kamal Ghali is prosecuting the case. Assistance was provided by the U.S. Attorney’s Office for the Western District of Washington, the Justice Department’s Office of International Affairs, and the Criminal Division’s Computer Crime and Intellectual Property Section. Source: U.S. Attorney’s Office, Northern District of Georgia. The U.S. Attorney’s Office for the District of Nevada also issued a press release about the two cases in which Seleznev pleaded guilty: LAS VEGAS, Nev. – A Russian cyber-criminal who sold stolen credit card data and other personal information through the identity theft and credit card fraud ring known as “Carder.su” pleaded guilty yesterday in two separate criminal cases to one count of participation in a racketeering enterprise and one count of conspiracy to commit bank fraud. Acting Assistant Attorney General Kenneth A. Blanco of the Justice Department’s Criminal Division, Acting U.S. Attorney Steven W. Myhre of the District of Nevada, U.S. Attorney John A. Horn of the Northern District of Georgia, Assistant Special Agent in Charge Michael Harris of U.S. Immigration and Customs Enforcement’s Homeland Security Investigations (ICE HSI), and Special Agent in Charge Brian Spellacy of the U.S. Secret Service in Las Vegas made the announcement. Roman Valeryevich Seleznev, aka Track2, aka Bulba, aka Ncux, 33, entered guilty pleas in both criminal cases at a hearing before U.S. District Judge Steve C. Jones of the Northern District of Georgia. Seleznev pleaded guilty to one count of participation in a racketeering enterprise pursuant to an indictment returned in the District of Nevada, and one count of conspiracy to commit bank fraud pursuant to an indictment returned in the Northern District of Georgia. He will be sentenced on December 11.  In connection with his guilty plea in the Nevada case, Seleznev admitted that he became associated with the Carder.su organization in January 2009. According to Seleznev’s admissions in his plea agreement, Carder.su was an Internet-based, international criminal enterprise whose members trafficked in compromised credit card account data and counterfeit identifications and […]

