A jury is weighing whether the son of a Russian lawmaker hacked into U.S. businesses to steal credit card information and made millions selling the data to criminals.
“He is one of the most prolific credit card traffickers in history,” Assistant U.S. Attorney Norman Barbosa said Wednesday of Roman Seleznev at the close of the eight-day trial. “He was stealing from merchants and banks all over the world.”
The jury began deliberating following closing arguments just after noon and was released for the day at 4:30 p.m. They’ll be back at 9 a.m. Thursday.
They must decide whether Seleznev is guilty of 40 charges that range from bank and wire fraud, hacking and identity theft.
The victim businesses that form the basis of the charges, mostly pizza restaurants in Washington State, had to spend tens of thousands of dollars to fix their computers and lost business and customer trust because of the hacks, prosecutors said. The thefts resulted in almost $170 million in credit card losses around the world, Barbosa said.
Sitting at his keyboard in Vladivostok, Russia, and using the online nicknames “Track2,” ”Bulba” and “2Pac,” Seleznev masterminded an international scheme dating back to 2008, Barbosa said.
During her closing argument, Seleznev’s lawyer, Emma Scanlan, urged the jury to question whether prosecutors made a clear link between the prosecution’s evidence — the malware put on unsuspecting businesses, the internet servers holding the credit card numbers, the online nicknames to hide his identity — and the man sitting at the defense table.
Prosecutors claimed that Seleznev left his “digital fingerprints all over the crime scene,” she said, but would an internet criminal who hides behind secret nicknames to protect his identity really use that same computer to send flowers to his wife or buy plane tickets using his real name?
“Is he a sophisticated hacker or is he a total idiot?” Scanlan asked. “You can’t have it both ways.”
When U.S. Secret Service agents arrested Seleznev at a Maldives airport in 2014, they found 1.7 million stolen credit card numbers on his computer and a “password cheat sheet” for the computer servers that stored that stolen data, Barbosa said.
“His username and passwords tied him to everything,” Barbosa said.
But the defense accused the agents involved in the investigation of tampering with the defendant’s laptop computer after his arrest.
The agent who took the laptop failed to bring a special container, a “Faraday enclosure,” that would protect it during transport, Scanlan said. And the agents didn’t turn the laptop off or plug it in when they stored it in the Secret Service vault for 23 days, she said.
“We expect the U.S. Secret Service, who specializes in these cases, would do it correctly,” she said.
In his rebuttal, Assistant U.S. Attorney Harold Chun said the evidence found on the laptop was only the “frosting on the cake.” The investigation that took place over several years had already established that the hacker was Roman Seleznev. The malware on the victim computers, the usernames and passwords on the servers that held the stolen data are linked back to one man: Seleznev.
“The evidence from all of these places matches up,” Chun said.