Run, Roman, Run
If you think that the richest people are the happiest ones and can buy everything — this story is just for you. Freedom, health and happiness cannot always be bought for money, as well as devoted friends or lives of loved ones. We often forget about simple, but very important things in the chase of money. Buddhists say that we die every second and our life consists of millions of choices. But it is your life and your choice, live it.
This story is about one very lucky, but very unhappy person, who made many wrong choices that dramatically affected his fate.
Marrakesh
Early in the morning of April 28, 2011, Jemaa el-Fnaa square in the center of Marrakech was teeming with people. In this traditional eastern chaos, local passers-by and tourists scurried between cars, stalls, luxury hotels and street eateries – among whom was Roman Seleznev, a plump guy with a large mole on his cheek, unshawed and slightly swollen face after yesterday’s adventures. Strong fume and lack of jacket also hinted at a funny night. Thus, Roman and his wife were denied to have a breakfast in the restaurant at the luxury hotel where they lived. So, they had to look for another place to eat and do it quick, Roman was in the middle of the fight with the strong hangover, and hangover prevailed, so he needed reinforcement in the form of whiskey shot. They went out to the square and rushed to the nearest decent eatery, located directly opposite the hotel, they had no strength to go further – the ‘tanks’ were burning and Roman wanted to get a drink much more than eat eggs Benedict for breakfast. But, as they got in, for some reason, they were not welcome here either: the waiter replied that he would serve them not earlier than in half an hour. Roman, once again, blamed himself because of sports suit he wore and yesterday’s fume and said stubbornly: ‘We’re stay’. To which the Moroccan waiter puzzlingly replied: ‘Bad idea’.
A sudden strong blast shattered the place in 10 minutes… It was terrorist attack. Total silence ensued a rolling roar, then – chaos and panic. Fire, dust, stones, fragments of bodies and blood.
Shocked, Roman came to his senses for a short time. As it turned out, terrorists left two briefcases with explosives in this cafe and blew them up using a mobile phone. 17 peoples died. Moroccan authorities blamed al-Qaeda for the attack, but the organization never claimed responsibility for it.
Roman’s wife was almost intact, but Seleznev fell into a coma, despite the fact that his father, a State Duma deputy from the Liberal Democratic Party of Russia, evacuated his son on a special medevac jet. Romans father not rely only on medicine; caring parent called the priest, who baptized Roman while he was unconscious, probably in hopes of quick Christian funerals, as even by then father owed Roman huge sum of money and expected to grab more out of Roman’s bank vault. Despite all these efforts, the doctors’ predictions were disappointing. According to them, Seleznev could die in every moment or remain in a ‘vegetable’ state until the end of his days. After such events, Roman’s wife packed up all her belongings and flew to Vladivostok. There she took money applied for US visa, which was approved, and thereafter emigrated for permanent residence to the United States. While Roman was in a coma, he received a letter from King Mohammed VI of Morocco: ‘The people of Morocco were deeply shocked and saddened to learn that you have suffered’, — the letter said.
But Roman was die hard, despite all the bad predictions, Seleznev’s inner persistence prevailed with the Lord’s help. Roman came out of a coma after two weeks. The process of recovery took him about a year; a titanium plate replaced part of his skull after numerous surgeries.
But this incident is not the most surprising twist of his biography, but rather a coincidence or one of those choices that we make every day, every second. Maybe, sometimes you need to look more closely at the signs? Especially when they say to you: ‘Bad idea’ …
nCux (Psycho) from Vladivostok
Seleznev was born in Vladivostok city on July 23, 1984. His parents divorced soon. Little Roman stayed with his mother in a communal apartment of 100 square feets. Later, she bought an apartment from her brother, where a small family of two moved to. Mother worked as a cashier in one of the district grocery stores and drank often. Roman spent most of his childhood either alone or under the care of his grandmother. In the harsh life of Vladivostok in the 2000s, nCux (transliterated russian word ‘Psikh’, means ‘Psycho’ – hereinafter be referred to as ‘Psycho’ – added by N.) – in such a manner his friends called him for his stubborn and explosive personality. He tried everything from sniffing glue to alcohol and drugs.
One day, in 2000, when Roman returned home, he discovered that his mother had drowned in the bath. On the same day, her brother came to the apartment, took away all the valuables and ordered the sixteen-year-old Seleznev to vacate the living space. The teenager went to live with his grandmother and got a job in a computer club, where he received 200 (about $5 back then) rubles per day. Later, Roman wrote in his letter to the US government, that his grandmother was his only true parent and loved one.
