Photo

A Russian man accused of being one of the world’s most prolific traffickers of stolen financial information was arrested in Guam on Saturday, according to the Secret Service.

Roman Valerevich Seleznev was arrested on charges that he hacked into cash register systems at retailers throughout the United States from 2009 to 2011. The Secret Service would not say whether he was tied to the recent attacks that affected the in-store cash register systems at Target, Neiman Marcus, Michaels and other retailers last year.

The arrest of Mr. Seleznev provides a lens onto the shadowy world of Russian hackers, the often sophisticated programmers who seem to operate with impunity. As long ago as March 2011, the United States attorney’s office in Washington State identified Mr. Seleznev, a Russian citizen, in a sealed indictment as “Track2,” an underground alias that is an apparent reference to the data that can be pulled off the magnetic strips of credit and debit cards.

That data includes enough basic information — like account numbers and expiration dates — to make fraudulent purchases.

The indictment accuses Mr. Seleznev of hacking into the cash register systems of businesses across the United States and of operating computer servers and international online forums in Russia, Ukraine and elsewhere where such stolen data is traded in the digital underground.

It was not yet clear how the Secret Service arrested Mr. Seleznev, and the United States attorney’s office in Washington State declined to elaborate.

In a statement, the Secret Service said Mr. Seleznev’s charges included five counts of bank fraud, eight counts of intentionally causing damage to a protected computer, eight counts of obtaining information from a protected computer, one count of possession of 15 or more unauthorized access devices, two counts of trafficking unauthorized access devices, and five counts of aggravated identity theft.

According to the indictment, which was unsealed on Monday, Mr. Seleznev is accused of scanning devices for weaknesses and inserting so-called malware that was capable of stealing credit card information. He is accused of stealing 32,000 credit card numbers from computers at Broadway Grill, in Seattle, from December 2009 to October 2010. The restaurant did not discover the thefts until late October 2010.

Mr. Seleznev is also accused of similar heists at four other Washington State restaurants and a number of other American businesses, including Schlotzsky’s Deli in Coeur d’Alene, Idaho; Active Network in Frostburg, Md.; Day’s Jewelers in Maine; Latitude Bar and Grill in Manhattan; and the Phoenix Zoo.

In addition, Mr. Seleznev is also accused of stealing more than 200,000 credit card numbers from November 2010 to February 2011 and of selling 140,000 credit card numbers on underground sites with names like bulba.cc and Track2.name, generating profits of more than $2 million.

“This scheme involved multiple network intrusions and data thefts for illicit financial gain,” Julia Pierson, director of the Secret Service, said in a statement. “The adverse impact this individual and other transnational organized criminal groups have on our nation’s financial infrastructure is significant and should not be underestimated.”

Mr. Seleznev appeared at a court in Guam on Monday. He will be held in custody there until his next hearing in two weeks. He faces up to 30 years in prison if convicted of just the bank fraud. The other charges also carry significant sentences.

The case remains under investigation by the United States Secret Service Electronic Crimes Task Force in Seattle and is being prosecuted by the United States attorney’s office for the Western District of Washington.

According to one government official, who declined to be identified because of the current investigation, Mr. Seleznev was also among the members of a transnational criminal organization whose members bought and sold personal and financial information through online carding forums, such as the Russian underground website carder.su. In 2012, 19 members of that group were arrested, but Mr. Seleznev remained at large.

He still faces a separate indictment in the District of Nevada on charges of racketeering as well as two counts of possession of 15 or more counterfeit and unauthorized access devices.

Todd Greenberg, an assistant United States attorney, would not comment on the means by which Mr. Seleznev, a Russian national, was detained in Guam. However, arrests in Russia over computer crimes are rare, even when hackers living in Russia have been outed by outside groups like the Spamhaus Project, a spam-prevention service based in Europe. According to Spamhaus, Russia is the world’s third-biggest source of Internet spam, after the United States and China.

Just last week, American security researchers accused the Russian government of systematically hacking into oil and gas companies in the United States and other Western nations.

The United States has treated computer security as a law enforcement matter. But Russia has pushed for an international treaty that would regulate the use of online weapons by military or espionage agencies. The United States has been hesitant to press for such a treaty — in large part because its own National Security Agency is behind some of the broadest espionage operations — but it has continued to press for closer law enforcement cooperation on cybercrime.