Convicted Russian Cyber Criminal Roman Seleznev faces charges in Atlanta

May 19 – Roman Seleznev, of Vladivostok, Russia, has been arraigned on federal cyber fraud charges associated with the 2008 hack and theft of banking credentials from RBS Worldpay, a payment processing company located in Atlanta, Georgia. Seleznev was indicted by a federal grand jury on December 22, 2014. “In 2008, an American credit card processor was hacked in what was then the most sophisticated and organized computer fraud attack ever conducted,” said U. S. Attorney John Horn. “Using banking credentials stolen during the hack, a team of hackers and cashers in 280 cities around the world stole over $9 million dollars in only 12 hours from 2,100 ATMs worldwide. The defendant is alleged to have stolen over $2,000,000 as part of that scheme.” “We must continue to impose real costs on criminals who believe they are protected by geographic boundaries and can prey on the American people and institutions with impunity. This arraignment highlights the benefits of global cooperation among the United States and international law enforcement. It further demonstrates the FBI’s long-term commitment to identifying and pursuing cyber criminals world-wide, and serves as a strong deterrent to others targeting America’s financial institutions,” said David J. LeValley, Special Agent in Charge, FBI Atlanta Field Office. “The Secret Service worked closely with the Department of Justice and the FBI to share information and resources that ultimately brought these cyber criminals to justice,” said Kenneth Cronin, Special Agent in Charge of the Secret Service’s Atlanta Field Office. “Our longstanding role in transnational cyber investigations and network intrusions was crucial in combatting this complex hacking ring and today’s arraignment proves that there is no such thing as anonymity for those engaging in data theft and fraudulent schemes.” According to U.S. Attorney Horn, the charges and other information presented in court: During November 2008, a team of hackers, including Estonian national Sergei Tšurikov and others, obtained unauthorized access into the computer network of RBS WorldPay, what was then the U.S. payment processing division of the Royal Bank of Scotland Group PLC, located in Atlanta, Georgia. The group used sophisticated hacking techniques to compromise the data encryption that was then used by RBS WorldPay to protect customer data on payroll debit cards. Payroll debit cards are used by various companies to pay their employees. By using a payroll debit card, employees are able to withdraw their regular salaries from an ATM. Once the encryption on the card processing system was compromised, the hacking ring raised the account limits on compromised accounts to amounts exceeding $1,000,000. The hackers then provided a network of cashers with 44 counterfeit payroll debit cards, which were used to withdraw more than $9 million from over 2,100 ATMs in at least 280 cities worldwide, including cities in the United States, Russia, Ukraine, Estonia, Italy, Hong Kong, Japan and Canada. The $9 million loss occurred within a span of less than 12 hours. The hackers then sought to destroy data stored on the card processing network in order to conceal their hacking activity. The cashers were allowed to keep 30 to 50 percent of the stolen funds, but transmitted the bulk of those funds back to Tšurikov and his co-defendants. Upon discovering the unauthorized activity, RBS WorldPay immediately reported the breach, and has substantially assisted in the investigation. Throughout the duration of the cashout, Tšurikov and another hacker monitored the fraudulent ATM withdrawals in real-time from within the computer systems of RBS WorldPay. Roman Seleznev, 32, a Russian national from Vladivosotk, was arraigned before U.S. Magistrate Judge Linda Walker. He is alleged to have been responsible for cashing out $2,178,349 associated with five hacked debit card numbers. To date, the U.S. Attorney’s Office for the Northern District of Georgia has charged 14 individuals involved in the hack and cashout, including Russian nationals Viktor Pleschuk, Evgeniy Anikin, and Roman Seleznev; Estonian nationals Sergei Tsurikov, Igor Grudijev, Ronald Tsoi, Eveilyn Tsoi, and Mikhail Jevgenov; Moldovan national Oleg Covelin; Ukranian nationals Vladimir Valeyrich Tailar and Evgeny Levitskyy; Nigerian national Ezenwa Chukukere; American national Sonya Martin; and Vladislav Horohorin, who is citizen of Russia, Israel, and Ukraine. On April 21, 2017, Seleznev was sentenced by the U.S. District Court for the Western District of Washington to 27 years in prison for other computer hacking crimes that caused more than $169 million in damage to small businesses and financial institutions. Seleznev is also charged in a separate indictment in the District of Nevada with participating in a racketeer influenced corrupt organization (RICO) and conspiracy to engage in a racketeer influenced corrupt organization, as well as two counts of possession of 15 or more counterfeit and unauthorized access devices. Members of the public are reminded that the indictment only contains charges. The defendant is presumed innocent of the charges and it will be the government’s burden to prove the defendant’s guilt beyond a reasonable doubt at trial. This case is being investigated by the Federal Bureau of Investigation and United States Secret Service. Assistant U.S. Attorney Kamal Ghali is prosecuting the case. Assistance was provided by the U.S. Attorney’s Office for the Western District of Washington, the Justice Department’s Office of International Affairs, and the Criminal Division’s Computer Crime and Intellectual Property Section. SOURCE: U.S. Attorney’s Office, Northern District of Georgia

Longest sentence ever handed out for hacking: Roman Seleznev Sentenced to 27 Years

