A Side of Romanian Identity Theft With Your Footlong Subway

December 9, 2011

On December 7, 2011, a four-count federal Indictment was unsealed in the District of New Hampshire naming:

  • Adrian-Tiberiu Oprea, 27, of Constanta, Romania;
  • Iulian Dolan, 27, of Craiova, Romania;
  • Cezar Iulian Butu, 26, of Ploiesti, Romania; and
  • Florin Radu, 23, of Rimnicu Vilcea, Romania

The Defendants were charged with with conspiracy to commit computer fraud, wire fraud and access device fraud. Oprea was arrested in Romania and is currently in custody there. Dolan and Butu were arrested upon their entry into the United States on Aug. 13 and Aug. 14, 2011, respectively, and remain in United States custody. Radu remains at large.

NOTE: An Indictment contains allegations and the defendants are presumed to be innocent unless and until proven guilty beyond a reasonable doubt in a court of law.

From about 2008 until May 2011, the Indictment alleges that Oprea, Dolan, Butu and Radu conspired to remotely hack into more than 200 U.S.-based merchants' point-of-sale (POS) or "checkout" computer systems in order to steal customers' credit, debit and gift card numbers and associated data. Among the merchant victims were over 150 Subway restaurant franchises (under 1 percent of all Subway restaurants) and more than 50 other retailers. The credit card data of over 80,000 customers was compromised, and millions of dollars of unauthorized purchases were made.

SIDE BAR: POS systems allow merchants to process customer credit, debit, and gift card purchases through an electronic processing system, signature capture device and a customer pin pad device.

If convicted, the defendants face a maximum of five years in prison for each count of conspiracy to commit computer related fraud, 30 years in prison for each count of conspiracy to commit wire fraud and five years in prison for each count of conspiracy to commit access device fraud. They also face fines up to twice the amount of the fraud loss and restitution.

Bill Singer's Comment

You go in for a lousy lunch. McDonald's, Olive Garden, Chipotle Grill, Subway. All you want is a few minutes out of the office. Get a quick bite and a drink. And what's the cost of that getaway? The price of a burger? The cost of a super-sized meal? No, the actual cost could be the damages you sustain after a hacker has broken into the restaurant's computer system and gutted your bank account or maxed out your card. And where is all this being engineered? Lately, it's coming out of China or Eastern Europe - a whole cottage industry of high-tech crooks finding back-doors into supposedly secure computer systems. Recently, the Marriott hotel organization got hit by a Hungarian hacker. Earlier this year, the Feds shut down an identity theft ring involving Belarus, Lithuania and the Czech Republic.

Hey, have a nice day!

Additional coverage about Internet fraud and hacking based in Romania:

Romanian Sentenced in eBay, Craigslist, and AutoTrader.com Scam
Belarusia Phish Fry? Feds Break Online Tax-Refund Scam 
EBay Secure Traders (It Ain't 'eBay' Or 'Secure') 
Credit Card Identity Theft From Russia (And Not With Love)