Home » News » Crime
January 08. 2013 9:52AM
Romanian national sentenced in credit-card hacking scheme
CONCORD - A Romanian national was sentenced Monday to 21 months in prison for his role in an international, multimillion-dollar hacking scheme to steal payment card data from hundreds of merchants' computers across the United States.
Cezar Butu, 27, of Ploiesti, Romania, was sentenced by Judge Steven J. McAuliffe in U.S. District Court for the District of New Hampshire. He pleaded guilty on Sept. 17 to one count of conspiracy to commit access device fraud.
Butu admitted that from 2009 to 2011 he took part in a Romanian-based conspiracy to hack into hundreds of U.S.-based computers to steal credit, debit and payment account numbers and payment card data that belongs to American cardholders.
According to court documents, Butu and his co-conspirators hacked into more than 150 Subway restaurant computers across the U.S., including one in Plaistow, as well as more than 50 other retail merchants. The conspirators compromised credit cards of more than 80,000 customers and racked up millions of dollars in unauthorized purchases.
The conspirators stole payment card information to make unauthorized charges on, and/or transfers of funds from cardholders' accounts (or alternatively to transfer the stolen payment card data to other co-conspirators who would do the same). Court records indicate the conspiracy began as early as April 2008 and continued to at least March 1, 2011.
The group remotely scanned the Internet to identify vulnerable point of service systems with remote desktop software applications (RDAs) installed on them. The conspirators then remotely logged onto the targeted systems either by guessing the passwords or using password-cracking software programs.
Prosecutors said in court documents the conspirators then remotely and surreptitiously installed software programs called "keystroke loggers" or "sniffers" onto the POS systems, which would record and store data keyed into or swiped through the merchants' POS systems, including customers' credit card data.
Members often installed a "back door Trojan" into the POS systems so they could later install or re-install additional software programs - "hacker tools" - designed to evade detection.
Once they had the credit and debit card information, prosecutors said the group uploaded the information to several computer servers they set up to store the data known as "dump sites." Some of those sites were labeled "ftp.tushtime.info," "ftp.cindarella.info," and "ftp.just(expletive deleted)it.info."
The group also allegedly created phony plastic credit cards using hardware and software devices, including magnetic strip readers/writers, to encode blank plastic cards with the stolen credit card information. Those fake credit cards were mainly used for purchases in Europe.
Butu admitted he repeatedly asked an alleged co-conspirator to provide him with stolen payment card data, and the alleged co-conspirator provided him with instructions for how to access a website where a portion of the stolen payment card data was stored. Butu later attempted to use a stolen payment card data to make unauthorized charges on, or transfers of funds from, the accounts.
According to Butu's plea agreement, he also attempted to sell, or otherwise transfer, the stolen payment card data to other co-conspirators for them to use in a similar manner. Butu admitted to acquiring stolen payment card data belonging to about 140 cardholders during the course of the scheme.
Co-conspirator Iulian Dolan pleaded guilty to one count of conspiracy to commit computer fraud and two counts of conspiracy to commit access device fraud. His plea agreement calls for him to serve seven years in prison. His sentencing is set for April 4.
A third man, Adrian-Tiberiu Oprea, is scheduled for trial on Feb. 20.
The case was investigated by the U.S. Secret Service, with assistance from New Hampshire State Police and the Romanian Directorate of Investigation of Organized Crime and Terrorism.
Trial attorney Mona Sedky in the Criminal Division's Computer Crime and Intellectual Property Section in Washington, D.C., and assistant U.S. Attorney Arnold H. Huftalen in Concord are prosecuting the cases.
Cezar Butu, 27, of Ploiesti, Romania, was sentenced by Judge Steven J. McAuliffe in U.S. District Court for the District of New Hampshire. He pleaded guilty on Sept. 17 to one count of conspiracy to commit access device fraud.
Butu admitted that from 2009 to 2011 he took part in a Romanian-based conspiracy to hack into hundreds of U.S.-based computers to steal credit, debit and payment account numbers and payment card data that belongs to American cardholders.
According to court documents, Butu and his co-conspirators hacked into more than 150 Subway restaurant computers across the U.S., including one in Plaistow, as well as more than 50 other retail merchants. The conspirators compromised credit cards of more than 80,000 customers and racked up millions of dollars in unauthorized purchases.
