According to the DOJ Press release: "Evidence presented at trial demonstrated that the malware would steal the credit card data from the point-of-sale systems and send it to other servers that Seleznev controlled in Russia, the Ukraine or in McLean, Virginia. Seleznev then bundled the credit card information into groups called “bases” and sold the information on various “carding” websites to buyers who would then use the credit card numbers for fraudulent purchases, according to the trial evidence. Testimony at trial revealed that Seleznev’s scheme caused 3,700 financial institutions more than $169 million in losses."
Sentencing will be held Dec 2, 2016.
Some of the charges to which he was found guilty include five counts of Bank Fraud, eight counts of Intentional Damage to a Protected Computer, eight counts of Obtaining Information from a Protected Computer, one count of "Posession of Fifteen or More Unauthorized Access Devices" (yes, 1.7 million is more than 15!), two counts of Trafficking in Unauthorized Access Devices, and five counts of Aggravated Identity Theft.
Seleznev was indicted in a RICO racketerring case regarding his role in the Carder.su website, where many criminals have already been sentenced. That case, known as "Operation Open Market" focused on Cameron Harrison, aka Kilobit, and 55 co-defendants. The investigation began back in March 2007 when an alert manager of a Whole Foods recognized Justin Todd Moss as someone who had used fake ID to steal from his store. Moss turned out to be "Celtic", a seller of online ids. Secret Service agent Mike Adams assumed Moss's online persona, and began selling counterfeit identifications to several of the people who have now found themselves in prison because of this investigation. WIRED magazine's Kevin Poulsen has a great write-up on that aspect of the case. (See: "The Secret Service Agent Who Collared Cybercrooks By Selling Them Fake IDs")
In total, at least 33 of the 56 indicted criminals have already been sentenced, although several, including at least two of the leaders, are still at large with rewards pending for their arrest. Want to make some money?
Konstantin Lopatin, aka Graf, DOB 09/11/1982, Russian. $1 Million reward:
Roman Olegovich Zolotarev, aka Admin, aka DJ Goren, DOB: 10/20/1985. $2 Million reward
The case was broken down into several trials. Case No: 2:12-CR-004 was specifically focused on the Carder.su activities:
Harrison, aka Kilobit was a 28 year old hacked from Augusta, Georgia, who was sentenced to 115 months in prison for his part in causing $50 Million in online identity theft trouble. When he was arrested he was found to be in possession of 260 compromised credit and debit card numbers. Seleznev possessed 1.7 million cards.
Alexander Kostyukov, aka Temp, aka KLBS, 29, of Miami - sentenced to 9 years on December 9, 2015
Jermaine Smith, aka SirCharlie57, aka Fairbusinessman, 34, of New Jersey - sentenced to 150 months on April 9, 2015
Makyl Haggerty, aka Wave, aka G5, 24, of Oakland, California - sentenced to 100 months on August 22, 2014
Michael Lofton, aka Killit aka Lofeazy, 36, of Las Vegas - sentenced to 24 months May 28, 2014 and 63 months on May 22, 2014 - he committed additional crimes while awaiting sentencing on the first case!
David Ray Camez, aka Bad Man, aka doctorsex, 22 years old - sentenced to 20 years in prison on May 15, 2014.
Case No: 2:12-CR-083 also was concerned with Stolen Identity Refund crimes against the IRS, but all of these were also members of carder.su:
Jason Maclaskey, aka Shinnerbock, aka That Guy, of Spring, Texas - sentenced to 10 years + 3 years supervised release on July 27, 2015. Sentenced at the same time as Jason were Omar and Heather:
Omar Butt, aka Fear, of Brooklyn, New York - sentenced to 40 months on July 27, 2015.
Heather Dale, 25, of Grant Alabama - sentenced to 24 months.
Billy Steffey, aka Oink Oink, aka FredFlintstone, aka Yomamma,
Case No. 2:12-CR-084 included Thomas Lamb, Jonathan Vergnetti, Roger Grodesky, and John Holsheimer.
As more links to sentencing documents are found, we'll update this page. In the meantime, to see which charges were brought against which vendors, please see "Operation Open Market: The Vendors"