Oprea pleaded guilty in May to his part in the scheme, in which the crew compromised vulnerable point-of-sale systems, planted malware on them and harvested details of payment cards fed in or swiped.
Several hundred businesses were hit, including 250 Subway franchises. Details were gathered for over 100,000 cards, with money stolen and clean-up costs coming to over $17.5 million.
The sentence was announced this week by a New Hampshire court. Oprea’s sidekick Iulian Dolan got a comparatively light 7 year sentence after pleading guilty a year ago, while another co-conspirator, Cezar Butu, got 21 months back in January.
Several of the gang were apparently tricked and lured to the US by federal agents offering free casino visits or posing as amorous waitresses. It sounds like their visits will be rather longer than they expected, not to mention considerably less pleasant.
In other sentencing news, a former president of logistics firm Exel has been given 63 months (or five-and-a-bit years) in jail by a Texas federal judge for his part in “hacking” his former employers’ computer systems to access customer data.
Michael Musacchio is alleged to have used the data to start up his own rival business, stealing files from Exel with the help of two fellow employees who went on to join him in his new venture.
Given the description, it sounds likely that the hacking involved little more than using an account, which should have been shut down, and moving data out of the company network, which should really have been prevented by stricter policies and better protections.
Prosecutors wanted Musacchio to face 15 years, and have argued he should pay $10 million in restitution against a loss of business for Exel, which some estimates put at up to $166 million.
Musacchio’s legal team suggest the losses could be much lower, at between $71k and $200k. The final charge will be decided in the next few months.
Also in Texas, a Dallas judge has imposed a gagging order on Barrett Brown, who’s up on federal charges for alleged involvement in the Anonymous heist of data from government contractor firm Stratfor back in 2011.
The order means Brown and his legal team cannot publicly discuss anything involving the case – even what the charges brought against him are.
The reasoning behind the order is to avoid biasing a potential jury in a case which apparently carries a rather aggressive potential penalty of up to 100 years in jail. The trial itself is not due to start until next April, although Brown has been in custody since last year.
Meanwhile, over in South Africa police have rounded up a gang of 54 believed to be involved in a phishing scam in the country, thought to have netted 15 million Rand (US$1.5 million).
Most have since been released on bail, but the 9 main suspects have been remanded in custody.
All in all, a busy week for the cybercrime cops; hopefully some of these sentences will deter a few would-be digital crooks and put them back on the straight and narrow.