Just imagine that this very guy will steal his first million in a few years.
Roman had to make a lot of efforts for this to happen and his persistence prevailed despite all the hardships. He finished high school soon, made progress in mathematics, computer sciences and was even able to learn rudimentary English. Probably, due to the desire to survive, children’s idols of Psycho were Teenage Mutant Ninja Turtles. Pizza at that time was also a luxurious delicacy for a simple guy from Vladivostok.
Computer club where Seleznev worked had an internet connection; as well as his home PC. To buy it he stashed money by eating low-quality food for months. He also bought a modem and had a connection to FidoNet. Roman was interested not only in browsing and gaming, but also in ways to make money somehow. And he found it on carderplanet and carder.org forums. He quickly found his own kind there and rewrote his street name in a hacker way. And over the time, the long nCux in maHke (transliterated version of ‘Psycho in tank’ – added by N.) turned into a short nCux (Psycho).
Roman met his first accomplice with the awkward nickname Eadle on the forums. Either ‘eagle’, or ‘delayed’(which, can be understood, as “retarded” in Russian), was one of the first, who mass scanned RDP servers for simple or standard passwords or it’s total absence. It should be noted, that both Windows 2000 and Windows Server left the administrator account password blank by default and required additional steps to change it. All Eadle had to do was to write a scanner that works over the RDP protocol. At that time, not so many people had figured out the trick, so the catch was so immense, that it was totally impossible to process everything manually. A keylogger was installed on infected machines in most cases.
One day, Eadle found an account of American system Accurint on one of the infected computers, which belonged to LexisNexis corporation. The system was intended for personnel of US Internal Affairs entities, lawyers, law enforcement and licensed private investigators. It provided access to personal information of US citizens. Psycho quickly realized, that such information could be ‘useful’
not only for the police, but also for the carders. Thus, the stolen credit cards enriched with such an information were way more expensive on the black market. Such a “package” could contain almost everything that could be found about a person – social number, communal and bank bills and even, after some additional research (using ancestry research website, ridiculously also paid by stolen credit cards), mother’s maiden name. This way it was possible to get access to the victim’s bank account and understand exactly what kind of budget a victim had or even transfer funds. Soon, Psycho negotiated a deal with Eadle, made a deposit to the forum fund and became the “official” seller of carderplanet.
There were also a credit cards in addition to various records, which were enriched with data from AccurInt and sold as ‘fulki’ – ‘full info’ in English. Time passed and Seleznev had earned a reputation as a reliable seller; so, he began to earn decent money. Now he was able to rent a cozy apartment near the center of Vladivostok for himself and even bought an old ‘right-handed’ Toyota Mark II. But he wanted more… And BadB was already appearing on the horizon.
At the time they meet online, Vladislav Horohorin had already expelled from carderplanet and proved himself to be a cad, who did not always keep his word. But due to non-trivial solutions for finding credit cards in hacked credit card processing companies, and strong connections with other hackers, he was the top dog in the stolen card business. BadB was the most famous seller of stolen data after Script and Roman decided to turn to him. The questions were: how to automate the process of searching for credit cards, but the main thing is how to find ‘dumps’ – information from credit card’s magnetic stripe.
Horohorin wrote a simple program that searched for information not only on the local computer, but also went through neighboring network resources and searched for credit cards and ‘dumps’. The result did not take long: there were no more than 10,000 numbers in the ‘leaked’ dump database, but all of them belonged to clients of a luxurious Swiss hotel. Even the most ordinary cards from this base easily allowed to make purchases for several thousand of dollars. The average price of a ‘dump’ was $50 at that time. The math was simple: 10,000 x $50 = $500,000 – maybe, a little bit less. Psycho received only $60,000 for the first part of the base from BadB. Further, Roman delved into the question and understood how greedy Horohorin was. So, he offered to split the profit evenly. The dumps from this database had the effect of an nuclear explosion at the market: everything worked for thousands of dollars without a fail – ‘America’ in ‘Europe’, ‘Europe’ in ‘America’. Some cards ‘passed’ tens of thousands of euros and beat all the records. Moreover, BadB invented a way how to use chip cards, which began to appear in Europe – even in terminals that required a chip. The smart card was burned with high voltage and terminals allowed to magnetic stripe use.
