Two Romanians plead guilty in Subway hack
Charged as part of a conspiracy that led to $10 million in Subway restaurant customer payment card losses
IDG News Service - Two Romanian men have pleaded guilty to participating in a $10 million scheme to hack into the computers of hundreds of Subway restaurants in the U.S. and steal payment card data, the U.S. Department of Justice said.
Iulian Dolan, 28, of Craiova, Romania, pleaded guilty Monday to one count of conspiracy to commit computer fraud and two counts of conspiracy to commit access device fraud, and Cezar Butu, 27, of Ploiesti, Romania, pleaded guilty to one count of conspiracy to commit access device fraud, the DOJ said.
Dolan and Butu were two of four Romanians charged in December in U.S. District Court for the District of New Hampshire with hacking Subway point-of-sale computers.
In his plea agreement, Dolan has agreed to be sentenced to seven years, and Butu has agreed to be sentenced to 21 months in prison.A
The two men, in their guilty pleas, acknowledged participating in a Romanian-based conspiracy, lasting from 2009 to 2011, to hack into hundreds of U.S. point-of-sale (POS) computers, the DOJ said. Co-conspirator Adrian-Tiberiu Oprea is in U.S. custody and awaiting trial in New Hampshire. The group used stolen payment card data to make unauthorized charges or to transfer funds from the cardholders' accounts, the DOJ said.
The scheme involved more than 146,000 compromised payment cards and more than $10 million in losses, the DOJ said.
During the conspiracy, Dolan remotely scanned the Internet to identify vulnerable POS systems in the U.S. with certain remote desktop software applications (RDAs) installed on them, the DOJ said. Using these RDAs, Dolan logged onto the targeted POS systems over the Internet.A The systems were often password-protected and Dolan attempted to crack the passwords to gain administrative access.A
He then installed keystroke logging software onto the POS systems and recorded all of the data that was keyed into or swiped through the POS systems, including customers' payment card data, the DOJ said.
Dolan electronically transferred the payment card data to various electronic storage locations, called dump sites, that Oprea had set up, the DOJ said. Oprea later attempted to use the stolen payment card data to make unauthorized charges on, or transfers of funds from, the accounts, the DOJ alleged, and he attempted to sell the stolen payment card data to other co-conspirators.A
Dolan stole payment card data belonging to approximately 6,000 cardholders, the DOJ said.A Dolan received $5,000 to $7,500 in cash and personal property from Oprea for his efforts, the DOJ alleged.
In his plea agreement, Butu said he repeatedly asked Oprea to provide him with stolen payment card data and that Oprea provided him with instructions for how to access the website where Oprea had stored a portion of the stolen payment card data, the DOJ alleged.
Butu later attempted to use the stolen payment card data to make unauthorized charges on, or transfers of funds from, the accounts.A He also attempted to sell, or otherwise transfer, the stolen payment card data to other co-conspirators. Butu acquired stolen payment card data from Oprea belonging to approximately 140 cardholders, the DOJ alleged.A
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is firstname.lastname@example.org.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Why You Need a Next-Generation Firewall This white paper explores the reasons for implementing next-generation (NG) firewalls and lays out a path to success for overburdened IT organizations.
- Infographic: Converged Infrastructure Benefits This Infographic quantifies the savings organizations are realizing from increased deployment speed, higher availability, and lower annual costs.
- CIOs Deliver Productivity Breakthroughs with Intelligent Digital Signage Retailers have long recognized the influence that digital signage provides over a shopper's point-of-purchase decision making process.
Enhance Your Virtualization Infrastructure With IBM and Vmware
Date: Wednesday, May 14, 2014, 1:00 PM EDT
Virtualization technology is now expanding beyond the server compute elements to encompass networking and storage...
Transforming Finance, Procurement and Supply Chain Effectiveness with Cross-Functional Analytics
Date: May 6th, 2014
Time: 1 PM EDT
Attend this Webcast to find out how Oracle's packaged analytic applications enable line-of-business managers to examine all...
All Malware and Vulnerabilities White Papers |