Industry News

POS Hacking Sandwich Reels in $ 10 Million; 2 Plead Guilty as Charged

Romanian nationals Iulian Dolan and Cezar Butu pleaded guilty to conspiracy to commit computer  and access device fraud in a POS hacking scheme targeting hundreds of Subway restaurants in the U.S and accounting for $ 10 million losses for customers, reports

Four Romanians came under judicial fire from the New Hampshire District Court on account of this hack in December 2011. Adrian Tiberiu Oprea, the ringleader, is now in custody of Romanian police, while Florin Radu, the fourth member of the group, has not been apprehended yet. Dolan and Butu, arrested trying to enter the US, admitted to having taken part in the Romania-based operation that unfolded from 2008 to May 2011 and which led to the compromise of the credit-card payment terminals of 150 Subway restaurants and the theft of data concerning more than 146,000  accounts, as noted by arstechnica.

Using remote desktop applications, Dolan would scan the Internet for vulnerable POS machines, then attempt to crack their passwords and gain administrative privileges over them. Once this type of access was secured, he would install keyloggers onto the target machines and have customers’ credit card credentials recorded.

“These programs would record, and then store, all of the data that was keyed into or swiped through the merchants’ POS systems, including customers’ payment card data,” read the plea agreement signed by Dolan.

Oprea’s side of the business was setting up locations where the stolen data would be dumped and making illegal fund transfers from the breached accounts. He is also accused of having attempted to sell the stolen credit card data. Butu is accused of having repeatedly asked Oprea for stolen credit card data and of having illegally accessed, in this way, 140 cardholders’ accounts.

Dolan is to serve seven years in prison while Butu is expected to stay 21 months behind bars.

About the author

Ioana Jelea

Ioana Jelea has a disturbing (according to friendly reports) penchant for the dirty tricks of online socialization and for the pathologically mesmerizing news trivia. From gory, though sometimes fake, death reports to nip slips and other such blush-inducing accidents, her repertoire is an ever-expanding manifesto against any Victorian-like frame of thought that puts a strain on online creativity. She would like to keep things simple, but she never does.