A Thing
The Green SheetGreen Sheet

Tuesday, April 25, 2017

One hacker down, law enforcement ramps up

The April 21, 2017, sentencing of a Russian hacker to 27 years in prison reflects an escalating global fight against cybercrime. The U.S. Secret Service Electronic Crimes Task Force initially investigated the case, receiving assistance from the CCIPS Cyber Crime Lab and the Office of International Affairs and U.S. Attorney's Office for the District of Guam. Combined efforts of government agencies and law enforcement led to the arrest and trial of 32-year-old Roman Valeryevich Seleznev, authorities stated.

Seleznev, operating under the alias Track2, had infected POS systems with malware to steal and resell credit card data on dark websites. When taken into custody in the Maldives in April 2014, he reportedly had more than 1.7 million stolen credit card accounts stored in his laptop, mostly from small merchants in the western area of Washington State. The breaches affected approximately 3,700 financial institutions and more than 500 small merchants, representing more than $169 million in combined losses, according to sources familiar with the investigation.

Crime has no borders

Judge Richard A. Jones, of the U.S. Western District of Washington State, convicted 32-year-old Seleznev on 38 counts, as follows:

  • 10 counts of wire fraud
  • 8 counts of intentional damage to a protected computer
  • 9 counts of obtaining information from a protected computer
  • 9 counts of possession of 15 or more unauthorized access devices
  • 2 counts of aggravated identity theft

Seleznev may face additional charges in other U.S. jurisdictions, including racketeering and possession of illegal access devices in the District of Nevada and bank and wire fraud charges in the Northern District of Georgia.

Seattle Chief of Police Kathleen O'Toole said, "Crime has no borders. This individual is responsible for defrauding victims out of millions of dollars in Seattle alone, and we are proud to work with our federal partners to bring him to justice."

Escalating fight

David Vergara, Head of Global Product Marketing at Vasco Data Security, said the Seleznev case reinforces the point that cybercrime comes in many shapes, sizes and channels, but is all designed to monetize stolen data, using malware as the primary transmission vehicle.

"The escalating threat of cybercrime is clearly galvanizing government agencies to increase collaboration and share talented resources," he said. "This is evident in the effort required to nab this Russian hacker that single-handedly caused $169 million in financial losses, and even drove some businesses under."

Vergara further noted that small businesses, with typically weak security, represent the path of least resistance to most hackers, who leverage disciplined coding skills, extensive networks and knowledge of their targets to maximize results.

For Seleznev, it was "a simple volume game, peeling millions of credit card numbers from point-of-sale systems at smaller restaurants, for example, with well-crafted malware," Vergara said. "Although this hacker generated tens of millions in personal gains through sophisticated POS attacks, increased focus and collaboration between government agencies ultimately won him 27 years behind bars."

Improved security, vigilance

Adam Atlas, Attorney at Law expressed a hope shared by numerous industry experts that "chip-and-PIN adoption, as well as better PCI compliance on the part of merchants, will result in this kind of criminal activity being less tempting for bad actors."

Atlas said victims of crimes should never be held responsible for crimes, but he emphasized the need for all payments industry stakeholders to understand and implement security guidelines, such as the Payment Card Industry Data Security Standard (PCI DSS).

"I think issuers also have a role to play in terms of connecting the dots between the IP addresses where cards are usually used and where they are suddenly used for criminal purposes," he added. "In short, all parts of the payment system are part of the solution to fight cybercrime." end of article

Editor's Note:

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

2022 2021 2020 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007
A Thing