In April of 2017, Roman Seleznev was sentenced by a federal court in the United States to an unprecedented 27 years in prison. In November, later that year, Seleznev was sentenced to an additional 14 years that would run concurrently with his initial sentence. The crime? Computer hacking. This was and is an unprecedented prison sentence for a hacker in the United States; no other criminal hacker has ever received a sentence nearly as long. The opinions as to why differ depending on who you ask. However, what makes Seleznev unique isn’t only his hacking abilities or his extraordinarily long sentence. His case is extremely peculiar as it is very political in nature, and ended up setting two world powers squarely against one another.

Seleznev was born in Russia in 1984 to a powerful family. His father is Valery Seleznev, a member of the Russian Duma, their lower house of parliament. He’s a politician who wields considerable influence and is renowned for his animosity towards the United States. Roman began his hacking career as early as 2003, at the age of 19. Utilizing a piece of software an acquaintance had developed, Seleznev was able to scan the internet for remote desktop protocol open ports which weren’t password protected. Seleznev used this technology to access financial and credit card data, selling them on credit card fraud sites. This proved to be the beginning to a promising career.

As time went on, Seleznev developed more sophisticated software and hacked the credit card information of countless individuals over several years. During this time, Seleznev operated under the screen name of “nCux,” the Russian word for psycho. This illegal activity continued up until 2009, when United States intelligence agencies successfully identified him as nCux. Hoping to extradite Seleznev to the United States for sentencing, the United States Secret Service (USSS) set up a meeting with the Russian Federal Security Service (FSB). During this meeting, in June of 2009, they shared the results of their investigation, and their belief of Seleznev’s online identity. However, their mistake was in failing to account for his family’s influence. The FSB failed to act, and shortly after this meeting all traces of nCux vanished online, as Seleznev apparently deleted his account.

Yet, as he was apparently unwilling to retire entirely, Seleznev quickly re-emerged on the internet under the new screen name of “Track2.” Under this name he became involved with a large, illegal organization known as “Carder.su.” This organization was responsible for hacking, trafficking and selling credit card information and counterfeit identities. Within Carder.su Seleznev made a name for himself, as he peddled a significantly high quantity of illegally obtained information. Around this time, he also worked with other hackers to break into an American finance company’s computer systems, access millions of credit card numbers, and use them to withdraw close to 10 million dollars. And these are just the criminal activities that are publicly known.

In 2014, Seleznev took a vacation to the Kanifushi resort in the Maldives with his family. The U.S. authorities, who had been closely tracking him, saw this as their chance to take action. The location was deliberately chosen; the Maldives were typically seen as a safe place to travel for Russian cybercriminals. However, it was clear that the United States was extremely eager to finally catch Seleznev. With no extradition treaty in place between the two countries, the governments negotiated directly with one another. In little time, the notorious hacker was handed over by the Maldives government to the United States Secret Service.

Russia was furious over this turn of events. They lashed out at the United States and accused them of “kidnapping” a Russian citizen unlawfully. They lashed out at the Maldives which they accused of breaking international law by handing Seleznev over. They argued that international law dictated that the United States was required to warn the Russian government in advance. Yet, the United State’s patience with Russia had clearly worn thin since the events of 2009. They weren’t planning on giving up Seleznev, especially considering the strong case they had. When arrested, Seleznev was caught with a laptop that contained 1.7 million credit card numbers, making it hard for him to form any sort of comprehensive defense. When he was put on trial he was found guilty of 38 counts of computer crimes, which costed businesses a combined 169 million dollars. As if his situation couldn’t get any worse, later that year Seleznev was also found guilty of one count of racketeering and one count of conspiracy to commit bank fraud due to his involvement in the Carder.su organization. The combined damages amounted to close to 60 million dollars. An additional 14 years were given to him, to run concurrently with his initial sentence.

To this day, Seleznov and his lawyers are actively appealing his conviction, claiming (along with Russia) that he was extradited to the United States illegally. Despite their protests, the most recent appeal, in April of this past year, was rejected. Seleznev’s case brings up several questions regarding international law. Who was to blame in this case? Were both countries at fault in their own way? How open to interpretation is international law? Additionally, Seleznov’s exorbitant prison sentence brings its own slew of questions. The United States claim the extreme sentence was to make an example of an infamous hacker who lavished in luxury his entire life. They say it is more than fair given the financial damages incurred. However, many question whether his sentencing had a political slant as well. No other convicted computer hacker has had a sentence of nearly that length. Is it possible that his presence in a politically influential family, which protected him when he resided within Russia, lead to more severe sentencing in the United States? The ethics of the sentencing depend entirely on one’s own perspective.

By Daniel O’Rourke

References

O’Neill, P. (2017). Famed Russian Hacker Gets 14 Years in Prison for 50 Million Dollar Cyberfraud Ring. Cyberscoop. [online]. 

Available at https://www.cyberscoop.com/roman-seleznev-sentence-cyberfraud-ring/
United States Department of Justice. (2017) [online]. Available at https://www.justice.gov/opa/pr/russian-cyber-criminal-sentenced-14-years-prison-role-organized-cybercrime-ring-responsible