But Roman did not work alone; there was also Eadle, with whom he had to share and Seleznev did it honestly. The demands had also grown: 2 room apartment on Vtoraya Rechka (translated as ‘Second River’ – district in Vladivostok city – added by N.) was quite small and old Japanese car was too slow.
And there were friends. Those friends who supported Roman in the most difficult moments of his life. They were like the brotherhood of Ninja Turtles – fought for him in school; the same friends with whom he spent all his childhood. At this very moment they did not managed to get into university and tried to find at least some job. Yes, the very ones that Roman completely forgot about. And now he had to remember them.
Bigbucks
Psycho decided: ‘Fuck this fat lying cunt’. And he stopped working with BadB. Roman had no interest in deals with Horohorin, because now he had own “click” to care about.
Seleznev launched his own service with 24/7 support. Guys rented an apartment in the center and were on duty in ICQ messenger by shifts. Nobody provided such a level of service at that time.
Many people had to deal with BadB only because there was no alternative. But with the appearance of polite and good-natured ‘online ninjas’, many carders immediately turned to them. Moreover, the service worked 24/7.
Once, a doorbell of a rented apartment rang: ‘Open the door – it’s a plumber – you are drowning the neighbors’. The one, who was ‘on shift’, opened the door, but immediately regretted it by receiving a strong blow in the face. Three men in masks burst into the apartment with rifles and shouted: ‘Lie, the fuck, down, face to the floor! I’ll kick all the shit outta you!’ The robbers not only took all the cash, holding the hostages, but also sent one of Seleznev’s employees to bring the money that were stashed at the carders’ house. They knew very well that there will be no police, after all, Seleznev’s business was illegal and police – corrupt. Calling the police might’ve caused even more problems than dealing with the gangsters.
As it turned out later, friends of Roman’s ex-girlfriend were behind the robbery – in such a way she decided to receive compensation for their break-up. Guys moved under the reliable surveillance of video cameras to the Hyundai Hotel after that robbery incident. They rented a luxurious office in the center of city.
They worked with BadB no more, but continued to communicate with him in order to get some specific information or just to eliminate the competition; the guys often drank and partied with Horohorin in three shifts. So, while BadB was in a alcoholic coma, his service was down, while one of the Seleznev’s guys was always online. It also came to quite eccentric cases with rock-star style total destruction of presidential suites, where George Bush resided once, gang-bang top Moscow prostitutes parties, and drunken losses of $ 60,000 in casinos and Forex club. At last, BadB, being a loner, counted on friendship, and Seleznev just made money with his company. C’est la vie.
Models of everything (including software for sorting of stolen card databases) were copied from Horohorin. The drunken proposals of BadB, which he might not remember in the morning, guys made a reality. So, during one a such carder feasts, BadB suggested to develop a complex software that would be loaded through vulnerabilities in browser, would find cards in attacked networks and could infect computers adjacent to the network. But Seleznev did not want to perform difficult schemes; a regular .bat file was written. In the best Soviet traditions, it was simple as a sickle and affective as a hammer. By means of net map command it identified computers on the network and searched for the contents of computers by standard windows tools, all this turned into an executable file using bat2exe utility. The most amazing thing is that even this solution worked. For every 10,000 ‘installs’, that is infections, one card database was discovered.
Psycho quickly realized that the hottest targets were POS terminals. None of his team had the slightest idea about programming, so coders were hired. Meanwhile, the ideas were boldly borrowed from BadB. Eadle also continued to work, bruteforcing simple passwords for VNC and RDP payment terminals. More sophisticated software was developed later, it searched not only for plain text, but could also intercept traffic or information exchange between the reader and the host. Seleznev bought ‘installs’, infected systems and copied all card transactions automatically through vulnerabilities in
browser. The scheme worked. By 2009, Seleznev had become one of the most successful sellers of stolen cards in the world. Roman was a respected person even on closed carder forums, despite the fact that he had neither hacking nor programming skills. In most cases, his goals were small eateries in Washington DC and other US cities. The materials of the criminal case mentioned several pizzerias, street foods with burritos, bakeries (about 3,700 enterprises in all over the years). Seleznev chose small businesses because of poor security: such enterprises do not have their own cyber defense departments and usually use bad passwords.
At that time, the discussion of ‘unlimited’ cashouts just began in private forums. The essence of attack was to hack the processing of card issuing institution. Limits were removed on these cards; the cards themselves were transferred to ‘drops’ who went to ATMs and withdrew money until the payment system operators noticed something was wrong and turned off the processing entirely. Methods of HSM attacking in order to extract PIN codes were also discussed and developed.
