Him surviving a terrorist attack and spending two months in a coma halfway through the story was a hell of a twist.

The thing is, he more ir less handed himself over to the authorities by being so sloppy. It's less credit to the Feds, and more blame to him.

Lesson : 1 Live in Russia & Never Leave Russia THATS ALL

Learned a lot. I still find it amazing that these massive online empires tend to fall due to massive opsec failures. Silk Road, Alphabay, etc.

Would have laughed if he was successfully sued for infringing on 2Pac's IP before being arrested for fraud.

A legendary talk! Thank you so much for putting this out

Great video. I was really surprised when I saw the old Broadway Grill. I walk past that shuttered restaurant almost every day.

tl;dr he basically handed himself to them on a plate.

The Roman empire has fallen.

"Was there any encryption that you had to deal with?" "In this case no, there was none" *audible laughter across the room* This hacker is getting roasted by the guys who cuffed him lol

1.7M instances of theft, 38 counts of fraud. That's one count for every 45k card numbers he was caught with.

Anyone else notice the workgroup name of the machine was VAIO? This guy never reformatted the machine after he bought it? Damn...

Dude, this is awesome and needs to be made into a screenplay.

Excellent work gentlemen!! Keep it up.

"Would it have been harder to convict if you didn't have his password?" He wasn't protected in any way on that Vaio, no security measures, hardware or software based, as these guys explained, there was no encryption or anything even remotely security related on that laptop. There's 10000 ways to get into a windows system if you have physical access to the system. There's 100000 ways to get to the data on a system if you have physical access to the system. It was cute they guessed the password, but that wasn't even needed. His shitty password, combined with his bad security measures and all the other ways he was blazee about security, the dude was bound to get caught and bound to get convicted if caught. His security measures were to travel to and through places that didn't extradite to the US. Including the place he was arrested. Little did he know or understand that diplomacy used to be a thing and you can get any country to agree to anything if its worth their while.

24:40 you can tell he's used to waiting for applause at this point, but wrong crowd lol

Fascinating from Mrs Wages

I was just at Mandalay Bay not to long ago, delivered a 350k granite saw to a counter top and tile expo.

As an audience member I'd say "thank you for the insight as to how your team did it." As a gov supervisor I'd ask "why the sh*t are you showing your cards!"

Nov 2017 "The prolific Russian hacker Roman Seleznev was sentenced to 14 years in prison Thursday for his role in a $50 million cyberfraud ring. This latest sentence follows a 27-year-prison sentence Seleznev received in April on charges of hacking point-of-sale computers that he then sold to the criminal underground. That scheme generated nearly $170 million in fraudulent charges, prosecutors said. Both sentences will run concurrently."

With all the IRS scammers, credit card scammers, spammers and other scams, its really good to hear a story where one was tracked down and arrested. Really great presentation!

They should make a movie about this.

So the typical carelessness, ego, lavish behavior, and carelessness was Roman's demise.

Love this video

He got 27 yrs. He also got 14 yrs from a bank fraud charge in Atlanta. Concurrent sentences, of course. I expect he will be back in Russia long before twenty seven years is up.

27 years for no physical harm done? US is fucking insane

The major weakness in this and so many cases is Russia itself. Who wants to live IN Russia, or move TO Russia for 'the good life'. As soon as a Russian has money, he is gone. IF you ever think a Russian girl loves you, offer to marry her and move to Russia for the rest of our lives!!! See how long that relationship lasts after she thinks you are serious.

excellent talk! glad to know there are some smart people on the right side of the law too!

I found malware on some public hotel computers in Bali trying to intercept banking details... wonder who that could have been. Always try and use your own machine when travelling.

in conclusion it's better to be a bankster than a hacker

Great catch !!!!

these are old but always entertaining.

Haha they actually thought they could bribe their way out of any trouble, very typical for a corrupt Russian official because this is exactly what they do at home. Thank you for bringing this criminal to justice, this was definitely not possible in Russia.

@Norman Barbosa Aren't the Maldives a little bit outside U.S. jurisdiction?

love that video

Ok thats it - no more flowers for my wife

very interesting

That guy thought he would never ever be caught. How the hell a hacker uses Ochko123

He'll serve 21.6 years of that 27 year sentence, since he's in federal custody. They make you serve 80% I believe.. that is a long time. Maybe long enough where he won't do it when he comes out. If his dad's very prominent, he might be able to get a pardon after 10-15 years.

ОЧКО123

When did this conference take place?

Chief really put those bad cop pants routine on during the questions at the end there huh. Actually solid questions with important feedback to much more pressing issues gone totally dismissed, and all he seemed to attempt to prove is that verbally "it was really just all so terribly hard" to retrieve all that unencrypted, unobfuscated, out in the open, slam dunk data! When really the only hard part wasn't so hard, sitting there biding time, waiting for a blip on a spinny class globe. Then all of the sudden, let's make sure black hat knows again how hard it was to jump those hoops! Around any sort of justice process, avoidance of contacting any actual authority at all costs, refusal to explain why (which could get secops/pentesters/law enforcers killed or imprisoned in many jurisdictions) while snerking at the valid argument that those actions could undermine or blow the cover of many much more difficult ongoing undercover ops or surveillance work, and sow even further distrust into these TA's regarding what it will take to self preserve their own lives. And for these sociopaths, every more reason to push anybody in front of the way to avoid the bars. Not textbook blokes like this one "sophisticated and large scale *network*" here. This crowd is in no shortage of extremely bright individuals. Nobody expected ya to debate the modalities and procedures of undercover tactics for federal government acronym agencies. We just wanted- something, at all?

Wow, just October 1, 2017, a month later, Mandalay Bay was a slaughter ground!

