A Russian man suspected of hacking into point-of-sale systems at U.S. retailers has been arrested and faces charges in a U.S. court, the Department Justice said.
Roman Valerevich Seleznev, 30, of Moscow, also known as Track2 in the criminal credit-card selling underground, was arrested Saturday, the DOJ said. Authorities would not disclose the location of his arrest.
Seleznev was indicted in U.S. District Court for the Western District of Washington in March 2011 for allegedly operating several online forums that engaged in the distribution of stolen credit card information. He made an initial appearance in court in Guam Monday and the judge ordered him detained pending a second hearing July 22.
"Cyber crooks should take heed: you cannot hide behind distant keyboards," Jenny Durkan, U.S. attorney in the Western District of Washington, said in a statement. "We will bring you to face justice."
Seleznev, in the Washington indictment, is accused of operating a bank fraud scheme in which he hacked into retail point-of-sale systems and installed malicious software on the systems to steal credit card numbers. The point-of-sale hacking scheme ran from October 2009 to February 2011, the DOJ said in a press release.
Seleznev also created and operated infrastructure to aid the theft and sales of credit card data, using servers located all over the world to facilitate the operation, the DOJ alleged. He ran servers that hosted carding forum websites where cybercriminals gathered to sell stolen credit card numbers, according to the charges.
The charges in the indictment include five counts of bank fraud, eight counts of intentionally causing damage to a protected computer, eight counts of obtaining information from a protected computer, one count of possession of 15 or more unauthorized access devices, in this case stolen credit card numbers, as well as two counts of trafficking in unauthorized access devices and five counts of aggravated identity theft.
The charges could result in dozens of years in prison and fines of US$3 million. The maximum penalty for bank fraud, for example, is 30 years in prison and a $2 million fine, with three of the other charges having a maximum prison sentence of 10 years.
Seleznev is also charged in the District of Nevada with participating in a racketeer influenced corrupt organization (RICO) and conspiracy to engage in a racketeer influenced corrupt organization, as well as two counts of possession of 15 or more counterfeit and unauthorized access devices.
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is firstname.lastname@example.org.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.