Roman Seleznev

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
Roman Seleznev
Роман Валерьевич Селезнёв
Roman Seleznev.jpg
Born1984 (age 35–36)
Other namesnCuX, Track2, Bulba, Zagreb, shmak, smaus (hacker names)[1]
Known forHacking
Home townVladivostok
Criminal charge(s)Hacking, wire fraud, racketeering
  • Valery Seleznev (father)

Roman Valerevich Seleznev[a] (or Seleznyov,[2] Russian: Роман Валерьевич Селезнёв, born 1984), also known by his hacker name Track2, is a Russian computer hacker. Seleznev was indicted in Washington in 2011, and was convicted of hacking into servers to steal credit-card data. His activities are estimated to have caused more than $169 million in damages to businesses and financial institutions.[3] Seleznev was arrested on July 5, 2014, and was sentenced to 27 years in prison for wire fraud, intentional damage to a protected computer, and identity theft.[3]

Early life[edit]

Seleznev is the son of Valery Seleznev [ru], a member of Russia's Duma.[4]

Hacking career[edit]

Operation Firewall[edit]

He began his activities in early 2003 on the credit card fraud site CarderPlanet, providing paid Social Security numbers and criminal-history research using (among others) stolen LexisNexis accounts. Seleznev's employee later created a scanner which allowed a user to scan the internet for MSRDP open ports (3389 by default). Default configurations provided poor protection at the time, and many administrator accounts were not secured by passwords. Exploiting this vulnerability, Seleznev and his partner accessed many remote computers, including those with financial and credit-card data).

He contacted BadB, another hacker, to gain more experience in exploiting financial systems. BadB, a cybercriminal identified in 2009 as Vladislav Horohorin, provided Seleznev with an automated script to look for credit card traces in systems and networks. With this script, Seleznev obtained his first credit-card dumps, which he resold to Horohorin. He became dissatisfied with Horohorin, and decided to begin his own credit-card-dump operation using the nickname nCuX (from Russian: псих, "psycho").

Seleznev expanded his operations in 2008 from scanning MSRDP with default (or no) passwords to developing sophisticated malware which could intercept network traffic and search network shares, distributing it through flaws in Internet browsers by injecting malicious code into advertising traffic. He infected many computers, primarily in the United States.

By May 2009, USSS believed they had collected enough information to come to the conclusion that nCuX was probably the identity of Roman Seleznev. They had a meeting with the Russian intelligence agency FSB in which they shared information from their investigation and their belief that nCuX was Seleznev.[5] Shortly after this meeting, in June 2009, nCuX closed all of his accounts and disappeared from the Internet.[5]

After shutting down nCuX, Seleznev created two other names (Track2 and Bulba)[5] and used them to operate his own automated stolen-credit-card shops. He bought advertising space in the "Dumps" section of the illegal carding forum,,[6] which was shut down in a 2012 Department of Homeland Security (DHS) operation.[7] Horohorin's advertising campaign on was also shut down, and a Denial-of-service attack ensued. He was arrested by USSS in August 2010, leaving Seleznev without competition.

During a vacation in Morocco, he received a severe head injury in the 2011 Marrakesh bombing[8] and was evacuated to Moscow for surgery.

Arrest and trial[edit]

In the Maldives[edit]

Seleznev's 2014 arrest was controversial in Russia. Russian officials called his arrest a "kidnapping", and said that the U.S. had failed to notify Russian consulates. The DOJ initially refused to disclose the location of Seleznev's arrest, but prosecutors later revealed he was arrested while on vacation at Kanifushi Resort in the Maldives.[9] The Russian Foreign Ministry criticized the island country for failing to follow "international legal norms",[10] which prosecutors claimed was justified based on the noncooperation of the FSB in 2009 and the scope of Seleznev's crimes.[11] As the Maldives does not have an extradition treaty with the United States, the USSS negotiated directly with the Maldivian government to arrange an expulsion of Seleznev into United States law enforcement custody,[11] from which he was sent to Guam to await trial.[9]

DHS Secretary Jeh Johnson said in a statement the arrest showed that "despite the increasingly borderless nature of transitional organized crime, the long arm of justice – and the Department of Homeland Security – will continue to disrupt and dismantle sophisticated criminal organizations".[12]

In 2016, after a 1½-week trial in the United States District Court for the Western District of Washington,[13] a jury found Seleznev guilty on 38 counts;[14][15] the following year, he was sentenced to 27 years' imprisonment.[3][16] On May 19, 2017, Seleznev faced charges in Atlanta[17] and Nevada[18]; he pled guilty that September to conspiracy to commit bank fraud,[19] and was sentenced to 14 years in prison in November.[20] This sentence will run concurrently with his original sentence.[20]

Seleznev is currently being held at the medium security prison FCI Butner in North Carolina, after being transferred from USP, Atlanta in 2018.[21] He requested to be transferred to FCI Butner due to the prison's good living conditions and hospital.[21][22]


  1. ^ Because Seleznev was a politician's child his name had to be redacted on Department of Justice documents when Operation Open Market had occurred initially.


