The U.S. Secret Service said it has arrested who it believes is one of the world's most prolific traffickers of stolen financial information.
On Saturday, the Secret Service arrested Roman Valerevich Seleznev, a Russian national, in Guam on charges that he hacked into in-store cash register systems at retailers throughout the United States between 2009 and 2011. The Secret Service would not say whether his arrest is tied to the recent spate of cyberattacks that affected the in-store cash register systems at Target, Neiman Marcus, Michaels and other retailers last year.
As long ago as March 2011, the U.S. Attorney's Office in Washington state identified Seleznev in a sealed indictment as "Track2," an underground alias that is an apparent reference to the Track 2 data that can be pulled off the magnetic strips of credit and debit cards. Such data include enough basic information, such as account numbers and expiration dates, that can be used to make fraudulent purchases.
The indictment accuses Seleznev of hacking into the cash register systems of businesses across the United States and of operating computer servers and international online forums in Russia, Ukraine and elsewhere where such stolen data is traded in the digital underground.
In a statement Monday, the Secret Service said Seleznev's charges include five counts of bank fraud; eight counts of intentionally causing damage to a protected computer; eight counts of obtaining information from a protected computer; one count of possession of 15 or more unauthorized access devices; two counts of trafficking unauthorized access devices; and five counts of aggravated identity theft.
According to the indictment, which was unsealed Monday, Seleznev is accused of scanning devices for weaknesses and inserting malware capable of stealing credit card information.
He will be held in custody in Guam until his next hearing in two weeks.
Seleznev faces up to 30 years in prison if convicted of bank fraud. Charges of intentionally causing damage to a protected computer are punishable by up to 10 years, and charges of obtaining information from a protected computer can get a five-year sentence. He also faces 10 years for possessing more than 15 unauthorized access devices and another 10 years for trafficking in such devices. If convicted of aggravated identity theft, he would face two years.