‘Unlimited cashouts’ occurred frequently. Faces of guys became familiar near the ATMs in Vladivostok very quickly and they had to travel to other cities to cash out: to Moscow or even to Khabarovsk. At some time the drunken gang of Seleznev and his accomplices went right into closed bank’s office and pissed all over the place and defecated into waste bin during the cash-out, despite CCTV surveillance. Bank took it as personal insult, and start to chase the gang all over Vladivostok.
Several successful methods of HSM attacking had been developed in carder community. Even if the attacks failed, you could always find the right person in the right country: the carders were everywhere. Neither Seleznev nor his team had the slightest idea how to make such attacks. But why? Hacks were made by such virtuosos as Drinkman brothers, Scorpo and M1cron. Or Pleshchuk and Tsurikov, Gucci and Liqud or Yakubets, the Aqua, they all were in touch with Seleznev. nCux and his team were content with the role of cashiers. They also distributed cash cards to trusted customers. Incomes skyrocketed and guys had to buy a cash-counting machine, because counting cash manually took a lot of time, which they already learned to use properly.
Cybernetics, automation, Bulba and rebranding
But BadB did not sit idle. The idea of creating an automatic shop for stolen credit cards had been in minds of carders for a long time. But no one believed that such a store would ‘stand’ under the onslaught of special services and carders-competitors. Nevertheless, BadB turned the dream into reality. In early 2008, Horohorin presented the first fully automated shop for stolen credit cards. It looked almost like Amazon: you could search by category and choose between card brands or different financial institutions. The US authorities claim that Horohorin ‘reflashed’ the carding market: earlier, stolen cards appeared on separate branches of forums; now, the process of stolen data exchange has been optimized and automated.
In the first version of the store, account replenishment was carried out by Webmoney, Liberty Reserve and semi-automatically through Western Union system. Horohorin approached the case with all seriousness and used in the store such emerging technologies as browser fingerprinting and supercookies. Store itself was well protected by renting whole segment of IP addresses segment in Panama, while servers physically were located in Moscow. In additions, in the case of DDoS attack, IP’s were switched in automatic mode, all this years before Cloudflare or Silk Road. Merchants uploaded cards and controlled sales in a fully automatic mode. Most carders appreciated the convenience and began to use the service actively. Some believe, that in the following years automated drug markets borrowed some of those ideas.
The glory of BadB haunted Psycho, and despite the fact, that Horohorin offered to resume cooperation many times, Seleznev went his own way. Roman deleted his former pseudonym in secret and hired a programmer who developed an automatic store similar to the BadB service. BadB’s monopoly didn’t last long, in 2009 Seleznev opened a similar service under new nicknames – Track2 and Bulba. BadB reacted immediately and furiously, especially when Seleznev’s new platform completely bought out advertising on the main carding platform of that time – carder.su forum.
Roman bribed a forum administration and took away completely all rights to advertise a sale of credit card dumps. Horohorin’s fury knew no bounds. A powerful DDoS attack immediately ensued and defuncted new track2 service. Horohorin, familiar with Webmoney service operators, also managed to lock down purses used to receive payemnts for stolen cards. Powerful DDoS and death threats through all kinds of most exotic executions followed the service all time.
BadB had no idea that his new competitor was one of the few people he considered as his friend. Ukrainian with Jewish roots was not very good at making friends, but did not lose hope to do so. The total terror from BadB side ended only when Roman accidentally got into the same bulletproof hosting operator that hosted BadB’s own infrastructure. Attacking Seleznev’s service, BadB every time actually cut the branch on which he sat himself. He also failed to bribe a hosting operator, who benefited from such a competition. The ‘platform war’ continued until the arrest of BadB in August 2010, after which Seleznev actually remained a monopolist.
But he managed to reach the level of Horohorin much later – after the terrorist attack, Roman changed his nickname to 2pac again and the site was called 2pack.cc. He positioned his resource as a platform for the best sellers of stolen data in the world, promised round-the-clock customer support and updating of the range of bank cards on a daily basis. Seleznev not only sold goods from his own sources, he was approached by hackers from all over the world who hacked Home Depot Neiman and Marcus Target. In turn, Seleznev, honestly shared and gave the best prices for their product.
Run, Roma, run!
