Hackers charged in Subway sandwich card-swipe scheme
If you’re looking to lose weight at Subway, this is one sure way you won’t benefit from. According to a report obtained by Wired, Federal authorities arrested four Romanian nationals with connections to a multimillion-dollar cyber-heist. The sophisticated cybercrime injected keyloggers (or “sniffers”) and Trojans at point-of-sale (POS) checkout terminals at more than 150 Subway restaurants, and 50 other retailers connected to the internet.
The suspects in connection with the cyber attack tapped into the point-of-sale (POS) terminals in an attempt to steal more than 80,000 customer credit card details. Information gathered was stored on several sites hosted through GoDaddy.com and later be transferred via FTP sites, “dump sites” used to create fraudulent credit cards. The hackers, Cezar Iulian Butu, Iulian Dolan Florin Radu and Adrian-Tiberiu Oprea, were charged with conspiracy to commit computer fraud, wire fraud and access device fraud.
“(a) intentionally accessing a computer without authorization and exceeding authorization, and thereby obtaining information contained in a financial record of a financial institution and obtaining information of a card issuer and obtaining information from any protected computer (namely, credit card data), and the offense was committed for purposes of commercial advantage and private financial gain, and was committed in furtherance of any criminal and tortuous act in violation of the Constitution and laws of the United States or of any state; and the value of the information obtained exceeded $5,000, all in violation of 18 U.S.C. §§1030(a)(2)(A)&(C), 1030(c)(2)(B)(i)-(iii);
(b) knowingly, and with intent to defraud, accessing a protected computer without authorization, and exceeding authorized access, and by means of such conduct furthering the intended fraud and obtaining anything of value (namely, credit card data), in violation of 18 U.S.C. §1030(a)(4);
(c) knowingly causing the transmission of a program, information, code, and command, and as a result of such conduct, intentionally causing damage without authorization, to a protected computer, in violation of 18 U.S.C. §1030(a)(5)(A). “