Seleznev’s case file indicates that at the age of 18 his interest in programming grew into first hacker attempts. He made them under the name nCux, where the Latin letters could be read as a Russian word for "psycho". Seleznev registered on some clandestine forums of carders: those who made money stealing bank cards (for example, carderplanet.com and carder.org). Initially, he hacked databases to steal documents (names, dates of birth, passport and social security numbers) and after a couple of years he started stealing credit card numbers and selling the databases to other carders.
Seleznev hacked processing systems of small businesses in the US, through which all financial transactions went. He used vulnerabilities to infect the system and copy all operations on the cards; the information was then collected on the servers belonging to the hacker. By 2009, Seleznev had become one of the most prominent sellers of stolen cards in the world.
Small snack bars in Washington and other US cities were his favorite targets. The criminal case mentions several pizzerias, street food and burrito joints, bakeries (about 3.700 enterprises in total). Seleznev used small businesses because of their poor security: such enterprises do not have their own cyber security departments, they usually use bad passwords.
The US special services began to watch Seleznev in 2005. In May 2009, FBI agents met with FSB officers in Moscow. The Russians gave the Americans some evidence proving that Roman Seleznev from Vladivostok was the identity behind the nCux. A month later, in June 2009, nCux announced to the forum that he was leaving the business, after which his forum accounts were deleted. The criminal case states that it was the FSB that told Seleznev the American authorities were after him. The hacker’s emails confirm that he did keep in touch with the FSB. He texted to one of his accomplices that he had protection in the FSB Information Security Department. He also said that the FSB knew who he was and what he did.
Meduza’s source related to cyber security claims that Russians hacking foreign systems are almost never punished: they are more often involved to work for the state. All Russian hackers know the saying: "do not work on Ru" (that is, you cannot attack Russian banks and companies while in Russia). Another Meduza’s interlocutor said: "there is a widespread scheme to attract illegal hackers and to encourage them." Meduza has had a comprehensive report on the connections between Russian special services and hackers. The New York Times wrote that while one of the most wanted Russian hackers, Evgeny Bogachev (Zeus), was infesting millions of computers to steal money, "the Russian authorities were looking over his shoulder, searching the same computers for files and emails" with classified information about Ukraine and Syria.
Having deleted his former nickname, Seleznev soon began to use the names Track2 and Bulba. Soon he brought his business to a new level. In September 2009, he opened an online store of stolen cards. It looked almost like Amazon: one could search by categories, choosing between brands of cards or financial organizations. US authorities believe that Seleznev re-invented the carder market, since previously, stolen cards had appeared on separate forum threads, while now the process of stolen data exchange is optimized and automated. One April day in 2011, about a million new cards appeared in Seleznev’s store. A couple of weeks after that, he flew to Morocco and almost died in an explosion. While the man was being treated, his accomplices continued to work on the project, before closing it in January 2012.
Arrest in the Maldives
After leaving the hospital, Seleznev took himself the nickname 2Pac. He created another online store - other hackers could sell stolen goods there. Then he launched a website where it was possible to find basic instructions on how to steal bank data and use it. At the top of the site was an ad in English: "Here I'll explain how to make money. From $500 to $50.000 and even $500.000. Remember, this is an illegal way! The whole process from beginning to end." In the first month, June 2014, it was visited by 3500 people.
Seleznev earned millions of dollars. It is known that only through one of the services for the transfer of money, he received about 18 million. His exact earnings are unknown - the hacker received money through bitcoins, webmoney and other electronic wallets. He bought two houses in Bali, flew by plane from Vladivostok to the islands in the Indian Ocean. He often photographed bundles of money and expensive cars. He has a photo next to a sports car against the backdrop of St. Basil's Cathedral - almost the same as that of another arrested Russian hacker Yevgeny Nikulin (he was detained in Prague in October 2016, accused of hacking LinkedIn, Dropbox and other services, Nikulin claimed that he was required to admit that he had hacked Hillory Clinton's mailbox on the orders of Vladimir Putin).
Realizing that he could be tracked by the FBI agents, Seleznev traveled carefully. He chose countries in which there was no extradition to the United States, and bought tickets at the last minute to prevent intelligence services from monitoring their movements.
