Two men admit to $10 million hacking spree on Subway sandwich shops

[InfoSec News <alerts () infosecnews org>]

http://arstechnica.com/security/2012/09/romanians-cop-to-10-million-hacking-spree/

By Dan Goodin
Ars Technica
Sept 17, 2012

Two Romanian men have admitted to participating in an international 
conspiracy that hacked into credit-card payment terminals at more than 
150 Subway restaurant franchises and stole data for more than 146,000 
accounts. The heist, which spanned the years 2009 to 2011, racked up 
more than $10 million in losses, federal prosecutors said.

Iulian Dolan, 28, of Craiova, Romania, pleaded guilty to one count of 
conspiracy to commit computer fraud and two counts of conspiracy to 
commit credit card fraud, documents filed on Monday in US District Court 
in New Hampshire showed. Dolan admitted he helped alleged ring leader 
Adrian-Tiberiu Opera scan the Internet for point-of-sale systems. "These 
were typically password-protected, so Dolan would attempt to crack the 
passwords, where necessary," Monday's plea agreement, which was signed 
by the defendant, stated. "Next, once he cracked the password and gained 
administrative access, Dolan remotely installed software programs called 
'keystroke loggers' (or 'sniffers') onto the POS systems. These programs 
would record, and then store, all of the data that was keyed into or 
swiped through the merchants' POS systems, including customers' payment 
card data."

[...]


--
#HITB2012KUL - The 10TH ANNUAL HITB Security Conference in Malaysia
with no keynotes, no labs - just three tracks filled with our most
popular speakers from the last decade: http://conference.hitb.org/