The U.S. Secret Service has arrested a Russian man indicted on charges that he stole more than 200,000 credit-card numbers from U.S. retailers, including eight Puget Sound-area restaurants.
According to Secret Service officials, Saturday’s arrest marks one of the agency’s most significant busts of an alleged cybercriminal dealing in stolen credit-card information.
Roman Seleznev, 30, of Moscow, is accused of creating and operating a fraud scheme that used servers located all over the world to hack hundreds of businesses across the U.S. from October 2009 to February 2011. He was indicted in March 2011 in Seattle.
He was apprehended Saturday in a location that has not yet been made public, according to the U.S. Attorney’s Office, and was transported to Guam for an initial court appearance. Seleznev is awaiting a second hearing scheduled for July 22.
Most Read Stories
In a statement Monday, the U.S. Attorney’s Office said Seleznev’s charges included bank fraud, intentionally causing damage to a protected computer, obtaining information from a protected computer, possession of 15 or more unauthorized access devices, trafficking unauthorized access devices and aggravated identity theft.
According to the 2011 indictment, which was released Monday, Seleznev’s operation accessed computers and installed malware that identified and stole credit-card information.
Seleznev is accused of renting and operating servers located all around the world, in such places as Ukraine and Russia, to break into the computers.
The indictment states that Seleznev and his associates would then sell the numbers in online forums for cybercriminals charging $20 to $30 for the majority of the stolen numbers.
The Secret Service’s Seattle office was alerted to the thefts in November 2010, when customers at the former Broadway Grill on Capitol Hill complained of fraudulent charges on their cards, according to Secret Service agent Bob Kierstead.
Two Seattle Police Department detectives aided the Secret Service Electronic Crimes Task Force in the investigation, Kierstead said.
“The attacks were very sophisticated. You’re dealing with skilled hackers,” Kierstead said. “But they left signatures, or the equivalent of electronic fingerprints, that helped us track them.”
Investigators were able to identify Seleznev as a suspect within two to three months, Kierstead said.
“What took a painstaking amount of effort and time on our part after identifying him was actually tracking him down to make an arrest,” Kierstead said.
The other Washington businesses Seleznev allegedly hacked were Grand Central Baking, Mad Pizza locations in Seattle and Tukwila, Village Pizza in Anacortes and the Casa Mia Italian Restaurant in Yelm, Thurston County.
The indictment estimates that revenues from the scheme exceeded $2 million for Seleznev and his associates through the sale of more than 140,000 credit-card numbers.
“The bank and credit-card industry is going to take the financial loss in these situations,” Kierstead said. “As long as the card holders reported it after it happened they should get their money back.”
The indictment estimated loss to financial institutions that issued the hacked cards exceeded $1.7 million.
“As we rely on our credit cards more and more,” Kierstead said, “we become vulnerable for these types of attacks and need to work to make sure we are protected. But in the end no system is perfect; these really skilled hackers can find a way in.”
Erin Heffernan can be reached at firstname.lastname@example.org or 206-464-3249.