BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Two men admit to $10 million hacking spree on Subway sandwich shops

From: security curmudgeon <jericho () attrition org>
Date: Tue, 18 Sep 2012 00:15:49 -0500 (CDT)


---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://arstechnica.com/security/2012/09/romanians-cop-to-10-million-hacking-spree/

By Dan Goodin
Ars Technica
Sept 17, 2012

Two Romanian men have admitted to participating in an international 
conspiracy that hacked into credit-card payment terminals at more than 150 
Subway restaurant franchises and stole data for more than 146,000 
accounts. The heist, which spanned the years 2009 to 2011, racked up more 
than $10 million in losses, federal prosecutors said.

Iulian Dolan, 28, of Craiova, Romania, pleaded guilty to one count of 
conspiracy to commit computer fraud and two counts of conspiracy to commit 
credit card fraud, documents filed on Monday in US District Court in New 
Hampshire showed. Dolan admitted he helped alleged ring leader 
Adrian-Tiberiu Opera scan the Internet for point-of-sale systems. "These 
were typically password-protected, so Dolan would attempt to crack the 
passwords, where necessary," Monday's plea agreement, which was signed by 
the defendant, stated. "Next, once he cracked the password and gained 
administrative access, Dolan remotely installed software programs called 
'keystroke loggers' (or 'sniffers') onto the POS systems. These programs 
would record, and then store, all of the data that was keyed into or 
swiped through the merchants' POS systems, including customers' payment 
card data."

[...]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.
Previous By Date Next
Previous By Thread Next

Current thread: