I’d Like a Sandwich and 10 Million Dollars

Subway’s delicious submarine sandwiches are a favorite food to many people throughout this country. Some people could want to eat them for a lifetime, and perhaps that’s why a trio of Romanian hackers decided that they would go out and steal a grand total of $10,000,000 from the countrywide chain. A couple days ago, two of the men, Iulian Dolan and Cezar Butu, pleaded guilty to a U.S District Court in New Hampshire on the 17th of September. Tiberiu Oprea, the third member, is awaiting his trial and is currently in custody. They just couldn’t keep their secret Subway plot underground anymore. The majority of the money obtained was gathered on a two year span going from late 2009 to late 2011. Dolan has been sent to jail for a total of seven years whilst his partner, Butu, managed to get away with only 21 months.

This entire hack wouldn’t have been possible had it not been for our generation’s huge shift into wireless and Internet enabled devices. Even swipe machines are connected to the web these days, and that was just how these three Romanian men managed to get millions of dollars from the wallets of over 6,000 Subway fans. Dolan, the mastermind of the plan, remotely scanned the web, looking for vulnerable points of access in Subway’s money holding systems. Over 150 of these vulnerabilities were found, and Dolan was quick to place key-logging devices into all of these systems. A key-logger is really a simply thing, especially when hooked up to something like a card scanner. The card of the victim would get swiped and, before you could say “fraud,” all of your personal credit information would be in the hands of the notorious owner of the virus.

Dolan sent all of this information to the operation’s third wheel, Oprea, who would then store away the info and stolen cash in an electronic storage space called a “dump site.” Around 5,000 to 7,500 dollars on average were stolen from every single credit card that the keylogger sapped the info off of. Cezar Butu took some of the stolen data from Oprea and attempted to sell it to other virtual attackers that were looking for an easy fraud attempt. All of this communication was eventually the downfall of the Romanian group as their conversations were found and tracked. Without anything left to do and with plain evidence against them, the Romanians gave up and pleaded guilty. If they ever try to do a similar plan upon their release from prison, perhaps they won’t try to bite off more than they can chew.

Sources:

http://www.computerworld.com/s/article/9231373/Two_Romanians_plead_guilty_in_Subway_hack?taxonomyId=82

http://venturebeat.com/2012/09/18/romanian-hackers-subway-guilty/

Advertisements

8 thoughts on “I’d Like a Sandwich and 10 Million Dollars

  1. I’ve taken note of the recent changes Subway made with their credit card machines. I eat there regularly. Having been a recent victim of fraudulent activity on my credit card, I have been prompted to change the way I go about things entirely. This includes how I pay for things (cash!) where I withdraw my money from, what wireless networks I’m using, what I’m doing on those networks as far as protecting my information, etc.

    Scary to think a company such as this one with as much revenue they generate couldn’t keep their system up to date.

  2. This article was very interesting to me. I found it quite intriguing that the hackers used a key logger on a credit card scanner. I had no idea that a key logger could be used like that. I also find it rather funny that the only reason the hackers were caught was because of inner turmoil.

  3. The big red flag on my mind after reading this article was, “WHY?”. Why didn’t SubWay notice this going on. The amount of time that it took them to take action and fix this problem was also very disturbing. SubWay can’t be the only company with this risk, which makes me wonder where else this is going on, and if I’m currently at an elevated level of risk.

  4. This article struck home with me because of what my family dealt with — my family’s credit card had the same thing happen to it, but we didn’t know the source of where the credit card was “stolen”. It’s defiantly prevalent in today’s society, and it’s just a matter of time before we see more companies become aware that this is an ACTUAL issue in today’s world.

  5. Is it not subways fault for improperly securing their customers? These guys somehow managed to get away with taking $10 million dollars which way beyond satisfying their need. I wonder if they were a little more conservative, would they have gotten away with it. Does this mean that there are people who are less greedy who are getting away with actions like this?

  6. I am very surprised that this issue was not discovered earlier. You would think that with the amount of people that were having fraudulent transactions made with their credit cards someone would have realized that their money was disappearing. And shouldn’t the credit card companies have noticed this when it was happening to 6,000 people over 3 years? This makes me question how protected I really am from an attack like this happening.

  7. So if they were funneling all this money, what would the peoples bank statements list as the source of the charge? was it a separate charge occurring every time they used their card? Was it some sort of monthly charge? I know if I noticed something irregular or odd on my bank statement I would immediately call the bank. On the other hand, if it’s a small charge and is also described as something related to my purchase, I wouldn’t pay any attention to it most of the time.

  8. I’ll have to do more research on this event, since I’d like to know how one partner got a much harsher sentence compared to the other guy. It looked like they played both a major part in the crime.

Comments are closed.