There was big news in the world of hacking prosecutions yesterday. The DOJ announced that Roman Seleznev was sentenced to 27 years in prison for computer hacking crimes that reportedly caused more than $169 million in damage to small businesses and financial institutions. Prosecutors had sought a 30-year sentence to send a strong message, and the sentence appears to be the longest one ever imposed to date. Seleznev, whose case has been covered on DataBreaches.net since 2014, was convicted in 2016. “Today is a bad day for hackers around the world,” said U.S. Attorney Annette L. Hayes. “The notion that the Internet is a Wild West where anything goes is a thing of the past.  As Mr. Seleznev has now learned, and others should take note – we are working closely with our law enforcement partners around the world to find, apprehend, and bring to justice those who use the internet to steal and destroy our peace of mind.  Whether the victims are multi-national banks or small pizza joints, we are all victims when our day-to-day transactions result in millions of dollars ending up in the wrong hands.” Many of the businesses targeted by Seleznev were small businesses, and included restaurants and pizza parlors in Western Washington, including Broadway Grill in Seattle, which was forced into bankruptcy following the cyber assault.  Testimony at trial revealed that Seleznev’s scheme caused approximately 3,700 financial institutions more than $169 million in losses. Seleznev was taken into custody in July 2014 in the Maldives, and the laptop in his custody at that time contained more than 1.7 million stolen credit card numbers, including some from businesses in Western Washington.  The laptop also contained additional evidence linking Seleznev to the servers, email accounts and financial transactions involved in the scheme.  Evidence presented at trial showed that Seleznev earned tens of millions of dollars from his criminal activity. Seleznev was convicted on Aug. 25, 2016, of 10 counts of wire fraud, eight counts of intentional damage to a protected computer, nine counts of obtaining information from a protected computer, nine counts of possession of 15 or more unauthorized access devices and two counts of aggravated identity theft. Seleznev still faces charges in other federal courts. He is charged in a separate indictment in the District of Nevada with participating in a racketeer influenced corrupt organization (RICO) and conspiracy to engage in a racketeer influenced corrupt organization, as well as two counts of possession of 15 or more counterfeit and unauthorized access devices.  He is also charged in the Northern District of Georgia with conspiracy to commit bank fraud, one count of bank fraud and four counts of wire fraud. Seleznev’s father, a member of Russia’s parliament, was reportedly incensed by the sentencing. The BBC reports that Valery Seleznev said the sentence was “passed by man-eaters” and that his son was “abducted”. “My son was tortured because being in jail in a foreign country after abduction is torture in itself. He is innocent,” he told RIA Novosti news agency. Seleznev’s lawyer, Igor Litvak, reportedly claimed that the sentence is “completely unreasonable.” “No other cybercriminal has gotten a sentence a like this.”  NBC also notes that the Russian embassy in the U.S.  also tweeted that Seleznev’s 2014 arrest amounted to a kidnapping and was “unlawful.” SOURCE: Some information in this report provided by the Department of Justice.

Roman Seleznev Found Guilty on 38 Counts

I guess the jury didn’t buy the defense’s claim that the government had tampered with the evidence on Seleznev’s laptop.  A federal jury yesterday convicted a Vladivostok, Russia, man of 38 counts related to his scheme to hack into point-of-sale computers to steal and sell credit card numbers to the criminal underworld, announced Assistant Attorney General Leslie R. Caldwell of the Justice Department’s Criminal Division and U.S. Attorney Annette L. Hayes of the Western District of Washington. Roman Valerevich Seleznev, aka Track2, 32, was convicted after an eight-day trial of 10 counts of wire fraud, eight counts of intentional damage to a protected computer, nine counts of obtaining information from a protected computer, nine counts of possession of 15 or more unauthorized access devices and two counts of aggravated identity theft.  U.S. District Judge Richard A. Jones of the Western District of Washington scheduled sentencing for Dec. 2, 2016. According to testimony at trial and court documents, between October 2009 and October 2013, Seleznev hacked into retail point-of-sale systems and installed malicious software (malware) to steal credit card numbers from various businesses from a server he operated in Russia.  Many of the businesses were small businesses, some of which were restaurants in Western Washington, including the Broadway Grill in Seattle, which was forced into bankruptcy following the cyber assault. Evidence presented at trial demonstrated that the malware would steal the credit card data from the point-of-sale systems and send it to other servers that Seleznev controlled in Russia, the Ukraine or in McLean, Virginia.  Seleznev then bundled the credit card information into groups called “bases” and sold the information on various “carding” websites to buyers who would then use the credit card numbers for fraudulent purchases, according to the trial evidence.  Testimony at trial revealed that Seleznev’s scheme caused 3,700 financial institutions more than $169 million in losses. When Seleznev was taken into custody in July 2014 in the Maldives, his laptop contained more than 1.7 million stolen credit card numbers, some of which were stolen from businesses in Western Washington.  The laptop also contained additional evidence linking Seleznev to the servers, email accounts and financial transactions involved in the scheme. Seleznev is charged in a separate indictment in the District of Nevada with participating in a racketeer influenced corrupt organization (RICO) and conspiracy to engage in a RICO, as well as two counts of possession of 15 or more counterfeit and unauthorized access devices.  Seleznev is also charged in the Northern District of Georgia with conspiracy to commit bank fraud, one count of bank fraud and four counts of wire fraud.  An indictment is merely an allegation, and the defendant is presumed innocent unless and until proven guilty beyond a reasonable doubt in a court of law. The U.S. Secret Service Electronic Crimes Task Force investigated the case.  The task force includes detectives from the Seattle Police Department and the U.S. Secret Service Cyber Intelligence Section in Washington, D.C.   Trial Attorney Harold Chun of the Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS) and Assistant U.S. Attorneys Norman M. Barbosa and Seth Wilkinson of the Western District of Washington are prosecuting the case.   The CCIPS Cyber Crime Lab and its Director, Ovie Carroll, provided substantial support for the prosecution.  The Office of International Affairs and the U.S. Attorney’s Office of the District of Guam also provided assistance in this case. SOURCE: U.S.A.O., Western District of Washington

