Life as a Russian superhacker isn’t all it’s cracked up to be. Violent thugs will beat you for your passwords. Your wife will divorce you then talk to the feds. And in the end, one wrong vacation choice can land you in prison for years.
Just ask Roman Seleznev, the 32-year-old son of a prominent member of Russian parliament, and the mastermind of a years-long scheme to hack into restaurant point-of-sale systems and steal customer credit card data worth millions on the black market. In August, a Seattle jury found Seleznev guilty on 38 counts of fraud, identity theft, and computer intrusion for hacks that led to $169 million in losses. Now, with his April 21 sentencing fast approaching, Seleznev has penned an 11-page letter to U.S. District Judge Richard Jones accepting full, if belated, responsibility for his actions.
As expected with such letters, Seleznev’s bid for leniency is respectful, at times soul-searching, and deeply remorseful. Also standard for someone facing decades in prison is a careful inventory of any past adversities and struggles, and here Seleznev’s letter is as poignant and dark as a Russian novel. Though drafted with an obvious purpose, the hacker’s account sheds some light on how the promising son of a Russian politician became a dedicated computer criminal.
ADVERTISEMENT
“I was no trouble to anyone, nor did I make any problems when I was young,” Seleznev writes of his childhood. “I was respectful, polite, and tried hard to do good always.” (Minor grammatical errors in the letter are corrected throughout this article).
As he describes it, Seleznev’s challenges began as an infant in the Russian port city of Vladivostok. His parents divorced when he was 2, and his mother raised him alone and without much money. “We lived very poorly, and it hurt me as a child to see my mother struggle every day,” he writes.
When he was a little older, Seleznev taught himself computers while his mother worked as a cashier in a grocery store. He realized early on that he had a knack for the machines, he writes. “I had great skill at a young age and it was clear to all I can do great things with my life.” He graduated high school at 16 and went on to college, where he studied mathematics and computer science. “I just tried to have a good life for my mom and want to have a father proud for me.”
But his life took a tragic turn when he was 17. His mother suffered from alcohol addiction, and one day Seleznev came home after school to found her in the bath. She’d passed out and drowned to death.
“I panicked and cried so bad for this pain and loss of my mom,” he writes. The next day, according to Seleznev, his uncle came by, not to care for his teenaged nephew, but to take all of his mother’s jewelry. “I never speak with him any more,” Seleznev writes. “I buried my mom.”
As filed on the public docket, Seleznev’s letter doesn’t explain his father’s apparent absence from his trouble-plagued childhood. But portions of the letter discussing Valery Seleznev—an outspoken member of the Russian parliament and a political ally of Vladimir Putin—are redacted, and the uncensored version is being kept under seal on a motion by Roman Seleznev’s defense lawyer. “The redacted substance of this letter is of the sensitive and confidential nature,” wrote attorney Igor Litvak, “and thus, the right of public access is outweighed by the interests of both the public and the parties.”
In any case, with his mother gone the grieving Seleznev was forced to drop out of college to find full-time employment. He took a job at a local computer club, working around the clock for about $5 a day—not enough money to pay even the utility bills on his mother’s apartment, he says. “It seems everyone takes from me that which I do not have.”
Seleznev quit his job began looking online for better opportunities. That’s when he found his calling. In 2001 the Eastern European cyber underground was making some big moves, launching the first “carder forum,” called Carder Planet, to bring the efficiency and organization of eBay or Amazon to the thousands of credit card swindlers and identity thieves scattered around the net. Seleznev doesn’t detail his initiation into this world—he rejected a cooperation agreement early in his case—but evidence at trial established that he was an early member of Carder Planet under the name “nCuX.”
The underground, Seleznev writes, filled a hole in his life. “I was desperate for many things other than money,” he says. “I found a place that accepted me. And at 17, I believed this was like a family, or at least someplace to belong.
