Subway multimillion-dollar hack ringleader pleads guilty

Filed Under: Data loss, Featured, Law & order, Malware

Credit card terminal. Image from ShutterstockAdrian-Tiberiu Oprea, a Romanian national and the alleged ringleader of the gang responsible for a multimillion-dollar hack of the Subway fast-food chain, has pleaded guilty.

Oprea is accused of crimes committed in a massive payment card data theft scheme that targeted the point-of-sale (POS) systems of hundreds of US stores.

He admitted to one count of conspiracy to commit computer fraud, one count of conspiracy to commit wire fraud, and two counts of conspiracy to commit access device fraud.

According to the authorities, the men targeted vulnerable POS systems via the internet and gained access via remote desktop software that was sometimes secured with weak passwords.

The hackers planted spyware onto the POS systems, which recorded and stored data that was keyed into or swiped through the merchants' POS systems, including credit card data.

The stolen payment card data was then siphoned off to dump sites from where it could be accessed to make unauthorized charges or to transfer funds.

According to the Department of Justice, the scheme affected more than 146,000 payment cards and earned the crooks more than $10 million.

One of Oprea's cronies - 28-year-old Iulian Dolan, of Craiova, Romania - has already pleaded guilty and agreed to a seven-year prison sentence. His sentencing is scheduled for August 15, 2013.

Another gang member - Cezar Butu, 27, of Ploiesti, Romania - was sentenced in January to 21 months in prison.

By the way, there's a film-worthy story (thank you, Eduard Kovacs, for the link) about how the Secret Service lured two of the alleged Subway hackers onto US soil where they could slap some cuffs on them.

Brian Krebs tells the tale, which he got from Michael Shklar, the public defender appointed to Iulian Dolan.

The trick was to promise the men that they'd be showered "with love and riches", Krebs writes.

Secret Service agents tricked Dolan into popping over for a visit by posing as representatives from a casino that was offering him a complimentary weekend getaway, telling him they knew that he gambled online, and that comping him a weekend would give the place "a cosmopolitan feel."

They even purchased his airline ticket.

He arrived, Sklar said, with:

"... some clothes, a cheap necklace, a little bit of money, and three very large boxes of grape-flavored Romanian condoms."

Online love. Image from ShutterstockThen, investigators posed as a comely female tourist whom Butu had met in France a year ago and with whom he'd exchanged email.

Krebs writes that Butu believed he was coming to the US "to meet an independently wealthy Hooters waitress who said she worked at the restaurant chain for the health insurance coverage and because she liked people."

And he believed it.

It's reassuring to know that criminals don't always think with that thing that resides inside their skulls.


Image of online love and credit card terminal courtesy of Shutterstock.

, , ,

You might like

3 Responses to Subway multimillion-dollar hack ringleader pleads guilty

  1. FR · 444 days ago

    Yep, "More Reasons to Shop at Morrisons" ? At least, not at Subway - have they been sued yet by their customers for exposing their payment data via the internet ?

    And all - repeat after me: "If it sounds too good to be true.. it generally is."

  2. Lee · 444 days ago

    Was the 10 million recovered do we know?

  3. herzco · 443 days ago

    Delightful! I love the contents of his suitcase.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.