This is how this chapter should begin…but sentiments aside. The United States Secret Service (USSS) had been monitoring the activities of Seleznev and his accomplices since 2002. On May 19, 2009, agents of FBI and US Secret Service met with representatives of FSB in Moscow after the arrest of Sergei Tsurikov in Estonia – the first detainee among the participants in RBS WorldPay hacking case. The subject of the conversation were residents of the Russian Federation who participated in hacking and cashing out of RBS, but did not travel abroad. During the exchange of information, US intelligence agents provided evidence that behind the nickname nCux is a resident of Vladivostok in a person of Roman Seleznev, who cashed himself and through his ‘drops’ about a million US dollars during the attack on RBS and shared the income with organizers of the attack.
A curious thing is that Evgenii Anikin and Viktor Pleshchuk, citizens of the Russian Federation, who were directly involved in RBS hack, ‘got off’ with a suspended sentence in 2010-2011. Although, Anikin spent a year in a pre-trial detention center in the Russian Federation. Moldovan resident in a person of Oleg Covelin, who initially gained access to the internal network of the financial institution and was also mentioned in US RBS indictment, was detained in 2016 during an international operation against the Cobalt/Carbanak group.
In June 2009, a month after the meeting between American intelligence services and FSB, Psycho announced on one of the carder forums that he was leaving the business, after which his profiles on
the forums were blocked. Interesting fact – the US criminal case indicates that it was FSB who whispered to Seleznev an information that American authorities are interested in him. As follows from investigation records, the correspondence of the carder confirms his connection with the FSB. For example, Seleznev wrote about this to Horohorin and claimed that he had a ‘roof’ from the Russian special services. Most likely, there was no protection. But there was a father with serious connections, who recently appeared in son’s life.
There is a bad luck island in the ocean…
Seleznev earned quite well. Through one of the money transfer services he cashed out about $18 million. His exact earnings are unknown, but they are in the tens of millions of dollars: carder received money through bitcoins, WebMoney and other electronic currencies. He took money in bags from Moscow to Vladivostok regularly, bought two houses in Bali, flew by plane to the islands in Indian Ocean. He photographed wads of money and expensive cars often.
Realizing that he could be tracked by US intelligence agencies, Seleznev traveled carefully. He chose countries that did not have an extradition treaty with the United States and bought tickets only at the last moment, making it difficult for the special services to track his movement. In July 2014, he traveled to the Maldives, where he rented a villa for $1,400 per night. ‘I took the most expensive villa for myself, I have my own servants’, – he wrote to one of the accomplices. After learning that Seleznev was in the Maldives, the US Security Service agents asked the US State Department to use its connections with local authorities. A head of country’s police agreed to detain the hacker after negotiations despite the absence of an extradition treaty. Then, three US special agents flew to the Maldives; they tracked the movements of Seleznev together with the police. Roman was detained on the way to the airport, from where he was supposed to fly to Moscow.
Carder was forced into a private jet and brought to the American military base in Guam within 12 hours. According to the criminal case, Seleznev had a laptop with the data of 1.7 million stolen credit card numbers, as well as passwords for accessing to servers, email accounts and financial transfers. A password for the laptop was simple – ‘Ochko123’ (meaning asshole123). There was no encryption at all.
In Guam, Seleznev appeared before a judge who confirmed the legality (in the legal field of the United States) of the arrest and further transportation of the carder to Seattle, where he was charged and sent to SeaTac federal prison with a refusal to be released on bail. The indictment, which has been pending for Roman since March 2011, included 40 counts of computer fraud, hacking, wire fraud and identity thieft. A long term of up to 38 years in prison was already on the horizon.
The arrest of nCux on American warrant was considered illegal in Moscow, and parliamentarian Valerii Seleznev claimed the arrest of his son was a kidnapping and turned to the Russian Foreign Ministry for help, where he was supported by a corresponding statement. ‘We regard what happened as another unfriendly step by Washington’, – the statement said. ‘This is not the first time that the American side ignores the 1999 bilateral Treaty on Mutual Legal Assistance in Criminal Matters and goes for the actual kidnap of a Russian citizen.’
