A number of individuals are to appear in the Maltese courts in the coming days to provide depositions related to the activities of a Ukrainian credit card fraudster who ran a sophisticated and lucrative operation out of an apartment rented in Malta.
A total of six witnesses have received court summons to give depositions to be used by the San Francisco Office of the Federal Public Defender, which currently has representatives in Malta, in the trial of Ukrainian national Roman Vega. The trial is to commence on 27 November.
The witnesses being called, according to US federal public defenders contacted by The Malta Independent on Sunday, had business dealings with Vega during his stay in Malta. Such dealings, however, are not necessarily connected to Vega’s fraudulent operations run out of Malta but could serve to place him in Malta during a particular timeframe.
According to US authorities, Vega is an accomplished fraudster and credit card hacker who used sophisticated computer systems to produce and sell counterfeit credit cards after hacking account details. The indictment against Vega reads “he possessed, bought, sold and trafficked in credit card account information of thousands of individuals that had been illegally obtained from sources around the world including credit card processors and merchants”. A good part of such operations are alleged to have been carried out from bases in Malta and Cyprus.
Maltese witnesses were brought before the courts a year ago to give depositions similar to those expected to be given at this week’s session. The witnesses, among other things, were shown photographs of the Roman Vega for purposes of identification.
Roman Vega is known to have used a number of aliases including Roman, or Romeo, Stepanenko, while his Internet nickname was Boa, a pseudonym reflecting the www.boafactory.com website he allegedly ran and where the details of credit card information hacked from Malta and elsewhere were sold. Witnesses speaking to this newspaper, in fact, have confirmed that Vega was in the habit of “playing around with names”.
The Malta Independent on Sunday recently reported that the US authorities were investigating a certain Roman Khoda and two accomplices who are thought to have stolen information on up to a million credit cards through a hi-tech operation that targeted credit card processing company networks from a flat rented in Malta.
Federal public defenders speaking to this newspaper, however, would not confirm if the two Romans were one and the same person or if they were accomplices, and only confirmed that the indictment was against Roman Vega.
Vega was arrested in Cyprus and was extradited to the US in June 2004, where he has been awaiting trial since, and is being represented by the San Francisco Office of the Federal Public Defender. The investigation leading to his arrest and extradition was overseen by the Computer Hacking and Intellectual Property Unit of the United States Attorney’s Office.
The magnetic strip on the back of credit cards holds a magnetic strip encoded with the account number, card holder name, expiry date and security information known as the Card Verification Code (or Value).
The indictment against Vega alleges that once the information was in hand, a card printer and encoder was used to encode blank credit card stock with ‘full track information’. Such information was then fraudulently presented to merchants for payment in telephone or Internet based transactions.
Such fraud is alleged to have been carried out to the detriment of individuals in several countries around the world from the US to Australia, Turkey to the UK and from Hong Kong to Malaysia.
The 40-count US indictment against Vega has charged him with 20 counts of using unauthorised credit cards and credit card trafficking and 20 counts of wire fraud. According to the indictment, Vega used Internet chat rooms and the website he ran to traffic stolen and counterfeit credit card information of thousands of individuals.
If convicted, Vega faces potential fines, at the US courts’ discretion, of US$250,000 and a maximum 20-year prison sentence per count, plus possible restitution.