On Friday, Russian hacker Roman Seleznev was arraigned on federal cyber charges in Atlanta. The 32-year-old is allegedly responsible for amassing over $2 million using five hacked debit card numbers from RBS Worldpay, a payment processing company located in Atlanta.

According to a Department of Justice statement released Friday, U.S. Attorney John Horn called the incident — which occurred in 2008 — the most sophisticated and organized computer fraud attack that had ever been conducted at the time.

“Using banking credentials stolen during the hack, a team of hackers and cashers in 280 cities around the world stole over $9 million dollars in only 12 hours from 2,100 ATMs worldwide. The defendant is alleged to have stolen over $2,000,000 as part of that scheme.”

According to the information presented in court, the group compromised the encryption used by RBS WorldPay to protect customer’s data on their payroll debit cards — a type of card used by various companies to pay employees. Using a payroll debit card, employees can withdraw their salaries from ATMs.

According to the release:

Once the encryption on the card processing system was compromised, the hacking ring raised the account limits on compromised accounts to amounts exceeding $1,000,000. The hackers then provided a network of cashers with 44 counterfeit payroll debit cards, which were used to withdraw more than $9 million from over 2,100 ATMs in at least 280 cities worldwide, including cities in the United States, Russia, Ukraine, Estonia, Italy, Hong Kong, Japan and Canada.

This is merely the latest in a string of charges that have been laid on Seleznev, a once-notorious hacker that went by the handle Track2. He was sentenced on April 21 by the U.S. District Court to 27 years in prison for another hacking crime that caused more than $169 million in damage to small businesses and financial institutions. It is the longest sentence for cybercrime ever imposed by the United States.

The hacker is also charged in Nevada with “participating in a racketeer influenced corrupt organization (RICO) and conspiracy to engage in a racketeer influenced corrupt organization, as well as two counts of possession of 15 or more counterfeit and unauthorized access devices,” according to the Justice Department’s statement.

Seleznev was arrested in July 2014 in The Maldives with 1.7 million credit card numbers on his laptop. He is the son of a Russian parliament member, Valery Seleznev. Russia — a country that’s been linked to hacking attacks a lot lately — has called his arrest an illegal kidnapping, while Seleznev recently called himself a political prisoner and has requested help from the Russian government in appealing his conviction.

story continues below

See also: Russian Hacker Roman Seleznev Faces 40 Years

Photos via Youtube