How it was
Americans began to track the nickname nCux (Psycho) since 2002, from the very time when Roman just was starting to sell ‘full info’ on carderplanet. In May 2010, USSS special agent David Dunn took part in an Idaho-based operation in Coeur d’Alene, which was carried out at Schlotzsky’s Deli,
a well-known fast food chain over the leakage of visitors’ credit card data. He inspected a computer equipment there and found that Schlotzsky’s Deli computer was connected to a Russian IP address. David took note of this fact; many stolen credit cards surfaced on the network a few weeks later, which were traced to the place of a data breach – and this point turned out to be the computer of Schlotzsky’s Deli restaurant.
A citizen of the US, suspected of installing a malware on Schlotzsky’s chain, was arrested in connection with the leak. Detective Dunn examined the suspect’s confiscated computer and found that the guy was browsing two websites: Track2.name and Bulba.cc and chatting with a man named Track2. Further verification showed that the carder, nicknamed as Track2, has its own online shop for stolen cards and it is advertised on carder.su forum. However, it turned out that a store site, Track2.tv, was under DDoS attack, but another site – bulba.cc – was working.
The detective began to explore these sites to find out who was hiding under the aforementioned nicknames. He determined the e-mail box from which the registration took place after examining the information about the domain. Later he found other mailboxes located in the US, which were also associated with these accounts.
Eastern Virginia supported the investigation of this case with the CIS, and they began to collect warrants for information and evidence in October 2010. Detective Dunn knew, that it would take some time.
And while he was waiting for a warrant, a second hacking took place in October 21, 2010 – this time in one of the oldest Broadway Grill restaurants on Capitol Hill in Washington.
Dunn arrived in Washington and began to study the point-of-sale computers together with a local detective. They found that the servers, that stored the data of 32 thousand bank cards in the form of plain text files were very poorly protected. Information from these computers was leaked to the same IP address that was used on the computers of the Schlotzsky’s Deli restaurant in Idaho.
Detective Dunn realized that he had the opportunity to investigate the crime at home, so he had no need to travel to Virginia or Idaho and could file a case here – in western Washington.
Then the case started to get ridiculous. American services found out who was behind carding sites within the period from November 2010 to February 2011. Detective Dunn identified the Yahoo mailboxes that led to HopOne server, from where the stolen card data was forwarded to a server in Russia.
Dunn found out who owned HopOne server. He pentested the Yahoo server in order to monitor incoming and outgoing connections. He was unable to access the contents of the server at this stage, but he was able to establish the IP addresses of incoming and outgoing connections, the numbers of some ports and the amount of transferred data. He saw that this server was connected to hundreds of computers throughout the United States and many of them were installed in cafes and restaurants.
The detective discovered many hacking tools on HopOne server, which allowed to recreate the scheme of Seleznev and his team. They performed a port scan on the victims’ servers for open RDP connections. Hackers tried to break into these servers with the help of brute-force passwords. Hacked data was uploaded then to the attackers’ servers under nicknames Shmak/ Smaus with an IP address of 188.120.255.66, HopOne server with an IP of 66.36.240.69, and a Ukrainian server with an IP of 188.95.159.20. From there, the data was sent to the websites of carders – sellers under the nicknames Track2 and Bulba, which belonged to Seleznev. But this detective could only guess and look for
evidence against the Russian hacker.
Yahoo mailbox that was used to register the server for Shmak, Smaus, Track2 and Bulba was also connected to HopOne server. In addition to the above, detectives found almost 400,000 credit card numbers on HopOne. Credit card data was sorted by the IP addresses from which it was transferred. It made possible identify all the victims and collect more evidence quickly.
Gradually, the hacking chain began to reveal. And email addresses pointed to Seleznev. He used one of the Yahoo mail service addresses that received various notifications. In the mailbox [email protected], detectives found a letter about the successful registration of Roman Seleznev in PayPal payment system on September 19, 2009. It was a real fiasco. Beginning of the End.
This fact was one of the strongest evidence against Roman – in addition to the information that BadB, who was arrested earlier, already became an informant. Seleznev did not even think that user registration data was carefully stored by US payment systems in full.
And it was not just a rule, but a requirement. The data that he indicated, included his address of registration in Vladivostok, which later served to identify his personality during the arrest.
Another account [email protected] that detectives discovered was used by Roman many years ago in 2006. This e-mail box helped to set Seleznev’s connection with his first nickname nCux (Psycho). The Americans had gained access to the contents of the address and even traced how Seleznev, aka nCux, courted his wife and ordered flowers for her. The detectives found a postcard with the words: ‘You are the most beautiful, but Eva is more beautiful than you!’