Russian Cyber-Criminal Roman Valeryevich Seleznev Sentenced to 14 Years in Prison for Role in Organized Cybercrime Ring Responsible for $50 Million in Online Identity Theft and $9 Million Bank Fraud Conspiracy

There’s an update to a case this site has been following for the past several years. A Russian cyber-criminal was sentenced today to 14 years in prison  for his role in a $50 million cyberfraud ring and for defrauding banks of $9 million through a hacking scheme. Roman Valeryevich Seleznev aka Track2, Bulba and Ncux, 33, was sentenced by U.S. District Judge Steve C. Jones of the Northern District of Georgia to serve 168 months in prison for one count of participation in a racketeering enterprise pursuant to an indictment returned in the District of Nevada, and to 168 months in prisonfor one count of conspiracy to commit bank fraud pursuant to an indictment returned in the Northern District of Georgia, with the sentences to run concurrent to one another. In both cases, Seleznev was ordered three years of supervised release to run concurrently.  He was also ordered restitution in the amount of $50,893,166.35 in the Nevada case and $2,178,349 in the Georgia case. Seleznev pleaded guilty to the charges on Sept. 7. In connection with his guilty plea in the Nevada case, Seleznev admitted that he became associated with the Carder.su organization, an identify theft and credit card fraud ring, in January 2009.  According to Seleznev’s admissions in his plea agreement, Carder.su was an Internet-based, international criminal enterprise whose members trafficked in compromised credit card account data and counterfeit identifications and committed identity theft, bank fraud, and computer crimes.  Seleznev admitted that the group tried to protect the anonymity and the security of the enterprise from both rival organizations and law enforcement.  For example, members communicated through various secure and encrypted forums, such as chatrooms, private messaging systems, encrypted email, proxies and encrypted virtual private networks. Gaining membership in the group required the recommendation of two current members in good standing. Seleznev further admitted that he sold compromised credit card account data and other personal identifying information to fellow Carder.su members.  The defendant sold members such a large volume of product that he created an automated website, which he advertised on the Carder.su organization’s websites.  His automated website allowed members to log into and purchase stolen credit card account data.  The defendant’s website had a simple interface that allowed members to search for the particular type of credit card information they wanted to buy, add the number of accounts they wished to purchase to their “shopping cart” and upon check out, download the purchased credit card information.  Payment of funds was automatically deducted from an established account funded through L.R., an online digital currency payment system. Seleznev further admitted that he sold each account number for approximately $20.  The Carder.su organization’s criminal activities resulted in loss to its victims of at least $50,893,166.35. In connection with his guilty plea in the Northern District of Georgia case, Seleznev admitted that he acted as a “casher” who worked with hackers to coordinate a scheme to defraud an Atlanta-based company that processed credit and debit card transactions on behalf of financial institutions.  Seleznev admitted that pursuant to the scheme, in November 2008, hackers infiltrated the company’s computer systems and accessed 45.5 million debit card numbers, certain of which they used to fraudulently withdraw over $9.4 million from 2,100 ATMs in 280 cities around the world in less than 12 hours. Fifty-five individuals were charged in four separate indictments in Operation Open Market, which targeted the Carder.su organization. To date, 33 individuals have been convicted and the rest are either fugitives or are pending trial. The cases were investigated by HSI, the U.S. Secret Service, and FBI.  The Nevada case was prosecuted by Trial Attorney Catherine K. Dick of the Criminal Division’s Organized Crime and Gang Section and Assistant U.S. Attorney Kimberly M. Frayn of the District of Nevada.  The Northern District of Georgia case was prosecuted by Assistant U.S. Attorney Kamal Ghali of the Northern District of Georgia. Seleznev is also a defendant in a wire fraud and computer hacking case brought by the Department of Justice in the U.S. District Court for the Western District of Washington.  On Aug. 25, 2016, a federal jury convicted Seleznev of 38 counts related to his role in a scheme to hack into point-of-sale computers to steal and sell credit card numbers to the criminal underworld.  On April 21, Seleznev was sentenced to 27 years in prison for those crimes, which will run concurrent to his sentences today.     Source: Department of Justice