“I started to become a hacker, and I hacked computers to find credit cards and other data that I can sell,” Seleznev continues. “Sometimes I find small amounts of credit cards and sell them. This was enough to pay for the food, utility bills, and clothing.” Then in 2007, he hacked a system with a much larger cache of credit card data, and got his first taste of serious money. “I was becoming greedy and out of control,” he writes.
The next year he got married and started a real family. Then one night in 2009, while his wife and daughter were away on a holiday, he experienced a more violent side of Russian cybercrime. A gang of thugs, who evidently knew of Seleznev’s hacking success, entered his home and took him captive. They tortured him overnight, he claims, before leaving at dawn with his laptop, his cash, and all his passwords. “The robbers knew I was doing wrong, so they [believed they’d] never get caught,” he writes. He was left with nothing, though he says he was at peace with his sudden poverty. “I never cared about material objects, as most of my life [me] and my mom had nothing.”
Worried that the assailants would return, he fled with his family to Bali, Indonesia. In his letter, he claims the robbery moved him to give up hacking for a time, but after his efforts to find legitimate employment proved fruitless without a college degree, he returned to the underground.
In the Spring of 2011, violence touched him again. He and his wife Svetlana decided to take a trip to Marrakesh to meet up with Seleznev’s father. Arriving a day early, on April 28, the couple were waiting for a table at a popular tourist café when, according to news accounts, an al Qaeda sympathizer wearing long hair and carrying a guitar walked into the crowded restaurant, ordered a glass of orange juice, drank it and walked out, leaving a bag behind.
The explosion ripped through the building, killing 15 people instantly. Two more died later. Compared to them, Seleznev was lucky, but he sustained massive damage to his skull. At the hospital, his condition was listed as “grave.”
Seleznev’s father arranged a Russian airlift to transport his son and daughter-in-law to a Moscow hospital, where Seleznev says he underwent a series of operations. He remained in a coma for two weeks, and after he awoke it was three months before he could walk, and a full year before he regained the power of speech.
When he was finally discharged after a year-and-a-half, Seleznev’s wife divorced him and moved to the U.S. with their daughter, he says. Seleznev returned to his hacking business, filled now with existential doubt and self-loathing. “My life was terrible and I hated the man I see when I look into a mirror,” he writes. “I asked God why he saved me? Why?”
Across an ocean, the other half of Seleznev’s story was being written by a federal task force. Police and Secret Service agents in Seattle had been investigating Seleznev’s restaurant hacks for years, and were constantly monitoring the underground website where the stolen cards appeared for sale, Bulba.cc. It wasn’t lost on them that the site abruptly stopped selling new cards in late April 2011, at the exact same time that Roman Seleznev, already their prime suspect, was nearly killed in Marrakesh. Later, according to court records, Seleznev’s wife testified about her ex-husband in front of the Seattle grand jury that ultimately indicted him.
Ignorant of all this, Seleznev was feeling more optimistic by July 2014. Photographs later recovered from his electronics show him posing in his sports car and showing off bales of bundled cash. He used some of his hacking money to take his new girlfriend and her daughter for a vacation in the Maldives, not knowing that American officials had been tipped off to the trip. The Maldives has no extradition treaty with the U.S., but police there were persuaded to pick up Seleznev and turn him over to Secret Service agents, who hustled him onto a private jet, then onward to the U.S. Pacific island of Guam. From there he was formally extradited to Seattle.
In his letter, Seleznev blames his lawyers for pushing him to take his case to trial, though the court record casts doubt on that claim. Transcripts of phone calls between him and his father show them discussing plans to delay his trial through various pretexts, hoping to push it beyond the 2016 election, when a Donald Trump administration might be more friendly to Russian hackers.
Now, with no presidential pardon in evidence, Seleznev’s fate will be guided by harsh federal sentencing guidelines that recommend around 25 years in prison for a crime of his scale. The final decision will rest with his judge.
“Please understand that I was a desperate child who grew into a desperate man,” he wrote the court in closing.
“I am alive today and I thank God and the United States of America Government. I was going down a very deadly road.”
