Tuesday, April 25, 2017
Seleznev, operating under the alias Track2, had infected POS systems with malware to steal and resell credit card data on dark websites. When taken into custody in the Maldives in April 2014, he reportedly had more than 1.7 million stolen credit card accounts stored in his laptop, mostly from small merchants in the western area of Washington State. The breaches affected approximately 3,700 financial institutions and more than 500 small merchants, representing more than $169 million in combined losses, according to sources familiar with the investigation.
Judge Richard A. Jones, of the U.S. Western District of Washington State, convicted 32-year-old Seleznev on 38 counts, as follows:
Seleznev may face additional charges in other U.S. jurisdictions, including racketeering and possession of illegal access devices in the District of Nevada and bank and wire fraud charges in the Northern District of Georgia.
Seattle Chief of Police Kathleen O'Toole said, "Crime has no borders. This individual is responsible for defrauding victims out of millions of dollars in Seattle alone, and we are proud to work with our federal partners to bring him to justice."
David Vergara, Head of Global Product Marketing at Vasco Data Security, said the Seleznev case reinforces the point that cybercrime comes in many shapes, sizes and channels, but is all designed to monetize stolen data, using malware as the primary transmission vehicle.
"The escalating threat of cybercrime is clearly galvanizing government agencies to increase collaboration and share talented resources," he said. "This is evident in the effort required to nab this Russian hacker that single-handedly caused $169 million in financial losses, and even drove some businesses under."
Vergara further noted that small businesses, with typically weak security, represent the path of least resistance to most hackers, who leverage disciplined coding skills, extensive networks and knowledge of their targets to maximize results.
For Seleznev, it was "a simple volume game, peeling millions of credit card numbers from point-of-sale systems at smaller restaurants, for example, with well-crafted malware," Vergara said. "Although this hacker generated tens of millions in personal gains through sophisticated POS attacks, increased focus and collaboration between government agencies ultimately won him 27 years behind bars."
Adam Atlas, Attorney at Law expressed a hope shared by numerous industry experts that "chip-and-PIN adoption, as well as better PCI compliance on the part of merchants, will result in this kind of criminal activity being less tempting for bad actors."
Atlas said victims of crimes should never be held responsible for crimes, but he emphasized the need for all payments industry stakeholders to understand and implement security guidelines, such as the Payment Card Industry Data Security Standard (PCI DSS).
"I think issuers also have a role to play in terms of connecting the dots between the IP addresses where cards are usually used and where they are suddenly used for criminal purposes," he added. "In short, all parts of the payment system are part of the solution to fight cybercrime."
Editor's Note:
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.
