Notorious Russian cyber-criminal Roman Seleznev has been sent down for 27 years for stealing and selling on the darknet the credit card details of millions of mainly American consumers.
The 32-year-old from Vladivostok is said to have caused over $169m in damages to credit card companies and small businesses after targeting the latter with POS malware between October 2009 and October 2013.
He stole millions of card numbers remotely in this manner, from more than 500 US businesses, earning tens of millions in the process, according to the Department of Justice.
One targeted business, Broadway Grill in Seattle, is said to have filed for bankruptcy as a result of the attack.
Seleznev was convicted on 38 counts last August: 10 of wire fraud; eight of intentional damage to a protected computer; nine of obtaining information from a protected computer; nine of possession of 15 or more unauthorized access devices and two counts of aggravated identity theft.
To add further insult to Moscow, the hacker is the son of prominent Putin ally and member of the Russian parliament, Valery Seleznev.
The Kremlin labelled his 2014 arrest by Secret Service officers in the Maldives as a “kidnapping”, despite investigators finding 1.7 million stolen credit card numbers on Seleznev junior’s laptop.
“Today is a bad day for hackers around the world,” said US attorney Annette Hayes in a statement.
“The notion that the internet is a Wild West where anything goes is a thing of the past. As Mr. Seleznev has now learned, and others should take note – we are working closely with our law enforcement partners around the world to find, apprehend, and bring to justice those who use the internet to steal and destroy our peace of mind. Whether the victims are multi-national banks or small pizza joints, we are all victims when our day-to-day transactions result in millions of dollars ending up in the wrong hands.”
As if this 27-year sentence isn’t enough, Seleznev is also facing separate charges in Nevada relating to alleged participation in a racketeer-influenced corrupt organization (RICO), as well as possession of counterfeit and unauthorized access devices.
In related news, his compatriot Peter Levashov, who was arrested in Barcelona after a joint operation between Spanish and US law enforcers, was charged with multiple offences on Friday as part of an eight-count indictment.
They relate to Levashov’s alleged operation of the notorious Kelihos botnet, which is said to have enabled him to steal users’ log-ins, send out spam and install malware including ransomware on targeted computers.