There was big news in the world of hacking prosecutions yesterday. The DOJ announced that Roman Seleznev was sentenced to 27 years in prison for computer hacking crimes that reportedly caused more than $169 million in damage to small businesses and financial institutions. Prosecutors had sought a 30-year sentence to send a strong message, and the sentence appears to be the longest one ever imposed to date.
Seleznev, whose case has been covered on DataBreaches.net since 2014, was convicted in 2016.
“Today is a bad day for hackers around the world,” said U.S. Attorney Annette L. Hayes. “The notion that the Internet is a Wild West where anything goes is a thing of the past. As Mr. Seleznev has now learned, and others should take note – we are working closely with our law enforcement partners around the world to find, apprehend, and bring to justice those who use the internet to steal and destroy our peace of mind. Whether the victims are multi-national banks or small pizza joints, we are all victims when our day-to-day transactions result in millions of dollars ending up in the wrong hands.”
Many of the businesses targeted by Seleznev were small businesses, and included restaurants and pizza parlors in Western Washington, including Broadway Grill in Seattle, which was forced into bankruptcy following the cyber assault. Testimony at trial revealed that Seleznev’s scheme caused approximately 3,700 financial institutions more than $169 million in losses.
Seleznev was taken into custody in July 2014 in the Maldives, and the laptop in his custody at that time contained more than 1.7 million stolen credit card numbers, including some from businesses in Western Washington. The laptop also contained additional evidence linking Seleznev to the servers, email accounts and financial transactions involved in the scheme. Evidence presented at trial showed that Seleznev earned tens of millions of dollars from his criminal activity.
Seleznev was convicted on Aug. 25, 2016, of 10 counts of wire fraud, eight counts of intentional damage to a protected computer, nine counts of obtaining information from a protected computer, nine counts of possession of 15 or more unauthorized access devices and two counts of aggravated identity theft.
Seleznev still faces charges in other federal courts. He is charged in a separate indictment in the District of Nevada with participating in a racketeer influenced corrupt organization (RICO) and conspiracy to engage in a racketeer influenced corrupt organization, as well as two counts of possession of 15 or more counterfeit and unauthorized access devices. He is also charged in the Northern District of Georgia with conspiracy to commit bank fraud, one count of bank fraud and four counts of wire fraud.
Seleznev’s father, a member of Russia’s parliament, was reportedly incensed by the sentencing. The BBC reports that Valery Seleznev said the sentence was “passed by man-eaters” and that his son was “abducted”.
“My son was tortured because being in jail in a foreign country after abduction is torture in itself. He is innocent,” he told RIA Novosti news agency.
Seleznev’s lawyer, Igor Litvak, reportedly claimed that the sentence is “completely unreasonable.” “No other cybercriminal has gotten a sentence a like this.” NBC also notes that the Russian embassy in the U.S. also tweeted that Seleznev’s 2014 arrest amounted to a kidnapping and was “unlawful.”
SOURCE: Some information in this report provided by the Department of Justice.