ATLANTA — A Russian cybercriminal who officials say helped hackers get fraudulent access to millions of debit card numbers and steal millions of dollars was sentenced this week in Atlanta to spend 14 years in prison — a sentence that will be served simultaneously with a 27-year term he was already serving.
Roman Seleznev, 33, coordinated with hackers to infiltrate an Atlanta-based company that processed credit and debit card transactions for financial institutions, the U.S. attorney’s office said Friday in a news release. They accessed 45.5 million debit card numbers and used some of them to withdraw $9.4 million from 2,100 ATMs in 280 cities around the world in a period of less than 12 hours in November 2008, prosecutors said.
Cybercriminals use aliases to operate anonymously on the dark web, parts of the internet reached using special software. Seleznev was known as Track2, Bulba and Ncux, prosecutors said.
Seleznev pleaded guilty Sept. 7 to a federal conspiracy to commit bank fraud charge in Georgia. U.S. District Judge Steve C. Jones on Thursday sentenced him to serve 14 years. Jones also sentenced Seleznev to serve 14 years on a separate federal charge of participation in a racketeering enterprise out of Nevada. He’s also responsible for restitution of more than $50 million in the Nevada case and more than $2 million in the Georgia case.
The two 14-year sentences are to be served at the same time as a 27-year sentence that Seleznev received in April in Washington state after a conviction there last year.
In the Nevada case, Seleznev admitted that he became associated in January 2009 with Carder.su, an online international criminal organization that trafficked stolen data to commit identity theft, bank fraud and computer crimes, prosecutors said. He said he sold compromised credit card account data and other personal identifying information to other members of the organization, prosecutors said. Victims suffered losses of more than $50 million as a result of Carder.su criminal activity, prosecutors said.
In a letter to the judge that was filed with the court, Seleznev apologized and said he wants to help pay restitution using the $18.48 he gets each month for his work detail at the U.S. penitentiary in Atlanta.
“My actions were selfish,” he wrote. “I was a desperate, lonely child trying to survive in this world — however I have chosen the wrong path. Instead of creating things I was destroying them. I thought it was an easy way; it appears it was the wrong way.”
A federal jury in Washington state in August 2016 found Seleznev guilty on 38 charges, including hacking and wire fraud, for hacking into more than 500 U.S. businesses and stealing millions of credit card numbers, which he then sold on special websites.
A federal judge in Washington in April sentenced him to serve 27 years in prison — a record in the U.S. for a cybercrime case — and ordered him to pay nearly $170 million in restitution.
U.S. Secret Service agents arrested Seleznev with the help of local police in the Maldives in 2014 as he and his girlfriend arrived at an airport on their way back to Russia. The agents flew him to Guam, where he made his first court appearance, and then to Seattle, where he was placed in federal custody.