A jury convicted a Russian man Thursday of hacking into U.S. businesses to steal credit card information and orchestrating an international online theft scheme that made him millions of dollars.
Jurors deliberated over two days before finding Roman Seleznev guilty of 38 charges, including nine counts of hacking and 10 counts of wire fraud. He could face up to 34 years in prison when he’s sentenced Dec. 2.
Seleznev hacked into businesses, mostly pizza restaurants in Washington state, and stole millions of credit card numbers that he sold on underground internet forums, authorities said. The thefts led to almost $170 million in credit card losses around the world and made him “one of the most prolific credit card traffickers in history,” prosecutors said.
Seleznev, son of a Russian Parliament member, had faced a 40-count indictment that charged him with running the hacking scheme from 2010 until his arrest in the Maldives in July 2014.
U.S. Secret Service agents captured Seleznev as he and his girlfriend arrived at the airport on their way back to Russia. The agents flew him by private jet to Guam and then to Seattle, where he has been in federal custody.
Seleznev was indicted on 29 felony charges in 2011, but a month later, Seleznev suffered a brain injury in a terrorist bombing in a cafe in Morocco. He was in a coma for two weeks and underwent a series of operations, according to one of his previous lawyers.
Federal prosecutors, calling Seleznev a leader in the marketplace for stolen credit card numbers, added 11 new counts to his indictment in October 2014, including wire and bank fraud, hacking and identity theft.
Although his lawyers have argued Seleznev’s arrest was a “kidnapping” or an “illegal rendition” that violated international law, a federal judge barred that argument at trial.
The defense focused on challenging the evidence from Seleznev’s laptop, seized by Secret Service agents during his arrest. His lawyers claim the agents mishandled the computer and failed to adequately secure it while it was kept in a vault in Seattle.
The only defense witness testified that the machine may have been tampered with, and the attorneys said any evidence taken from it was suspect. They also said prosecutors failed to make a solid link between the hacks and Seleznev.
The investigation started in 2010 when a deli in Coeur d’Alene, Idaho, was hacked. Over time, agents were able to link the computer viruses used to steal the credit card data to computer servers where the numbers were stored. They then connected those servers to Seleznev through his online nicknames and other sites he frequented.
When he was arrested, agents found 1.7 million stolen credit cards on his laptop, along with the passwords to access those servers, prosecutors said.
Seleznev “left his digital fingerprints all over the crime scene,” Assistant U.S. Attorney Norman Barbosa said during closing arguments Wednesday.