Eva is the name of his daughter, which was also entered in the passport, and served as another proof of identification during the arrest. His order in online store with delivery to his home address in Vladivostok also was in this e-mail box.
After all, the most significant piece of evidence was found on HopOne’s server, where he and his accomplices kept their hacking tools. Seleznev saved to this server information about booking airline tickets for Indonesia-Singapore flight; his personal data and the number of a foreign Russian passport were also indicated in the booking form. The coincidence of the data of this order with the data of the passport served as another evidence during his arrest. It was possible to make such a ridiculous mistake in two cases. Either he was not himself, or he wanted to go to jail. There is no third option. But what’s done is done.
The Secret Service put all this evidence together. But even after that, the agents continued to look for Seleznev’s involvement in other cybercrimes. All carders are related somehow to each other. And if you remember, the investigation began from CarderPlanet carding community.
A certain Mr. Carranza associated with the forum was one of the detainees back in 2003. Correspondence between him and nCux111 was found on his computer, who provided his real data – first name, last name, home address in Vladivostok, two emails, among which was [email protected]. Carranza used this information to a plea bargain.
Detective Dunn and a representative of the prosecutor’s office had collected all this evidence and turned to the jury in 2011. They received an indictment that charged Roman Seleznev, known by 9 hacker nicknames, with committing computer crimes, fraud with bank cards and funds’ usage to hack traffic.
Michael Adams, another agent, during special undercover operation, sold “fake” US drive licenses. Those driver licenses were made in the very same office, where original ones were made. Of course, his service received best reviews for quality and speed. As a compliment Adams, as forum’s seller offered as a compliment free driver license to every prolific vendor on the market. nCux was one of them. Once again name of of Roman Seleznev was confirmed and photo obtained. After all, during Adams operation more than 100 felons were identified and captured.
Where Dreams May Come
This guy had a difficult childhood. Difficult adolescence. Luxurious youth. What kind of old age awaits for him? Probably, you’ve already understood everything. Roman Seleznev evokes conflicting emotions. You can hate him, you can admire his tenacity or you can taunt the mistakes he made. But it cannot be denied, that all the events in his life are connected with each other. And it is a question – what exactly you would have done in his place.
And there were people in Roman’s life who somehow influenced him; the people he trusted. He saw his father several times throughout his childhood. The boy was not needed by his dad, who was building his political career in the capital of Russia. But as soon as the carder had the first million, father Valerii Seleznev appeared in his life. They often met in Moscow, where Psycho periodically ‘had’ to fly in order to ‘сash out’ profits.
Almost all serious cyber сrooks remember Webmoney ‘depositories’ – first on Pyatnitskaya st., then on Sadovnicheskaya Embankment and Ordzhonikidze st. (locations in Moscow city – added by N.) Carders, such as Seleznev, took out bags full of money from these semi-basements. Roman was not the exception. Valerii contacted his son during one of a such visits and offered to meet him at his office in hotel Ukraine, where an amazing family reunion took place. After that, Roma visited his ancestor, who led him in the right path and suggested to invest in ‘long-term construction’ in Vladivostok. Roman periodically supplied his father with money – the exact amount is unknown, but parental debts ended up in millions. Once nCux was arrested, Seleznev Sr. opened a bank vault in one of banks in Vladivostok and took out several millions, that were stashed there. The fate of real estate in Bali is unknown to this day.
After the arrest of the son father initiated furious international activity: paying lawyers hundreds thousands of dollars, bribing Russian Foreign Ministry officials, expressing official protests.
It is difficult to assume, what kind of specific information Valerii Seleznev had, but his advice often seemed surreal, unless Seleznev Sr. did not want Roman to be released. In accordance with the cases of Yaroshenko and But, it was difficult to expect that the United States would behave with Seleznev in other way. Americans had 100% proof of Seleznev’s guilt. And even if in the defense case that the laptop with stolen information was planted to Seleznev, there were still Tsurikov and Horohorin. Both were closely acquainted with Psycho and his activities and they cooperated with US Government. Even the best lawyers in the world could not help. Only Roman was able help himself: make a deal with the government and admit his own guilt. This was the only way to soften the indictment.
