top of page
Writer's pictureDavid Montague

Organized Fraud Attack Compromised Merchant POS Systems with Malware

Two men from Romania were extradited to the United States last May after being accused of running a fraud operation that installed malware on point-of-sale computers attacking hundreds of merchants, although mainly Subway restaurants, from 2009 to 2011. In late September the two men plead guilty to multiple charges and will each face time behind bars.


Iulian Dolan and Cezar Butu were two of four Romanians extradited to the U.S. after being charged with hacking into computer point-of-sale systems and installing malware to record payment card magnetic stripe data. The credit card information was then sold in “dumps” to other fraudsters on the black market. The fraud scheme affected hundreds of U.S. merchants, but it was noted in early reports from the Department of Justice that the group targeted multiple Subway restaurants. From 2009 to 2011 this organized attack led to the compromise of over 146,000 payment cards with an estimated $10 million in losses. The two were originally charged last December before being extradited from Romania to the U.S. in May and pleading guilty in September. Dolan faces up to seven years in jail with charges for conspiracy to commit computer fraud and two counts of conspiracy to commit access device fraud while Butu will serve up to 21 months for one count of conspiracy to commit access device fraud.


According to the Department of Justice, Dolan would hack into computers or point-of-sale machines running a known exploitable remote desktop software application (RDA). Using these RDAs he would then try to login to the POS system over the internet and would often have to crack passwords to gain access. But once in Dolan would remotely install keystroke logging malware which recorded all card data that was swiped or manually keyed in the point-of-sale system. He would then remotely hack back into the compromised POS systems periodically to download the compromised card information and then post it on a “dump” site. Butu admitted to using the cards compromised in the attack himself as well as selling the compromised cards to other fraudsters. In their pleas Dolan and Butu implicated Adrian-Tiberiu Oprea, the suspected ring-leader, who set up the data dump sites and installed malware on merchant POS systems himself. Oprea was also extradited to the U.S. and is currently awaiting trial in New Hampshire for his role in this organized fraud ring.


For more information:



Comments


bottom of page