Romanian hackers get hefty sentences in N.H.
Two Romanian computer hackers who stole credit card information from more than 800 U.S. merchants and more than 150,000 credit and debit card holders have been given lengthy prison sentences by a federal judge in Concord.
Prosecutors said the mastermind of the scheme was Adrian-Tiberiu Oprea, who has a criminal record in Romania for hacking into credit card databases. He is the first cybercriminal Romania extradited to the United States, prosecutors said.
Oprea was sentenced to 15 years in prison Wednesday. His top deputy, Iulian Dolan, received a seven-year sentence the same day.
“It’s a great result,” U.S. Attorney John Kacavas said yesterday. “It serves notice to the cybercriminals that you can keystroke from the obscurity of your home half a world away, but we’re going to get you.”
Prosecutors said the two-year scheme that ended with the men’s arrests in 2011 cost merchants, banks and cardholders more than $17 million. The Subway restaurant chain was hit hardest, with credit card information stolen from more than 250 franchises, including one in Plaistow.
“Oprea essentially wreaked havoc on Subway, both at the corporate level and at the individual franchise level,” prosecutors wrote in their sentencing memorandum. Subway, they said, spent more than $5 million to investigate the source of the data leaks and make changes to its computer systems.
The two men pleaded guilty to hacking into the “point-of-sale” systems that link merchants’ computers to credit card payment companies.
Once he hacked into the point-of-sale systems, prosecutors said, Oprea installed keystroke logging software to record credit card payment data and imported that information to computer “dump sites” he set up in the U.S. and Cyprus. He would use the stolen credit card data to make purchases for himself and sold some of it on the black market.
“These cybercriminals are very clever and have the ability to reach into American commerce from half a world away,” Kacavas said.
Dolan’s role, prosecutors said, was to identify vulnerable merchant systems that had certain remote desktop software applications installed on them. Among Dolan’s targets was the Plaistow Subway, where he stole credit card information for hundreds of customers.
During the latter stages of their scheme, prosecutors said, Secret Service agents were able to monitor their exploits and notify banks that issued the compromised cards before the credit card info could be abused.
Oprea supervised various sellers of the stolen credit card data, including Cezar Butu, who worked with a team of crooks in a rented house in Lille, France, to encode the stolen data onto blank plastic cards. Butu was sentenced in January to two years in prison.