Romanian sentenced for multimillion-dollar payment card hack scheme

[Erica Absetz <eabsetz () opensecurityfoundation org>]

http://www.net-security.org/secworld.php?id=14197

A Romanian national was sentenced today to serve 21 months in prison
for his role in an international, multimillion-dollar scheme to
remotely hack into and steal payment card data from hundreds of U.S.
merchants’ computers, announced the U.S. Department of Justice.

Cezar Butu, 27, of Ploiesti, Romania, was sentenced by Judge Steven J.
McAuliffe in U.S. District Court in New Hampshire.

On Sept. 17, 2012, Butu pleaded guilty to one count of conspiracy to
commit access device fraud.

In his guilty plea, Butu admitted that, from approximately 2009-2011,
he participated in a Romanian-based conspiracy to hack into hundreds
of U.S.-based computers to steal credit, debit and payment account
numbers and associated data (collectively “payment card data”) that
belonged to U.S. cardholders.

According to court documents, Butu and his co-conspirators used the
stolen payment card data to make unauthorized charges on, and/or
transfers of funds from, cardholders’ accounts (or alternatively to
transfer the stolen payment card data to other co-conspirators who
would do the same).

Butu admitted that he repeatedly asked an alleged co-conspirator to
provide him with stolen payment card data and that the alleged
co-conspirator provided him with instructions for how to access a
website where a portion of the stolen payment card data was stored.
Butu later attempted to use the stolen payment card data to make
unauthorized charges on, or transfers of funds from, the accounts.

According to Butu’s plea agreement, he also attempted to sell, or
otherwise transfer, the stolen payment card data to other
co-conspirators for them to use in a similar manner. He admitted to
acquiring stolen payment card data belonging to approximately 140
cardholders during the course of the scheme.

In his plea agreement, Butu agreed to be sentenced to 21 months in prison.

Butu’s co-conspirator Iulian Dolan pleaded guilty to one count of
conspiracy to commit computer fraud and two counts of conspiracy to
commit access device fraud, and has agreed to be sentenced to seven
years in prison. Dolan’s sentencing hearing is scheduled for April 4,
2013.

Alleged co-conspirator Adrian-Tiberiu Oprea is scheduled for trial on
Feb. 20, 2013, in U.S. District Court in New Hampshire.

The case was investigated by the USSS, with the assistance of the New
Hampshire State Police and the Romanian Directorate of Investigation
of Organized Crime and Terrorism.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.