Roman Valeryevich Seleznev, a Russian hacker also know by the hacker handles "Track2," "NCUX," and "Bulba," was sentenced on Friday by U.S. District Judge Richard Jones to serve 27 years in federal prison, a record sentence in the United States for hacking-related charges. On top of the 27 years, Seleznev also faces potentially even more jail time if found guilty in two other federal criminal cases that remain underway.
Seleznev was convicted this past August for stealing credit card data in the United States and then selling the card details; his crimes are alleged to have inflicted nearly $170 Million in damage to US businesses. According to the Justice Department, he acquired the numbers between 2009 and 2013 by hacking into retail point-of-sale systems and installing malware that captured credit card numbers (and associated information) from millions of people making charges at more than 500 businesses. The Justice Department claims that he transmitted the stolen card numbers to servers that he controlled both in the United States and overseas, and, then sold the pilfered information on the dark net to others who used the card numbers to make fraudulent purchases.
Many of Seleznev's targets were small businesses - which notoriously do not practice adequate information security (click here to learn how small business can stay cyber-secure without spending a lot of money) - and some even blamed later bankruptcies on repercussions from Seleznev's crimes.
Seleznev's father, a member of the Russian parliament, and an ally of Russian President Vladimir Putin, expressed his outrage at the sentence, claiming "My son was tortured because being in jail in a foreign country after abduction is torture in itself. He is innocent."
While the severity of Seleznev's sentence does appear unusual, it is important to remember that he did not cooperate with prosecutors or seek and take a plea deal prior to trial, as many other hackers have done. He also faced overwhelming evidence that he made many millions of dollars by stealing credit card numbers while harming hundreds of businesses - clearly not a minor form of hacking. And, other non-hacking-related cybercrime has been punished more harshly -- Ross Ulbricht, who operated the dark web market, Silk Road, for example, was sentenced to life in prison.
The US government hopes the sentence serves as a warning to would be cybercriminals.
"This investigation, conviction and sentence demonstrates that the United States will bring the full force of the American justice system upon cybercriminals like Seleznev who victimize U.S. citizens and companies from afar," said Acting Assistant Attorney General Kenneth Blanco. "And we will not tolerate the existence of safe havens for these crimes - we will identify cybercriminals from the dark corners of the Internet and bring them to justice."
US Attorney Annette L Hayes noted about the sentencing "Today is a bad day for hackers around the world. The notion that the internet is a Wild West where anything goes is a thing of the past. Whether the victims are multi-national banks or small pizza joints, we are all victims when our day-to-day transactions result in millions of dollars ending up in the wrong hands."