Roman Seleznev

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
Roman Seleznev
Native name
Роман Валерьевич Селезнёв
Born1984 (age 34–35)
Other namesnCuX, Track2 (hacker name)
Known forHacking
Home townVladivostok
Criminal chargeHacking, wire fraud, racketeering
  • Valery Seleznev (father)

Roman Valerevich Seleznev (or Seleznyov[1], Russian: Роман Валерьевич Селезнёв, born 1984), also known by his hacker name Track2, is a Russian computer hacker. Seleznev was indicted in Washington in 2011, and was convicted of hacking into servers to steal credit-card data. His activities are estimated to have caused millions of dollars in losses to banks and credit-card companies. Seleznev was arrested on July 5, 2014, and was sentenced to 27 years in prison for wire fraud, intentional damage to a protected computer, and identity theft.[2]


Seleznev is the son of Valery Seleznev [ru], a member of Russia's Duma.[3] He began his activities in early 2003 on the credit card fraud site CarderPlanet, providing paid Social Security number and criminal-history research using (among others) stolen LexisNexis's accounts. Seleznev's employee later created a scanner which allowed a user to scan the internet for MSRDP open ports (3389 by default). Default configurations provided poor protection at the time, and many administrator accounts were not secured by passwords. Exploiting this vulnerability, Seleznev and his partner accessed many remote computers (including those with financial and credit-card data).

He contacted BadB, another hacker, to gain more experience in exploiting financial systems. BadB, a cybercriminal identified by USSS as Vladislav Horohorin in 2009, provided Seleznev with an automated script which can look for credit-card traces in systems and networks. Seleznev obtained his first credit-card dumps, which he resold to Horohorin. He became dissatisfied with Horohorin, and decided to begin his own credit-card-dump operation using the nickname nCuX (from Russian: псих, "psycho").

Seleznev expanded his operations in 2008 from scanning MSRDP with default (or no) passwords to developing sophisticated malware which could intercept network traffic and search network shares, distributing it through flaws in Internet browsers by injecting malicious code into advertising traffic. He infected many computers, primarily in the United States.

In 2009, Horohorin opened the first automated stolen-credit-card shop. Seleznev announced soon afterwards that he was out of business as nCuX, creating two other names (track2 and[4] and using them to operate his own automated stolen-credit-card shops. He bought advertising space in the "Dumps" section of the illegal carding forum,,[5] which was shut down in a 2012 Department of Homeland Security (DHS) operation.[6] Horohorin's advertising campaign on was also shut down, and a Denial-of-service attack ensued. He was arrested by USSS in August 2010, leaving Seleznev without competition. During a vacation in Morocco, he received a severe head injury in the 2011 Marrakesh bombing[7] and was evacuated to Moscow for surgery.

Arrest and trial[edit]

Seleznev's 2014 arrest was controversial in Russia, since he was arrested in the Maldives[8] and extradited to Guam to stand trial. For "law enforcement reasons", the U.S. Department of Justice would not disclose the location of Seleznev's arrest. According to a statement by DHS Secretary Jeh Johnson, the arrest showed that "despite the increasingly borderless nature of transitional organized crime, the long arm of justice – and the Department of Homeland Security – will continue to disrupt and dismantle sophisticated criminal organizations".[9][10]

Russian officials called Seleznev's arrest a "kidnapping", and said that the U.S. had failed to notify Russian consulates. The Russian Foreign Ministry indicated that the Maldives was the site of Seleznev's arrest, and criticized the island country for failing to follow "international legal norms".[11]

After an eight-day 2016 trial in federal court,[12] a jury found Seleznev guilty on 38 counts;[13][14] the following year, he was sentenced to 27 years' imprisonment.[2][15] On May 19, 2017, Seleznev faced charges in Atlanta;[16][17] he pled guilty that September to conspiracy to commit bank fraud,[18] and was sentenced to 14 years in prison in November.[19] Both sentences will run concurrently.[19]


  1. ^ Dennis F. Poindexter, The New Cyberwar: Technology and the Redefinition of Warfare, 2015, P.115-116, ISBN 0-78-649843-9
  2. ^ a b "Russian Cyber-Criminal Sentenced to 27 Years in Prison for Hacking and Credit Card Fraud Scheme".
  3. ^ Wilber, Del Quentin (7 July 2014). "Russian Charged by U.S. as Hacker Is Duma Member's Son". Bloomberg L.P. Retrieved 8 July 2014.
  4. ^ "Contained in the Investigation and Trial of Roman Seleznev – Dream Market URL". Retrieved 2017-09-09.
  5. ^ Phishme, Gary Warner, Uab / (2016-08-25). "CyberCrime & Doing Time: Roman Seleznev (AKA Track2 / Bulba / Zagreb / smaus) Found Guilty on 38 of 40 Charges". CyberCrime & Doing Time. Retrieved 2017-09-09.
  6. ^ "Nevada Prosecutor And Homeland Security Investigations Special Agent Receive Awards For Their Work On Cybercrime Case". Retrieved 2017-09-09.
  7. ^ "Russian deputy's son hit in Morocco blast". Retrieved 2017-09-04.
  8. ^ "Russian MP incensed after son jailed in US". BBC News. 2017-04-21. Retrieved 2017-04-22.
  9. ^ "U.S. arrests Russian in hacking of retail systems". Reuters. 7 July 2014. Retrieved 8 July 2014.
  10. ^ "Russian Arrested in Hacking Case Filed in Seattle". American Broadcasting Company. 7 July 2014. Retrieved 8 July 2014.
  11. ^ "Russia Calls U.S. Arrest of Alleged Hacker 'Kidnapping'". The Moscow Times. 8 July 2014. Retrieved 8 July 2014.
  12. ^ "Roman Seleznev Gets Nearly 30 Years In Hacking Case". 21 April 2017. Retrieved 21 May 2017.
  13. ^ "Russian Cyber-Criminal Convicted of 38 Counts Related to Hacking Businesses and Stealing More Than Two Million Credit Card Numbers".
  14. ^ Levi Pulkkinen (December 12, 2016). "The Seattle case against a Russian hacker just got weirder". Seattle Post-Intelligencer.
  15. ^ Perlroth, Nicole (21 April 2017). "Russian Hacker Sentenced to 27 Years in Credit Card Case". Retrieved 21 May 2017 – via
  16. ^ "Convicted Russian Cyber Criminal Roman Seleznev faces charges in Atlanta". Retrieved 21 May 2017.
  17. ^ "Roman Seleznev — Krebs on Security". Retrieved 21 May 2017.
  18. ^ "Russian cybcercriminal Roman Seleznev pleads guilty in Atlanta" (Press release). Atlanta: U.S. Attorney's Office, Northern District of Georgia. September 8, 2017. Retrieved 2018-05-26.
  19. ^ a b "Russian Cyber-Criminal Sentenced to 14 Years in Prison for Role in Organized Cybercrime Ring Responsible for $50 Million in Online Identity Theft and $9 Million Bank Fraud Conspiracy" (Press release). Washington, D.C.: U.S. Department of Justice. November 30, 2017. Retrieved 2018-05-26.

External links[edit]