Sophos Cloud Optix
Adrian-Tiberiu Oprea, a Romanian national and the alleged ringleader of the gang responsible for a multimillion-dollar hack of the Subway fast-food chain, has pleaded guilty.
Oprea is accused of crimes committed in a massive payment card data theft scheme that targeted the point-of-sale (POS) systems of hundreds of US stores.
He admitted to one count of conspiracy to commit computer fraud, one count of conspiracy to commit wire fraud, and two counts of conspiracy to commit access device fraud.
According to the authorities, the men targeted vulnerable POS systems via the internet and gained access via remote desktop software that was sometimes secured with weak passwords.
The hackers planted spyware onto the POS systems, which recorded and stored data that was keyed into or swiped through the merchants’ POS systems, including credit card data.
The stolen payment card data was then siphoned off to dump sites from where it could be accessed to make unauthorized charges or to transfer funds.
According to the Department of Justice, the scheme affected more than 146,000 payment cards and earned the crooks more than $10 million.
One of Oprea’s cronies – 28-year-old Iulian Dolan, of Craiova, Romania – has already pleaded guilty and agreed to a seven-year prison sentence. His sentencing is scheduled for August 15, 2013.
Another gang member – Cezar Butu, 27, of Ploiesti, Romania – was sentenced in January to 21 months in prison.
By the way, there’s a film-worthy story (thank you, Eduard Kovacs, for the link) about how the Secret Service lured two of the alleged Subway hackers onto US soil where they could slap some cuffs on them.
Brian Krebs tells the tale, which he got from Michael Shklar, the public defender appointed to Iulian Dolan.
The trick was to promise the men that they’d be showered “with love and riches”, Krebs writes.
Secret Service agents tricked Dolan into popping over for a visit by posing as representatives from a casino that was offering him a complimentary weekend getaway, telling him they knew that he gambled online, and that comping him a weekend would give the place “a cosmopolitan feel.”
They even purchased his airline ticket.
He arrived, Sklar said, with:
"... some clothes, a cheap necklace, a little bit of money, and three very large boxes of grape-flavored Romanian condoms."
Then, investigators posed as a comely female tourist whom Butu had met in France a year ago and with whom he’d exchanged email.
Krebs writes that Butu believed he was coming to the US “to meet an independently wealthy Hooters waitress who said she worked at the restaurant chain for the health insurance coverage and because she liked people.”
And he believed it.
It’s reassuring to know that criminals don’t always think with that thing that resides inside their skulls.
Image of online love and credit card terminal courtesy of Shutterstock.
Yep, “More Reasons to Shop at Morrisons” ? At least, not at Subway – have they been sued yet by their customers for exposing their payment data via the internet ?
And all – repeat after me: “If it sounds too good to be true.. it generally is.”
Was the 10 million recovered do we know?
Delightful! I love the contents of his suitcase.