Romanian nationals Iulian Dolan and Cezar Butu pleaded guilty to conspiracy to commit computerÂ and access device fraud in a POS hacking scheme targeting hundreds of Subway restaurants in the U.S and accounting for $ 10 million losses for customers, reports cio.com.
Four Romanians came under judicial fire from the New Hampshire District Court on account of this hack in December 2011. Adrian Tiberiu Oprea, the ringleader, is now in custody of Romanian police, while Florin Radu, the fourth member of the group, has not been apprehended yet. Dolan and Butu, arrested trying to enter the US, admitted to having taken part in the Romania-based operation that unfolded from 2008 to May 2011 and which led to the compromise of the credit-card payment terminals of 150 Subway restaurants and the theft of data concerning more than 146,000Â accounts, as noted by arstechnica.
Using remote desktop applications, Dolan would scan the Internet for vulnerable POS machines, then attempt to crack their passwords and gain administrative privileges over them. Once this type of access was secured, he would install keyloggers onto the target machines and have customersâ€™ credit card credentials recorded.
â€œThese programs would record, and then store, all of the data that was keyed into or swiped through the merchants’ POS systems, including customers’ payment card data,” read the plea agreement signed by Dolan.
Opreaâ€™s side of the business was setting up locations where the stolen data would be dumped and making illegal fund transfers from the breached accounts. He is also accused of having attempted to sell the stolen credit card data. Butu is accused of having repeatedly asked Oprea for stolen credit card data and of having illegally accessed, in this way, 140 cardholdersâ€™ accounts.
Dolan is to serve seven years in prison while Butu is expected to stay 21 months behind bars.