A Russian hacker pleads guilty to online identity theft and selling credit cards data and other personal information through dark-web known as “carder.su”
According to U.S. Attorney’s Office, Roman Seleznev aka Track2, aka Bulba, aka Ncux 33 entered guilty pleas before U.S. District Judge Steve C. Jones of the Northern District of Georgia in two separate cases to one count of conspiracy to commit bank fraud and one count of conspiracy participation in a racketeering enterprise. He is scheduled for sentencing on December 11, 2017.
Seleznev admitted that he became a member of the dark-web Carder.su organization in January 2009. According to his admissions in the plea agreement, Carder.su was an online-based, international criminal platform whose members trafficked stolen credit card account data and counterfeit identifications and committed online identity theft, bank fraud, and other computer crimes.
Seleznev admitted that the cyber gang tried to protect the anonymity and the security of the platform from both rival cyber crime organizations and law enforcement. For example, members communicated through different secure and encrypted forums, such as chat rooms, instant messaging services, encrypted email, proxies and encrypted virtual private networks. Gaining membership in the gang forum required the recommendation at least two current members in good standing.
Russian hacker admitted that he created an automated online store, which he advertised on the Carder.su and sold such a large volume of compromised credit card accounts data and other personal identifying information to the members of Carder.su
The defendant’s online store had a simple interface that allowed members log into to the shop and search for the particular type of credit card information they wanted to purchase, add the card number they wished to buy to the “shopping cart” and upon check out, download the purchased credit card data. Payment of the funds was automatically deducted from an established account funded through LR (Liberty Reserve), an online digital currency payment system. Russian hacker Seleznev admitted that he sold each credit card account number for approximately $20. The Carder.su marketplace criminal activities resulted in the loss to its victims about $50,983,166.35.
Seleznev also admitted that he acted as a “cashier” who worked with cyber criminals to coordinate a scheme to defraud a company in Atlanta that processed debit and credit card transactions on behalf of financial institutions. Seleznev admitted that under the scheme, in November 2008, cyber criminals hacked the company’s computer systems and stole 45.5 million debit and credit card numbers, some of which they used to quick withdraw almost $10 million from about 2,100 ATMs in 280 cities around the world in less than 24 hours.
55 individuals were charged in four separate indictments in “Operation Open Market,” which targeted the Carder.su dark-web organization. To date, 33 people have been convicted, and the rest are either fugitives or are pending trial.
Roman Seleznev is also a defendant in a wire fraud, online identity theft and computer hacking case. On Aug. 25, 2016, a federal jury convicted Roman Seleznev of 38 counts related to his role in the scheme to hack into point-of-sale computers to steal and sell credit card information to the underground criminal forums. On April 21, 2017, Seleznev was sentenced to 27 years in prison in the U.S. District Court of Washington for those crimes.