SEATTLE – Lawyers for a Russian man charged with hacking into U.S. businesses asked a federal judge to throw out evidence taken off his laptop computer after it was discovered that hundreds of files were modified and thousands of others were accessed between the time of his arrest and when a search warrant was secured.
The discovery of the accessed files on Roman Seleznev’s laptop calls into question the validity of all evidence stored on the device, Seleznev lawyer John Henry Browne said in a motion filed Thursday in U.S. District Court.
The new information discovered by a computer forensic expert raises several problems: Either U.S. Secret Service agents accessed the laptop before they had a search warrant; or the agency failed to protect the laptop when it was in their custody; or agents went in and modified data, Browne said.
Federal prosecutors plan to oppose the motion by arguing that the defense claims are not grounds for suppressing the evidence, Browne said in the motion, adding that he disagrees with that premise. “The government’s bad faith and corruption of evidence mandate suppression,” Browne said.
Federal prosecutors describe Seleznev as “a leader in the marketplace for stolen credit cards.” They said his criminal scheme involved hacking into business computers, everything from pizza shops to baking companies, and stealing more than 2 million credit card numbers. He then sold that data on a special website and made millions, according an indictment charging him with 40 felony counts ranging from identity theft to wire fraud.
His trial is set for May 9.
Seleznev’s Sony Vaio laptop was seized when U.S. Secret Service agents arrested him in the Maldives on July 5, 2014. The device was sent to an evidence vault at the agency’s Seattle field office. An agent filed an affidavit to support a search warrant on July 28, 2014, that said Seleznev’s devices were stored “in a manner in which their contents are, to the extent material to the investigation, in substantially the same state” as when they were taken by agents.
A special agent began his forensic examination of the laptop on Aug. 1, 2014, and noted in his report that “several files” had been written after Seleznev’s arrest and before the warrant was issued. However, a computer forensic expert’s report sent to the defense lawyers on March 2 said 274 files were modified and thousands of files had been accessed after the arrest and before the warrant was secured.
Because there’s no way to know what the laptop data looked like before the seizure, all evidence taken from the device should be thrown out, Browne said.