That guy phishing you could be 14 years old

No fishing
The US District Court in Minneapolis has sentenced a 23-year-old Romanian immigrant to 8.5 years in jail for stealing a total of approximately $700,000 from over 7,000 innocent people.

Sergiu Daniel Popa spammed out emails pretending to come from financial institutions such as SunTrust, Citibank and PayPal, trying to lure victims into visiting bogus webpages. From these phishing websites, Popa stole PIN codes, names and addresses, bank account numbers, credit card and social security information.

As I reported last year, Popa also offered offered phishing kits for sale for $1500, complete with instructions on how to send spam and counterfeit credit cards.

What’s eyebrow-raising to me is just how young Popa was when he started his identity fraud escapade. According to local media reports, Popa started his phishing campaign – which lasted almost seven years – in June 2000, making him 14 years old.

In the old days (back in the late 1980s and 1990s), it wasn’t unusual for virus writers to be in their teens but this is a much more serious offence than the attention-seeking kind of malware writing we saw in yesteryear. This is about making a large amount of money rather than getting attention.

Of course Popa’s youth is of little comfort for Popa’s victims – and although he may have been a juvenile when he began his attacks, he certainly wasn’t by the time he finished.

According to Judge John Tunheim, who sentenced Popa, the hefty jail sentence reflects the scale of the crime.

“Because there were so many victims who were hurt badly, the court believes the sentence is appropriate in order to protect the public,” said Tunheim. “There needs to be a deterrent to others who are trying similar crimes over the Internet.”

I guess Popa will have plenty of time now to reflect upon the mistake he made following a life of crime, rather than finding some other avenue for his interest in computer technology.

The fact that he took so long to catch, however, may mean that other cybercriminals will continue to believe that there is a good chance they will be able to escape justice.