IDG News Service - A 23-year-old Romanian man has become the first foreigner to be sentenced to prison by a U.S. court for phishing.
Ovidiu-Ionut Nicola-Roman, of Craiova, Romania, was sentenced to four years and two months in prison Monday for his role in an international phishing operation. Prosecutors had charged him with setting up fake banking sites and then sending out tens of thousands of fraudulent spam messages in hopes of tricking victims into giving up their account information.
The sentence was handed down by Judge Janet Hall of the U.S. District Court in Connecticut.
Nicola-Roman was arrested in Bulgaria and extradited to the U.S. in November 2007. He pleaded guilty last July to a fraud charge and had been facing up to five years in prison. Additional charges that had been brought against him in California were dropped because they weren't listed in his extradition request.
He was charged as part of the bust of a phishing ring that allegedly also involved six other Romanians, none of whom has been arrested thus far.
Security experts say countries such as Russia, Romania and the Ukraine have become hotbeds of cybercrime, in part because local governments are slow to prosecute fraudsters who take money from victims in countries such as the U.S.
Illustrating the increasing activities of cybercrooks in general, the FBI said Monday that the number of Internet fraud complaints it received last year spiked 33% over the 2007 level. The number of complaints had been dropping since 2005, but last year's total of more than 275,000 set a new one-year record, according to the FBI.
In Nicola-Roman's case, prosecutors said that they found 2,600 credit and debit card numbers in e-mail accounts linked to him, and that he had probably harvested more information. He set up a fake phishing site to snare customers of Bridgeport, Conn.-based People's United Bank in October 2005 but also had tools that would have allowed him to phish customers of Wells Fargo, SunTrust Bank, Amazon.com, PayPal and eBay, according to court documents.
Nicola-Roman doesn't appear to have written any phishing software himself, but prosecutors said he assembled a large collection of online fraud tools, including a program called Web Data Extractor, which harvested e-mail addresses. They added that he sent spam to victims using a program called Email Sender Express, which could send 30,000 spam messages per hour, and created counterfeit payment cards using a program called T2Gen. Another program, called WebZIP Unlimited, could be used to create counterfeit versions of legitimate Web sites.
According to data supplied to prosecutors by People's United Bank, 78 of the 88 card numbers that investigators found in Nicola-Roman's possession had been used for fraudulent transactions. Nicola-Roman was able to take an average of $960 per card number collected, prosecutors said.
Nicola-Roman, a clothing salesman by trade, committed the fraud in part to help pay for medication and support for his sick mother, according to his defense attorney.
Prosecutors managed to contact many of the victims of the scheme, who reported a sense of fear and outrage at having been phished. One woman said her credit score dropped from "800+ to 400" after the fraud. "My credit is damaged, and it will never be the same," the woman, identified as Michele S., wrote in a victim's impact statement.
"Above all else is the helplessness, knowing that all my personal information is forever now in the public domain," wrote another victim identified as Thomas B. "[T]his is a huge invasion of privacy, and as such, it has caused me a great deal of anxiety."
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
