15 years jail time for Romanian card heist ringleader, 5 for light-fingered company president

Filed Under: Data loss, Featured, Law & order, Phishing, Vulnerability

POS machine. Image courtesy of ShutterstockAdrian-Tiberiu Oprea, the Romanian ringleader of a gang which heisted payment card data from hundreds of Subway branches in the US, has been sentenced to a hefty 15 years in jail for his crimes.

Oprea pleaded guilty in May to his part in the scheme, in which the crew compromised vulnerable point-of-sale systems, planted malware on them and harvested details of payment cards fed in or swiped.

Several hundred businesses were hit, including 250 Subway franchises. Details were gathered for over 100,000 cards, with money stolen and clean-up costs coming to over $17.5 million.

The sentence was announced this week by a New Hampshire court. Oprea's sidekick Iulian Dolan got a comparatively light 7 year sentence after pleading guilty a year ago, while another co-conspirator, Cezar Butu, got 21 months back in January.

Several of the gang were apparently tricked and lured to the US by federal agents offering free casino visits or posing as amorous waitresses. It sounds like their visits will be rather longer than they expected, not to mention considerably less pleasant.

In other sentencing news, a former president of logistics firm Exel has been given 63 months (or five-and-a-bit years) in jail by a Texas federal judge for his part in "hacking" his former employers' computer systems to access customer data.

Michael Musacchio is alleged to have used the data to start up his own rival business, stealing files from Exel with the help of two fellow employees who went on to join him in his new venture.

Given the description, it sounds likely that the hacking involved little more than using an account, which should have been shut down, and moving data out of the company network, which should really have been prevented by stricter policies and better protections.

Prosecutors wanted Musacchio to face 15 years, and have argued he should pay $10 million in restitution against a loss of business for Exel, which some estimates put at up to $166 million.

Musacchio's legal team suggest the losses could be much lower, at between $71k and $200k. The final charge will be decided in the next few months.

Also in Texas, a Dallas judge has imposed a gagging order on Barrett Brown, who's up on federal charges for alleged involvement in the Anonymous heist of data from government contractor firm Stratfor back in 2011.

The order means Brown and his legal team cannot publicly discuss anything involving the case - even what the charges brought against him are.

The reasoning behind the order is to avoid biasing a potential jury in a case which apparently carries a rather aggressive potential penalty of up to 100 years in jail. The trial itself is not due to start until next April, although Brown has been in custody since last year.

Jail bars. Image courtesy of ShutterstockMeanwhile, over in South Africa police have rounded up a gang of 54 believed to be involved in a phishing scam in the country, thought to have netted 15 million Rand (US$1.5 million).

Most have since been released on bail, but the 9 main suspects have been remanded in custody.

All in all, a busy week for the cybercrime cops; hopefully some of these sentences will deter a few would-be digital crooks and put them back on the straight and narrow.


Image of point-of-sale machine and man in jail courtesy of Shutterstock.

, , ,

You might like

One Response to 15 years jail time for Romanian card heist ringleader, 5 for light-fingered company president

  1. njorl · 325 days ago

    "The reasoning behind the order is to avoid biasing a potential jury", and no-one could ever think anything different, surely.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

John Hawes is Chief of Operations at Virus Bulletin, running independent anti-malware testing there since 2006. With over a decade of experience testing security products, John was elected to the board of directors of the Anti-Malware Testing Standards Organisation (AMTSO) in 2011.