Romanians Iulian Dolan and Cezar Iulian Butu have confessed in the U.S. District Court in New Hampshire to multiple counts related to credit card fraud via hacking.
Under the leadership of another Romanian, Adrian-Tiberiu Opera, the men trawled the Internet for vulnerable point-of-sale programs, which apparently included applications linked to credit card payments at 150 Subway restaurants. The scam lasted two years and vacuumed up more than $10 million in profits. Citing court documents, Ars Technica reports on how the hacks worked:
Dolan admitted he helped alleged ring leader Adrian-Tiberiu Opera scan the Internet for point-of-sale systems. “These were typically password-protected, so Dolan would attempt to crack the passwords, where necessary,” Monday’s plea agreement, which was signed by the defendant, stated. “Next, once he cracked the password and gained administrative access, Dolan remotely installed software programs called ‘keystroke loggers’ (or ‘sniffers’) onto the POS systems. These programs would record, and then store, all of the data that was keyed into or swiped through the merchants’ POS systems, including customers’ payment card data.”
The hackers didn’t confine their efforts to Subway. Mr. Dolan admitted he wormed his way into “several hundred” American payment systems, downloading financial information for 6,000 people. He has received a seven-year prison sentence for his trouble. His countryman Mr. Butu will spend nearly two years in prison.
Adrian-Tiberiu Opera is awaiting trial.
And from now on we are paying cash at Subways.