BreachExchange mailing list archives
Two men admit to $10 million hacking spree on Subway sandwich shops
From: security curmudgeon <jericho () attrition org>
Date: Tue, 18 Sep 2012 00:15:49 -0500 (CDT)
---------- Forwarded message ---------- From: InfoSec News <alerts () infosecnews org> http://arstechnica.com/security/2012/09/romanians-cop-to-10-million-hacking-spree/ By Dan Goodin Ars Technica Sept 17, 2012 Two Romanian men have admitted to participating in an international conspiracy that hacked into credit-card payment terminals at more than 150 Subway restaurant franchises and stole data for more than 146,000 accounts. The heist, which spanned the years 2009 to 2011, racked up more than $10 million in losses, federal prosecutors said. Iulian Dolan, 28, of Craiova, Romania, pleaded guilty to one count of conspiracy to commit computer fraud and two counts of conspiracy to commit credit card fraud, documents filed on Monday in US District Court in New Hampshire showed. Dolan admitted he helped alleged ring leader Adrian-Tiberiu Opera scan the Internet for point-of-sale systems. "These were typically password-protected, so Dolan would attempt to crack the passwords, where necessary," Monday's plea agreement, which was signed by the defendant, stated. "Next, once he cracked the password and gained administrative access, Dolan remotely installed software programs called 'keystroke loggers' (or 'sniffers') onto the POS systems. These programs would record, and then store, all of the data that was keyed into or swiped through the merchants' POS systems, including customers' payment card data." [...] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- Two men admit to $10 million hacking spree on Subway sandwich shops security curmudgeon (Sep 18)