Roman Seleznev, son of a Russian politician, handed the longest sentence ever imposed in the US for a cybercrime case.
A federal judge has handed down the longest sentence ever imposed in the US for a cybercrime case to the son of a member of the Russian Parliament convicted of hacking into more than 500 US businesses and stealing millions of credit card numbers, which he then sold on special websites.
Roman Seleznev was sentenced to 27 years in prison on Friday and ordered to pay nearly $170m in restitution to the businesses and banks that were the victims of his scheme.
Seleznev is the son of Valery Seleznev, a Russian Parliament member.
Prior to his sentencing, Roman Seleznev asked US district judge Richard Jones for leniency. He apologised to his victims and said he was remorseful for his crimes, and he urged the judge to consider his medical problems, the result of being wounded in a bombing in Morocco in 2011, in deciding his prison term.
"I plead, pray and beg your honour for mercy," he said.
But Jones told Seleznev that the bombing "was an invitation to right your wrongs and recognise you were given a second chance in life." But instead, Jones said Seleznev "amassed a fortune" at the expense of hundreds of small business.
"You were driven by one goal: greed," Jones said.
After sentencing, Seleznev’s lawyer Igor Litvak read a hand-written statement from his client that said the long sentence was a political prosecution at a time of strained US-Russian relations.
"This decision made by the United States government clearly demonstrates to the entire world that I’m a political prisoner," Seleznev wrote.
"I was kidnapped by the US. Now they want to send a message to the world using me as a pawn. This message that the US is sending today is not the right way to show Vladimir Putin of Russia, or any government in this world how justice works in a democracy."
Seleznev said he is a citizen of the Russian Federation and he said he wanted to send a message to that government: "Please help me. I beg you."
US lawyer Annette Hayes said Seleznev’s statement was "troubling". He told the judge that he accepted responsibility and then sent his lawyer out claiming the case was political, she said.
"He was treated with due process all along the way just as any US citizen would have been," she said.
Seleznev was first indicted in 2011 on 29 felony charges and captured in 2014. US Secret Service agents, with the help of local police, arrested Seleznev in the Maldives as he and his girlfriend arrived at an airport on their way back to Russia.
The agents flew him to Guam, where he made his first court appearance, and then to Seattle, where he was placed in federal custody.
Russian authorities have condemned the arrest of Seleznev as an illegal kidnapping.
The indictment grew to 40 counts in October 2014, and his trial was held last August. A jury found him guilty on 38 charges, including nine counts of hacking and 10 counts of wire fraud.
"This is truly an unprecedented prosecution," Norman Barbosa, deputy US attorney, told the judge before sentencing.
For 15 years, Seleznev broke into the payment systems of hundreds of businesses. He had more than 2.9 million unique credit card numbers in his possession when he was arrested. His thefts resulted in about $170m in business losses.
"That is a staggering amount," Barbosa said. "It exceeds any loss amount this court has ever seen."
Seleznev was "living like a mob boss" and spent money on fast cars, expensive boats and luxury trips around the world, he said.
Prosecutors asked for a 30-year sentence to send a message to hackers around the world.
"Never before has a criminal engaged in computer fraud of this magnitude been identified, captured and convicted by an American jury," prosecutors told the judge in a presentence memo.
Seleznev’s life story
Litvak had urged the judge to consider Seleznev’s life story in his decision.
Seleznev’s parents divorced when he was two years old; his alcoholic mother died when he was 17; he suffered a severe head injury in a bombing in Morocco in 2011; and his wife divorced him while he was in a coma, Litvak told the judge.
Seleznev continues to suffer after-effects from the bombing, including seizures, Litvak said.
To prove his commitment to helping fight cybercrime, Seleznev recently arranged to give the US government four of his laptops and six flash drives, and he has met with officials to discuss hacker activities, Litvak said.
Prosecutors said his offer to help fight hackers came too late.
In another case involving an alleged Russian hacker, the US issued an indictment to Peter Levashov, who goes by several aliases. Levashov is accused of controlling one of the world’s top generators of spam and online extortion, officials said on Friday.
Levashov, 36, from Saint Petersburg, was arrested at Barcelona’s El Prat Airport on April 7 by Spanish authorities acting on a US warrant. The US is now seeking his extradition.
A US federal grand jury returned the eight-count indictment in the northeastern state of Connecticut on Thursday. The charges include fraud, identity theft and conspiracy.
Prosecutors accuse the purported hacker of controlling the Kelihos network of tens of thousands of infected computers, stealing personal data and renting the network out to others to send spam emails by the millions and extort ransoms.
The US Justice Department shut down the botnet on April 10.
Levashov has not been tied to alleged Russian interference in last year’s US presidential election.
But his operation allegedly depended on sending spam emails that allowed hackers to penetrate the computers of the Democratic Party to steal data.
- A tutorial posted online by Roman Seleznev on how to steal credit card data