But Roman’s father continued to assure him that there were some options like ‘Uncle Andrew’s’, a political solution to the issue and ‘international situation improvement’, all right over the prison phone. It was the play on a hand of the Americans, who insisted on the corruption of Russian politics, thereby worsened his son’s conditions of detention and relations with the US Government. Even a
fool understood that the conversation would be recorded, listened to and analyzed. There were real consequences. The case really took became political, And Roman was sent to solitary confinement. The last hopes for cooperation were lost, the Americans were furious. The situation looked doubly stupid since Seleznev already started to cooperate and told a lot, then stopped it, stalled for time, changed lawyers, turned to options for ‘Uncle Andrei’. All this under the leadership of Valerii Seleznev.
Roman initially refused to cooperate during his imprisonment, but then changed his mind and repeatedly offered his services and tried to provide valuable information. He managed to get a meeting with special agents, during which he revealed the names of many participants of carding forums from 2005 to 2014 to the authorities. But the Secret Service refused to cooperate because most of this information was already known. In addition, Roman made some statements that were false and nullified the value of cooperation.
The ‘Uncle Andrei’ scenario worked very well – it infuriated not only the agents, but also the judge. The defense filed a notice to withdraw from the case due to disagreements with the client before the hearings. The meeting was postponed from May 2015 to November 2015. The case postponement resulted in additional costs due to the fact that the witnesses in the case had already flown to the Seattle court from Sri Lanka, Honolulu and Chicago.
Seleznev wrote a handwritten letter to the court before the verdict, in which he briefly recounted his biography, mentioned about a difficult childhood and how he tried to earn money and set his foot on a slippery slope of carding.
‘I tried to find a job on the Internet and things started to go downhill. I chose the wrong path’.
But it was already too late. Just like before the terrorist attack in Marrakesh, when they told him: ‘It’s a bad idea’. But he had already made his choice and there was no turning back.
THE END
Seleznev was sentenced in April 2017, when the story of the alleged interference of Russian hackers in the US presidential election was on everyone’s mind for several months. He was given 27 years – the longest sentence given to a cybercriminal in the US ever. ‘I am a political prisoner. I am a tool for the US government’, – Seleznev said after the verdict. ‘They want to send a signal to the whole world using me as a pawn. Given my head injury, today’s sentence could be considered a death sentence’.
His father called the decision ‘the verdict of cannibals’. In September 2017, Seleznev pleaded guilty to two more cases – in which the losses amounted to about $52 million.
P.S. If you are faced with a choice right now, think carefully and look around. Universe, God or matrix, or someone whom you believe in – they will definitely give you a sign. And no matter, what past you have behind you – your future is in your hands.
P.P.S. Now Roman Seleznev is in a specialized medical prison in North Carolina – FCI Butner Medium. He is in his cell all day round due to the epidemiological situation. He hopes for a pardon from Trump, or at least for the opportinuty that he will be allowed to live under guard outside of prison during the epidemic. His chances to survive are not great while being locked up. Current release date: 07/06/2037. If you want to cheer up a guy, write letters to him:
ROMAN SELEZNEV
Register Number: 04385-093
FCI Butner Medium II
P.O. BOX 1500
BUTNER, NC 27509
UNITED STATES OF AMERICA
P.P.P.S: Comments by Svetlana Smulskaya, Roman’s ex-wife:
Vlad, don’t write of that which you don’t know! By the way, I saved Roman’s life in Morocco and carried him after resuscitation! I washed him and cleaned up after him when he could hardly walk and after discharge I went with him to all the doctors! And it was my duty as a wife, which I performed! And the fact that Roma beat me when he recovered in front of Eva, he didn’t mention in the correspondence, no?! And when he beat me, I didn’t even fight back because I was afraid that I would accidentally hit the parts of the head, where were removed part of the skull. So, I endured.
Did’t you know, that he cheated on me when he flew to Moscow for months to see his one-armed dad?! Didn’t he say that he and Anton robbed my apartment and took everything out?! I didn’t run away, but left after the OFFICIAL divorce and division of property! I’m tired of threats that if I don’t give the child to him, then he will stuff me with drugs and hand me over to the hospital by means of money and connections and take Eva away. Is it fine?! I don’t think so.
I’ll tell you, if you don’t know … the property (two houses and 4 hotel rooms) in Bali – everything went to Roma. It was originally issued to me, but I gave a power of attorney and he re-registered everything for himself or his father in the process of divorce – I don’t remember exactly.
I understand that accusing women of villainy and commercialism is a trend, but what you wrote about me is a lie. It was hard to read. A coin always has two sides. And, hey, couldn’t you have chosen a better photo?! I look a fright on it: drunk and angry, ‘cause Roman pulled your beanpole for boobs in front of my eyes!
