The Washington PostDemocracy Dies in Darkness

The Russian politician’s son who allegedly became one of the world’s most prolific hackers

This one begins in Seattle. It was November 2010 when a police investigation into a wave of credit card fraud that had swept the Capitol Hill neighborhood settled on a popular joint called the Broadway Grill. In the previous year, a hacker pilfered 32,000 credit card numbers from the restaurant’s computers. When the news broke, owner Matthew Walsh couldn’t believe it.

“We are a tiny little company trying to manage this huge monster of a restaurant and for someone to swoop in and try to completely wipe our accounts is a really scary thing,” Walsh said at the time, Capitol Hill Seattle Blog reported. “I am seriously worried about the future of our business.”

He was right to worry. Three years later, it closed. “The effects [of the hacking] were devastating to The Grill, generating massive amounts of negative publicity and drastically reduced revenue at the restaurant,” according to Seattle Gay Scene.

Now the man allegedly behind that hack — and scores of other capers that amounted to a tidy haul of more than $2 million — has been revealed as the 30-year-old son of a member of Russia’s parliament. Billed by the New York Times as one of the world’s most prolific traffickers of stolen financial information, Roman Seleznev’s arrest has not only shined a light into the shadowy world of Russian hacking, but sparked an international flap.

“I am now in negotiations with the Russian Foreign Ministry,” dad Valery Seleznev told ITAR-TASS News Agency. “Kidnapping is a crime. The country must protect its citizens, and Roman should go back to Russia. … This is some monstrous lie and provocation. … In any case, I wish him success, since we all know what American justice actually is.”

Son Seleznev, who went before a Guam court on Monday, is getting more personally acquainted with it. (Guam is a U.S. territory in the western Pacific Ocean.) The Secret Service says between October 2009 and January 2011, he scanned devices for weaknesses and uploaded malware capable of extracting credit card information. According to the indictment, filed in Seattle federal court, he also hit a Schlotzsky’s Deli in Idaho, an Active Network in Maryland, a Day’s Jewelers in Maine, the Latitude Bar and Grill in Manhattan and the Phoenix Zoo.

He’s also accused of lifting and reselling hundreds of thousands of credit card numbers on clandestine Web sites, pocketing more than $2 million.

“This scheme involved multiple network intrusions and data thefts for illicit financial gain,” Julia Pierson, director of the Secret Service, said in a statement. “The adverse impact this individual and other transnational organized criminal groups have on our nation’s financial infrastructure is significant and should not be underestimated.”

What was his alleged methodology? According to the indictment, “Seleznev has used ‘nics’ or online nicknames in his dealings … regarding and promoting the theft and sale of stolen credit card numbers that include: ‘TRACK2,’ ‘nCuX,’ ‘Bulba,’ ‘bandysli64,’ ‘smaus,’ ‘Zagreb,’ and ‘shmak.'”

The Russians are discerning broader geopolitical forces in the arrest, which they say took place in the Maldives, a small, sparsely populated island nation being swallowed by rising seas. The Secret Service, meanwhile, maintains Seleznev was arrested in Guam, according to the New York Times.

Wherever the apprehension went down, the Russian Foreign Ministry let the Maldives have it. “The stance of Maldives’ authorities cannot be but outraging,” an official told ITAR-TASS. “We consider the incident as another one of Washington’s unfriendly steps. It is not the first time that the U.S. has kidnapped a Russian citizen.”