The conspirators stole payment card information to make unauthorized charges on, and/or transfers of funds from cardholders' accounts (or alternatively to transfer the stolen payment card data to other co-conspirators who would do the same). Court records indicate the conspiracy began as early as April 2008 and continued to at least March 1, 2011.
The group remotely scanned the Internet to identify vulnerable point of service systems with remote desktop software applications (RDAs) installed on them. The conspirators then remotely logged onto the targeted systems either by guessing the passwords or using password-cracking software programs.
Prosecutors said in court documents the conspirators then remotely and surreptitiously installed software programs called "keystroke loggers" or "sniffers" onto the POS systems, which would record and store data keyed into or swiped through the merchants' POS systems, including customers' credit card data.
Members often installed a "back door Trojan" into the POS systems so they could later install or re-install additional software programs - "hacker tools" - designed to evade detection.
Once they had the credit and debit card information, prosecutors said the group uploaded the information to several computer servers they set up to store the data known as "dump sites." Some of those sites were labeled "ftp.tushtime.info," "ftp.cindarella.info," and "ftp.just(expletive deleted)it.info."
The group also allegedly created phony plastic credit cards using hardware and software devices, including magnetic strip readers/writers, to encode blank plastic cards with the stolen credit card information. Those fake credit cards were mainly used for purchases in Europe.
Butu admitted he repeatedly asked an alleged co-conspirator to provide him with stolen payment card data, and the alleged co-conspirator provided him with instructions for how to access a website where a portion of the stolen payment card data was stored. Butu later attempted to use a stolen payment card data to make unauthorized charges on, or transfers of funds from, the accounts.
According to Butu's plea agreement, he also attempted to sell, or otherwise transfer, the stolen payment card data to other co-conspirators for them to use in a similar manner. Butu admitted to acquiring stolen payment card data belonging to about 140 cardholders during the course of the scheme.
Co-conspirator Iulian Dolan pleaded guilty to one count of conspiracy to commit computer fraud and two counts of conspiracy to commit access device fraud. His plea agreement calls for him to serve seven years in prison. His sentencing is set for April 4.
A third man, Adrian-Tiberiu Oprea, is scheduled for trial on Feb. 20.
The case was investigated by the U.S. Secret Service, with assistance from New Hampshire State Police and the Romanian Directorate of Investigation of Organized Crime and Terrorism.
Trial attorney Mona Sedky in the Criminal Division's Computer Crime and Intellectual Property Section in Washington, D.C., and assistant U.S. Attorney Arnold H. Huftalen in Concord are prosecuting the cases.
- Portsmouth driver distracted by Facebook hits utility pole - 8
- Robber escapes with drugs from Keene CVS - 0
- Portsmouth police DWI roadblock stops 179 motorists yielding 4 arrests - 0
- Nashua man arrested on charges of sexually assaulting underage girl - 3
- Mass. men arrested on drugs, weapons charges - 0
- Mass. residents charged after Hollis man beaten and stabbed - 11
- Judge gives Salem engineer with underwater mortgage year in jail for growing pot - 1
- Teen party takes Derry rep by surprise - 27
- Not-guilty plea expected in death at Danville chief's home - 24
43 killers on lifetime parole - but where?
READER COMMENTS: 3- Man shot to death on Manchester street late Saturday - 2
- UNH hires firm to redesign one of its logos - 10
- Disengaged: Obama's lousy excuse - 11
- Underestimating NH: Gun control picks two wrong targets - 19
- Roaming jihadis: A terrorist visits Manchester - 3
- Ted Siefer's City Hall: School board on the defensive over Cupcake-gate - 1
- Garry Rayno's State House Dome: All eyes on House as casino vote nears - 2
- Official says NH abortion sites need state scrutiny - 13
- Chechen decries Boston attack - 2
NY man stable after destroying classic Porsche 911 in Route 16 wreck
READER COMMENTS: 1| Follow us: | ||
 |
 |
 |
- Should applicants for jobless benefits have to pass a drug test?
- Yes
- 78%
- No
- 22%
- Total Votes: 1424