Seleznev’s laptop held 1.7 million stolen credit card numbers, says prosecutor

Martha Bellisle of AP reports: When U.S. federal agents arrested a Russian man in the Maldives in 2014, they found 1.7 million stolen credit card numbers on his laptop computer, a federal prosecutor told the jury during opening statements. That was “1.7 million people who had eaten at the wrong restaurant and their personal information was sitting on that man’s computer,” assistant U.S. Attorney Seth Wilkinson said of Roman Seleznev. He had collected the credit card numbers by hacking into restaurants in Washington and other states, Wilkinson said. Read more on the Toronto Star.

Ninth Circuit Upholds 27-Year Sentence for Russian Hacker

Nathan Solis reports: A Ninth Circuit panel upheld the 27-year prison sentence of a Russian computer hacker who was extradited to the United States while on vacation with his family in the Maldives to face charges he stole credit card numbers and millions of dollars. Roman Seleznev claimed the U.S. government kidnapped him when he was finally arrested several years after some of his most lucrative heists. He also claimed his nearly three-decade sentence was an abuse of the court. Seleznev, also known by his hacker handles “Ruben Samvelich” or “Track2”, caused more than $169 million in damages when he and a group of hackers stole credit card numbers and sold them on the dark web between 2009 and 2013. Read more on Courthouse News.

Feds seek 30-year sentence for Russian master hacker convicted in Seattle

Mike Carter reports: In Russian cybercrime mastermind Roman Seleznev, the Department of Justice is boasting it finally caught and convicted a big fish in the often impenetrable world of global computer theft — and now the agency intends to make a lesson of him. Federal prosecutors will ask a Seattle judge Friday to sentence the 32-year-old Seleznev to 30 years in prison for operating a massive — maybe unprecedented — credit-card theft scheme from behind keyboards in Vladivostok, Russia, and Bali, Indonesia. Over a decade, Seleznev stole and sold on the black market more than 2 million credit-card numbers, resulting in losses of at least $170 million, and maybe into the billions, according to documents filed in U.S. District Court in Seattle. Read more on Seattle Times. It’s a good read with a lot of background on Seleznev.

