Accused Russian Hacker on Tropical Holiday Nabbed by U.S. Agents

Roman Seleznev poses with his yellow Dodge Challenger SR automobile in front of the Kremlin, in Moscow, Russia, in this undated handout photo taken from his mobile phone and used in U.S. government court documents, and released to the media on March 10, 2015.

Source: Department of Justice via Bloomberg

For more than a decade, the U.S. Secret Service hunted Roman Seleznev, a computer wizard suspected of being one of the world’s most prolific traffickers in stolen credit cards.

But agents had a problem: Despite three separate federal hacking-related indictments against the 30-year-old son of a prominent Russian lawmaker, Seleznev remained out of reach, in Vladivostok, Russia.

Then he made a mistake last July and visited a luxurious resort in the Indian Ocean for a family vacation. U.S. authorities pounced, enlisting local police in a fast-paced operation that was nearly foiled by bad weather thousands of miles away. Seleznev is now in jail in Seattle, awaiting trial in November.

Seleznev’s arrest was a rare victory for U.S. investigators seeking alleged cybercriminals in countries like Russia that do not have extradition treaties with the U.S. nor histories of cooperating with American authorities.

More than three dozen overseas hackers remain outside the reach of the law, including Russians accused of siphoning millions from U.S. consumers and Chinese military officials charged with industrial espionage, two law enforcement officials said.

Until now, U.S. officials have shared few details about Seleznev’s arrest, which sparked a furious response by the Russian government and caused heartburn for authorities in the Maldives, where he was caught. Seleznev’s father said his son would die in captivity without daily medication for a brain injury suffered three years earlier; echoing complaints issued after other arrests, the Russian government accused the U.S. of kidnapping.

Internet Activities

For years, the Secret Service had been investigating Seleznev’s Internet activities, leading federal prosecutors to charge him with crimes including identity theft and racketeering, according to court filings, transcripts of court proceedings and extensive interviews with U.S. law enforcement officials. He is accused of hacking into retailers’ credit-card systems, installing malware to siphon off card numbers and running sophisticated forums where hackers could buy and sell the stolen information.

The officials, who spoke on condition of anonymity because the case is continuing and presents sensitive diplomatic issues, described Seleznev as a one of history’s most successful traffickers in stolen credit-card data.

Dennis Carroll, an assistant public defender representing Seleznev, declined to comment.

Muscle Car

His allegedly illicit work was lucrative and financed fancy cars, apartments and exotic vacations. Photos retrieved from his mobile phone show him posing in front of the Kremlin with his bright yellow Dodge Challenger SRT muscle car and bundles of cash on the back seat of an SUV. According to federal prosecutors, two of his bank accounts received more than $18 million from illegal schemes.

Knowing that they could only capture Seleznev outside of Russia, Secret Service agents kept close tabs on his travels. A few years ago, for example, they determined that he liked to frequent Bali, Indonesia, where he owned two luxury apartments costing nearly $800,000.

Agents met in 2012 with Indonesian authorities, who declined to help capture a foreign national of their soil for fear of upsetting Russia, or their own citizens, according to two U.S. law enforcement officials.

Maldives Vacation

On July 2 last year, the Secret Service got a new tip: Seleznev was visiting a five-star resort in the Maldives, a popular holiday destination for Europeans. They were told that Seleznev picked the Maldives because it did not have an extradition treaty with the U.S.

Agents in Washington wasted no time, contacting officials at the State Department, who had a close relationship with the Maldivian police superintendent. He agreed to help, despite the lack of a treaty.

A day later, a Secret Service agent based in Thailand and another from Hawaii were in the Maldives, drawing up a plan: Local police would arrest Seleznev before he boarded his flight home on the morning of July 5. They would formally expel him from their country and hand him over to the U.S. agents, who would hustle him aboard a private jet bound for the U.S. territory of Guam.

At the last minute the Maldivian police said they required an Interpol “red notice” to grab Seleznev. The Secret Service had avoided uploading such an alert that they were seeking a suspect on criminal charges because Russian authorities were notorious for tipping their citizens to the existence of arrest warrants.

Seaplane Trip

Anticipating the demand, Secret Service agents had drafted a red notice and uploaded it to Interpol as Seleznev was on a seaplane from his resort to the Maldives airport, leaving the Russians no time to act.

As Seleznev rode a bus from the seaplane to the airport, Maldivian police and a Secret Service agent sat just a few rows back, making sure he didn’t get a tip and try to slip away.

At the airport, police checked Seleznev’s passport and quickly turned him over to the Secret Service agents, who handcuffed the Russian and led him onto the jet.

As they were about to take off, however, another problem arose. A storm was reported near Guam.

If the pilots delayed taking off to allow the weather to clear, they would run afoul of duty-time regulations. They would be grounded at least a day, forcing agents to return Seleznev to Maldivian custody. Such a move risked a diplomatic and legal dispute with Russia.

Weather Risk

The other option was to take off and divert to a third country if the weather didn’t improve, raising the specter of another diplomatic imbroglio.

Agents in the Maldives made the call: take off and pray for better weather. Twelve hours later, the flight landed in Guam without incident, and Seleznev was transferred to Seattle.

His arrest came as relations between Washington and Moscow are more strained than at any time since the Cold War.

Warnings by the Russian government to its citizens who might be targets of U.S. law enforcement could make Seleznev a unique case going forward. The Federal Bureau of Investigation has all but conceded it may never catch another Russian hacker, Evgeniy Mikhailovich Bogachev, charged with creating a sophisticated computer virus that stole $100 million from U.S. businesses and consumers.

“If he remains there, it will be difficult to get him, unless there is a different approach taken by the Russian government working with the U.S. government,” said Joseph Demarest, assistant director for the FBI’s cyber division who last month announced a $3 million reward for information leading to Bogachev’s capture.

Demarest isn’t holding his breath.

Before it's here, it's on the Bloomberg Terminal.