Saturday, December 10, 2011

Gang in Romania hacked into Subway restaurant credit card machines and stole millions of dollars from diners


A Romanian gang apparently has stolen millions of dollars from U.S. Subway restaurant customers by hacking into credit card machines.
Over a three year period, Dolan, Cezar Iulian Butu, Adrian-Tiberiu Oprea, and Florin Radu robbed 80,000 customers.

They did this remotely from a base in Romania by searching the internet for vulnerable credit card readers with remote desktop software installed.

Here's how they did it: The hackers logged into store computers by either guessing the passwords or using a password-cracking program.

This allowed them to obtain the details of all the credit cards used by customers at around 200 mostly Subway outlets all over the U.S.
It took Subway a long time to get control  of the fraud  be the group installed back-door Trojan programmes.
This allowed them future access to install - or even re-install - malware even when the keystroke loggers were removed.

So, three Romanians have been arrested while a fourth is on the run.

These guys are charged with conspiracy to commit computer fraud, wire fraud and access device fraud.
Many of the attacked Subway restaurant franchises were in New Hampshire, where the indictment was filed by the state's federal court. 
Other locations affected by the hackers were New York and California, according to the indictment.

The indictment says that the group's route of entry were point-of-sale or 'checkout' computer systems that captured the customers' credit card and even gift card data.
Each of the defendants face a maximum sentencing of five years in prison for each count of conspiracy to commit computer related fraud if found guilty.
They also face 30 years for each count of conspiracy to commit wire fraud and five years for each count of conspiracy to commit access device fraud. 
Fines up to twice the amount taken, as well as restitution, may also be sentenced against them.