Department Releases Intake and Charging Policy for Computer Crime Matters

As computers play an ever-greater role in our lives and cybercrime becomes both more commonplace and more devastating, the need for robust criminal enforcement of effective computer crime laws will only become more important.  As we’ve said in public remarks last year, we urgently need targeted updates to the Computer Fraud and Abuse Act that will help the department protect our privacy and security online.  A number of recent prosecutions have demonstrated our commitment and success in bringing significant prosecutions under these vital statutes.  Prosecutors in U.S. Attorney’s Offices across the country, in conjunction with the Computer Crime and Intellectual Property Section (CCIPS) in Washington, have brought cases against hackers and carders like Roman Seleznev and Marcel Lazar and cyberstalkers and sextortionists like Ryan Vallee and Michael Ford, and have conducted challenging and cutting-edge cybercrime operations, such as the takedown of the Darkode hacking forum last year. It is, of course, not enough to have effective laws; those laws must also be enforced responsibly and consistently.  It is also important that the public understand how the department applies the law in this context.  In order to further that goal, the Criminal Division, primarily through CCIPS, has been sharing its knowledge about cybercrime and the laws that impact cybersecurity for two decades.  We have convened public-private partnership events, published public manuals, testifiednumerous times before Congress on threats such as ransomware, participated in and recently hosted[external link] symposia and released Best Practices for Victim Response and Reporting of Cyber Incidents.  Many of these materials as well as press releases related to computer crime and intellectual property prosecutions are available at cybercrime.gov. In the course of recent litigation, the department yesterday shared the policy under which we choose whether to bring charges under the Computer Fraud and Abuse Act: the 2014 Intake and Charging Policy for Computer Crime Matters.  This document guides federal prosecutors in determining when to open an investigation or charge an offense under the Computer Fraud and Abuse Act. As set forth in the memorandum, prosecutors must consider a number of factors in order to ensure that charges are brought only in cases that serve a substantial federal interest.  Among the factors that are considered are the following: The sensitivity of the affected computer system or the information transmitted by or stored on it and the likelihood and extent of harm associated with damage or unauthorized access to the computer system or related disclosure and use of information; The degree to which damage or access to the computer system or the information transmitted by or stored on it raises concerns pertaining to national security, critical infrastructure, public health and safety, market integrity, international relations or other considerations having a broad or significant impact on national or economic interests; The extent to which the activity was in furtherance of a larger criminal endeavor or posed a risk of bodily harm or a threat to national security; The impact of the crime and prosecution on the victim or other third parties; Whether the criminal conduct is based upon exceeding authorized access consistent with several policy considerations, including whether the defendant knowingly violated restrictions on his authority to obtain or alter information stored on a computer, and not merely that the defendant subsequently misused information or services that he was authorized to obtain from the computer at the time he obtained it; The deterrent value of an investigation or prosecution, including whether the need for deterrence is increased because the activity involves a new or expanding area of criminal activity, a recidivist defendant, use of a novel or sophisticated technique, or abuse of a position of trust or otherwise sensitive level of access; or because the conduct is particularly egregious or malicious; The nature of the impact that the criminal conduct has on a particular district or community; and Whether any other jurisdiction is likely to prosecute the criminal conduct effectively, if the matter is declined for federal prosecution. In addition, the policy requires prosecutors to conduct certain types of consultation to assure consistent practice across the department’s many offices.  In particular, prosecutors must consult with CCIPS before bringing charges under the Computer Fraud and Abuse Act. We are proud of the work we have done to protect the privacy and security of Americans online.  Through this policy, the department continues to take very seriously our responsibility to seek justice for the victims of cybercrime and to do so in a fair and responsible manner. SOURCE: Department of Justice

Russian MP’s son faces trial in US over $170 million hacking scheme

If you’ve been meaning to catch up with the case against Roman Seleznev, a Times of Malta report by Martha Bellisle should help. Seleznev’s trial begins next week, and prosecutors plan to lay out evidence that they say will prove Roman Seleznev hacked into US businesses, mostly pizza restaurants in Washington state, and stole credit card information. They claim he made millions by selling that data on underground internet forums. Some of the victim entities include Red Pepper Pizza, Mad Pizza, ZPizza, Grand Central Bakery, Village Pizza, and Casa Mia. Read more on Times of Malta. Previous coverage of Seleznev’s case on this site is linked from here.