@ OPSEC NERDS If his whole system was encrypted would that mean the L.E would not be able to access or retrieve anything from that laptop? And would be useless to them?

"we don't give attribution for that" I don't understand why not. The security vulnerability is just as attributable to the attack as the one exploring it.

It's odd to me that they rely on file modified/accessed records. Those can be set to anything by anyone. They're really not reliable...

How were the point of sale computers hijacked? Did Seleznev install software on those computers?

you either pay money to the pentesters, or to the hacker, depending on who charge less. and not sure if pentester will turn into hacker in future? Any relationship to cybersecurity earning good income?

That flowers receipt...

Listening as a ex laptop acer owner...

Roman’s ochko has played Tchaikovsky’s Swan Lake after all.... if you know what I mean 😏

A hack user not hacker appears to me.

Interesting screenshot at 20:28... iirc the red and yellow card next to a posting are only visible to moderators and thus the screenshot has been taken by a staff member.

So the takeaway is, use Linux and disable logs :D

And it is still credit card fraud, that is the running wild. Can we please get a more secure payment method, than credit cards.

For those who are intrested. Ochko can mean a few things: - butthole (vulg) - name of the card game. russian version of BlackJack - point (i.e. measured metric earned in sports, games, competitions) Main meaning - toilet (vulg)

36:00 So there is no point to using a VPN because windows records everything in multiple ways?

great

So the Restaurant POS system was installed on a windows server that had a common login password for many servers? Why did people not patch their POS system? I wish they had commented on that more including the name of the system.

hi black hat ,plz can i upload to youtube 2 part from your video the part1 from 17:17 to 17:46 and the part2 from 19:09 to 20:23 and produce on them something that i will upload later ?

A natureza é maravilhosa

49min? Isn't there a short version of the story somewhere?

"Did u track how many other russians stopped vacationing in maldives" xD

"Any questions?" Person asks question: " I can't answer that."

Люди из Владивостока никогда ничего не доби...

wait so he just bruteforced rdp and installed some sort of keylogger on restaurant systems? were that many of those cash things using rdp?

He should have done it the legal way and become a bank manager..... why didn't the government reimburse the mam n pop companys before they went under, or do they only do this for banks who do far more damage to society than this guy did... at least he put the money back in the system and had a good time instead of greedily hoarding it... hes gunna walk out in a few years and don't be fooled hes still got that money LOL.. wish they put this much effort in arresting Bush n Blair who on the grand scheme of things did far far worse than this guy...

What do they do with the enterprise accnts??.all must be orderly written someplace...

I find it curious that he was basically at the epicenter of a "terrorist attack" explosion.??? it wouldn't be too much of a stretch to assume that at some point, they may have decided to just take the guy out. Save time and money, etc. I just think that it's odd that when they were about to move on him....he got blown up. Having had run ins with law enforcement in general, as a U.S. citizen I have been set up, beaten without cause, and jailed. I can only imagine how they would likely treat this guy. The U.S. Govt. doesn't like competition when it comes to ripping off their own taxpayers.

he didnt switch servers once a month jesus

how difficult it would have been to simply invent a disk image with all this evidence? for example, no new information found on the laptop. only previously known aliases and known stolen cc numbers taken from the cc server.

I don't know anything about hacking, this conference, or US attorneys, but I'm surprised he's giving a talk here.

Roman. Dope name 👌💪

so it mean america can just mail paypal and get a copy of email? Like wow, fuck the privacy

Sounds exciting. I would love to have a job like theirs.

To avoid randomly reading/writing why not just give it a executing segment without W/R permission?

Can confirm. Ochko means butthole but it's pronounced 'ah-CHKOH'. The second syllable is stressed so the first 'O' sounds like 'ah'

Harold looks and sounds like Harold from Harold and Kumar lol

This is the biggest load of bullshit I've ever heard ! SHAYE, Biboran, bratiya, Biboran

Would be interesting to know what this guy's motivation was. As it sounds his father is a Russian oligarch with strong connections, so money probably wasn't the main driving force. So boredom? Wanting to prove himself? Becoming independent of his father?

I spotted the feds!

Easiest game of Spot The Fed ever…

Why would he want to call himself 'potato'?

Scholtzkys will do it every time.

Forensic 101: turn off the electronic you sized and use a faraday bag.

Around 17:37 we can see his passport number and personal information. But not only that we also see the personal information of Udatova Nina. Anyone have any clue who she is?

What is a fsb?

34:27 you forgot to censor the card number.

Why in the hell would they publicly detail all this? I mean, yeah he did say that a lot of it is public record due to the trial proceedings, but even at that digging through trial proceedings is nasty time consuming work and is a high bar that would keep a lot of people out. Here they have bundled up all kinds of "how to be a better criminal" information in a nice easy video. If I was going to turn to a life of crime I would start by watching a bunch of these videos...

surprised at his sloppiness, he didnt make it very hard at all for law enforcement to find him out

How hard can it be to to find a jury that knows nothing about computers to indict a Burger? I'm sure DOJ or FBI makes sure to find a knowledgeable jury...certain.

Why weren't any bankers prosecuted after 2008???

I am surprised this kind of info is released publicly. Carders/hackers now have a very useful manual on "how to not get caught due to own silly mistakes".

Mind Blowing, The exploiter gets exploited! It's tom and jerry

So this guy's "political ties and his father's position" mentioned at 3:25 may explain a lot!

Oh, yeah. I'm *sure* they don't collect the content of the data they watch. Yeah. Definitely. Totally believable. Yup.

Why do hackfest, 2600 event and other invite police to the events?

How dumb was he not to encrypt his drives. And why would one use Windows in that case.

You caught an IRL firewall that got paid for 14 years to carry a stacked laptop and leave crumbs to him.

The Maldives is money lauder central, that's his nest egg stash right there.