In July 2014, he went to the Maldives, where he rented a villa for 1400 dollars a day. "I took the most expensive villa, I have my own servant," he wrote to one of the accomplices.
Learning that Seleznev is in the Maldives, FBI agents asked the US State Department to use their connections with local authorities. Bloomberg described in detail how Seleznev's arrest was organized. After the talks, the head of the country's police agreed to detain the hacker, despite the absence of an extradition treaty. According to the publication, two FBI agents flew to the Maldives from Hawaii. Together with the police, they monitored Seleznev's movements. When he went to the airport, where he was due to fly to Moscow, he was detained. Hacker was put on a private plane and in 12 hours they brought to Guam, where the American military base is located.
According to the criminal case, Seleznev had a laptop with data on 1.7 million stolen credit card numbers, as well as passwords for access to servers, mail accounts and financial transfers.
After Guam Seleznev was transferred to Seattle. There he stated that the FBI agents were beating him. The agents responded that Seleznev was allowed to smoke and use cutlery. The court rejected Seleznev's claim.
The Foreign Ministry called Seleznev's arrest a kidnapping and "another unfriendly move by Washington." The father of Seleznev proposed imposing economic sanctions against the Maldives. He told that Roman was carried on eight armored cars, changing them on and off. "They made him some kind of internet bin Laden," the parliamentarian said.
A month after the arrest, a message appeared on the forum 2pac: "We apologize for the lack of updates. The boss got into a car accident, he's in the hospital."
The prosecutor said that Seleznev is the most serious cybercriminal ever brought to justice. He was described as a person with extraordinary computer skills, who returned to cybercrime several times, "increasing the scale of attacks". The damage from his actions was estimated at $170 million. The prosecutor even compared the Russian with Tony Soprano - the main character of the series The Sopranos.
"His arrest is a rare victory in the fight against Eastern European cybercriminals, the prosecution maintained. - Many hackers live in Russia, which does not extradite criminals to the United States. If Seleznev is released, then, given his links with Russian law enforcement agencies, he will act at home with impunity."
Before the verdict, Seleznev admitted his guilt. Before that, he refused to cooperate with the investigation and delayed the process. In the criminal case there is a transcript of his telephone prison conversations with his father. They discuss the "Uncle Andrey variant" - delaying the consideration of the case, at which Seleznev first becomes ill, and then ceases to communicate with lawyers. It worked: before the hearing the defense filed a notice of withdrawal from the case because of disagreements with the client; the meeting was postponed to November from May 2015. The transfer of the case led to additional costs due to the fact that witnesses in the case had already flown to court in Seattle from Sri Lanka, Honolulu and Chicago.
Before the verdict, he wrote a letter to the court by hand, in which he briefly retold his biography, telling that he had contacted the criminal world because of his difficult childhood. "I tried to find a job on the Internet, and everything went downhill," Seleznev said. "I chose the wrong path - I hacked into computers for thievery."
The verdict to Seleznev was taken in April 2017 - when the story of the alleged interference of Russian hackers in the presidential elections in the US has been one of the main topics in the American media for several months. He was sentenced to 27 years - the longest period that has ever been given in the US for cybercrime. "I am a political prisoner. I am a tool for the US government," Seleznev said after the verdict. "They want to send a signal to the whole world, using me as a pawn. In light of my head injury, today's sentence can be considered fatal." His father called the decision "a sentence of cannibals." In September 2017, Seleznev admitted the charges upon two more counts - they caused a loss of about $52 million.
Bold for Mother Russia
On March 22, 2012, the head of the most successful Russian cybersport organization of those years Moscow Five Dmitriy Smilianets (Bravy - Bold) announced that the team has a curator - businessman and dollar billionaire Sergey Matvienko (son of Valentina Matvienko, the Federation Council speaker). He said that the negotiations with Matvienko were held in parallel with the victories of the Moscow Five team in the League of Legends in the World Cup final (Meduza spoke in detail about the Russian teams in LOL). On the Moscow Five website, a joint photo of Smilianets and Matvienko appeared: Smilianets dressed in his blue Adidas sweatshirt, Matvienko's son is sitting next to a buffalo stuffed animal.