  1. ^ "USA V. ROMAN SELEZNEV, No. 17-30085 (9th Cir. 2019)". Justia Law. Retrieved 2019-12-30.
  2. ^ Dennis F. Poindexter, The New Cyberwar: Technology and the Redefinition of Warfare, 2015, P.115-116, ISBN 0-78-649843-9
  3. ^ a b c "Russian Cyber-Criminal Sentenced to 27 Years in Prison for Hacking and Credit Card Fraud Scheme". Department of Justice Office of Public Affairs. U.S. Department of Justice. April 21, 2017. Archived from the original on December 30, 2019.
  4. ^ Wilber, Del Quentin (7 July 2014). "Russian Charged by U.S. as Hacker Is Duma Member's Son". Bloomberg L.P. Retrieved 8 July 2014.
  5. ^ a b c Barbosa, Norman; Chun, Harold (July 2017). "Ochko123 – How the Feds Caught Russian Mega-Carder Roman Seleznev". Black Hat Briefings. Archived from the original on June 18, 2018. Retrieved August 25, 2017.
  6. ^ Phishme, Gary Warner, Uab / (2016-08-25). "CyberCrime & Doing Time: Roman Seleznev (AKA Track2 / Bulba / Zagreb / smaus) Found Guilty on 38 of 40 Charges". CyberCrime & Doing Time. Retrieved 2017-09-09.
  7. ^ "Nevada Prosecutor And Homeland Security Investigations Special Agent Receive Awards For Their Work On Cybercrime Case". Retrieved 2017-09-09.
  8. ^ "Russian deputy's son hit in Morocco blast". Retrieved 2017-09-04.
  9. ^ a b Radia, Kirit (July 8, 2014). "Russia Claims Alleged Hacker Was 'Kidnapped' by US 'Agents'". ABC News. Archived from the original on December 30, 2019. Retrieved 2019-12-28.
  10. ^ "Russia Calls U.S. Arrest of Alleged Hacker 'Kidnapping'". The Moscow Times. 8 July 2014. Archived from the original on December 30, 2019. Retrieved 8 July 2014.
  11. ^ a b Barbosa, Norman; Chun, Harold (July 2017). "Ochko123 – How the Feds Caught Russian Mega-Carder Roman Seleznev". Black Hat Briefings. Archived from the original on June 18, 2018. Retrieved August 25, 2017.
  12. ^ "U.S. arrests Russian in hacking of retail systems". Reuters. 7 July 2014. Retrieved 8 July 2014.
  13. ^ Clarridge, Christine (August 26, 2016). "Son of Russian Parliament member convicted in massive hacking, ID-theft scheme". The Seattle Times. Retrieved 2019-12-28.
  14. ^ "Russian Cyber-Criminal Convicted of 38 Counts Related to Hacking Businesses and Stealing More Than Two Million Credit Card Numbers". Department of Justice. August 25, 2016.
  15. ^ Levi Pulkkinen (December 12, 2016). "The Seattle case against a Russian hacker just got weirder". Seattle Post-Intelligencer.
  16. ^ Perlroth, Nicole (21 April 2017). "Russian Hacker Sentenced to 27 Years in Credit Card Case". Retrieved 21 May 2017 – via
  17. ^ "Roman Seleznev — Krebs on Security". Retrieved 21 May 2017.
  18. ^ "Convicted Russian Cyber Criminal Roman Seleznev faces charges in Atlanta". Retrieved 21 May 2017.
  19. ^ "Russian cybcercriminal Roman Seleznev pleads guilty in Atlanta" (Press release). Atlanta: U.S. Attorney's Office, Northern District of Georgia. September 8, 2017. Retrieved 2018-05-26.
  20. ^ a b "Russian Cyber-Criminal Sentenced to 14 Years in Prison for Role in Organized Cybercrime Ring Responsible for $50 Million in Online Identity Theft and $9 Million Bank Fraud Conspiracy" (Press release). Washington, D.C.: U.S. Department of Justice. November 30, 2017. Retrieved 2018-05-26.
  21. ^ a b Norder, Lois (Feb 28, 2018). "Atlanta prison too harsh for Russian hacker". The Atlanta Journal-Constitution. Archived from the original on December 30, 2019. Retrieved December 30, 2019.
  22. ^ "Russian citizen sentenced in US sent to prison with milder conditions". TASS. 28 Feb 2018. Retrieved 2019-12-30.

External links[edit]