Subway restaurant hacker sentenced to 21 months

Share this article:

A Romanian hacker, who pleaded guilty to compromising the credit card processing systems of Subway restaurants in 2011, has been sentenced to 21 months in prison.

On Monday, a U.S. District Court judge in New Hampshire sentenced 27-year-old Cezar Butu after he pleaded guilty on Sept. 17, 2011 to one count of conspiracy to commit access device fraud.

Butu was one of four Romanian hackers charged with remotely hijacking credit card processing systems of more than 150 Subway restaurants, as well as other retailers in the United States, which resulted in more than $10 million in losses, according to federal prosecutors.

A news release from the U.S. Department of Justice detailed the admission from Butu, saying that from 2009 to 2011, he participated in a Romanian-based conspiracy, which involved hacking into hundreds of U.S.-based point-of-sale (POS) systems to steal consumers' financial information. 

Prosecutors said Butu also attempted to sell, or otherwise transfer, the stolen payment card data to other co-conspirators. As well, he admitted to gathering payment card data belonging to approximately 140 cardholders over the course of his spree.

Butu and co-conspirators scanned the internet to identify vulnerable POS systems, then logged in to the targeted devices either by guessing the passwords or using password-cracking programs, according to prosecutors. They then installed keyloggers on the systems to record any data keyed into or swiped through the machines. The recorded data was electronically transferred back to the attackers' servers.

Other co-conspirators in the case include Iulian Dolan, who pleaded guilty to charges and consented to a seven-year prison sentence as part of a plea agreement. His is scheduled to be sentenced April 4. 

Adrian-Tiberiu Oprea, who has not pleaded guilty, is scheduled to be tried Feb. 20 in U.S. District Court in New Hampshire. The fourth man suspected of involvement, Florin Radu, remains at large.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.