Small Businesses Pay as Russian Man Faces U.S. Trial in $170M Hacking Scheme

August 16, 2016 by

Prosecutors describe Roman Seleznev, the son of a Russian lawmaker, as a master hacker who orchestrated an international scheme that resulted in about $170 million in fraudulent credit card purchases.

In a federal jury trial that begins this week, they plan to lay out evidence that they say will prove Seleznev hacked into U.S. businesses, mostly pizza restaurants in Washington state, and stole credit card information. They claim he made millions by selling that data on underground internet forums.

Seleznev’s lawyers plan to argue that prosecutors have failed to adequately connect Seleznev with the computer hacks that hit more than 200 businesses over several years. They have also said the U.S. Secret Service agents who arrested Seleznev mishandled his laptop, which may have compromised some evidence.

Seleznev faces a 40-count indictment that charges him with running a hacking scheme from 2008 until his arrest in the Maldives in July 2014.

Steve Bussing, owner of Red Pepper Pizza in Duvall, northeast of Seattle, told The Associated Press on Friday that he and his wife had to spend about $10,000 installing a new computer system after they learned theirs was compromised by a hacker.

“It was a huge expense” for a small business, he said, adding that the process disrupted their business as they shut down and reinstalled a new security system to protect their customers.

Bussing, along with owners and managers from Mad Pizza, ZPizza, Grand Central Bakery, Village Pizza, and Casa Mia were included on the prosecutor’s witness list and were expected to testify about the effect of the hacking on their companies.

Secret Service agents captured Seleznev as he and his girlfriend arrived at the airport on their way back to Russia. The agents flew him by private jet to Guam, where he made his first court appearance, and then to Seattle, where he is in federal custody.

Seleznev was indicted on 29 felony charges in 2011, but a month later, Seleznev suffered a brain injury in a terrorist bombing in a cafe in Morocco. He was in a coma for two weeks and underwent a series of operations, according to one of his previous lawyers.

He bears a sickle-shaped, horizontal scar on the side of his head that is visible when his hair is cut short. He speaks little English and participates in court hearings with the help of a Russian interpreter.

His father, Valery Seleznev, is a member of the Russian Parliament.

Federal prosecutors have called Roman Seleznev a “leader in the marketplace for stolen credit card numbers,” and they said he collected millions of dollars selling that data to his co-conspirators. They added 11 new counts to his indictment in October 2014, including wire and bank fraud, hacking and identity theft.

Although his lawyers have argued Seleznev’s arrest was a “kidnapping” or an “illegal rendition” that violated international law, U.S. District Judge Richard Jones has barred that argument at trial.

Seleznev used various computer names over the course of his criminal career, prosecutors said in court documents.

Between 2002 and 2009, he operated under the nickname “nCuX,” which is the transliteration of the Russian word for “psycho,” prosecutors said. He switched to “Track2” in 2009, and in 2013, he went by “2Pac” and others, they said.

Secret Service agents began monitoring nCuX’s activities in 2005 and found that in 2007, he started selling stolen credit card data online, prosecutors said. After the agents told Russian law enforcement officials that they believed nCuX was Seleznev, the person using that name posted that he was going out of business, prosecutors said.

Track2 soon began appearing on the same carding forums used by nCuX.

In 2010, Seattle police Detective David Dunn, a member of the Seattle Secret Service Electronic Crimes Task Force, investigated an intrusion into the computer systems at Schlotzky’s Deli in Coeur d’Alene, Idaho. That led him to some of the nicknames that prosecutors say Seleznev used.

Further investigation took Dunn to businesses in western Washington. He found malicious software installed at one of the businesses that was similar to what he found in Idaho.

The investigation identified “numerous forensic artifacts” that linked to Seleznev, court records said. They traced Track2’s Yahoo email accounts, which were also linked to nCuX, the documents said.

The account “contained overwhelming evidence showing that Roman Seleznev was the user of the account,” the court records said. The emails included messages from his wife, Svetlana Selezneva, and messages to Seleznev from the Russian social media site Vkontakte, the documents said.

Jury selection begins Monday. The trial is expected to run for more than two weeks.