IT Jobs
Foreign phisher makes history with US conviction
Romanian sent down.
By Robert McMillan, IDG News Service
Published: 10:52 GMT, 31 March 09
A 23-year-old Romanian man has become the first foreigner to be convicted by a US court for phishing.
Ovidiu-Ionut Nicola-Roman, of Craiova, Romania, was sentenced to four years and two months in prison Monday for his role in an international phishing operation. Prosecutors had charged him with setting up fake banking sites and then sending out tens of thousands of fraudulent spam messages in hopes of tricking victims into giving up their account information.
The sentence was handed down by Judge Janet Hall of the United States District Court in Connecticut.
Nicola-Roman was arrested in Bulgaria and extradited to the US in November 2007. He pleaded guilty last July to a fraud charge and had been facing a possible five years in prison. Additional charges that he faced in California were dropped because they were not listed in his extradition request.
He was charged as part of a larger phishing bust that also named six other Romanians, none of whom have been arrested.
Security experts say countries such as Russia, Romania and the Ukraine have become hotbeds of cybercrime, in part because local governments are slow to prosecute fraudsters who take money from victims in other countries such as the US.
The FBI said Monday that Internet fraud complaints had spiked 33 percent year-over-year in 2008.
In Nicola-Roman's case, prosecutors said they found 2,600 credit and debit card numbers in email accounts linked to him, and that he had probably harvested more information. He set up a fake phishing site to snare customers of People's Bank in October 2005, but also had tools that would have allowed him to phish customers of Wells Fargo, Suntrust, Amazon.com, PayPal and eBay, according to court documents.
He doesn't appear to have written software himself, but assembled a large collection of online fraud tools, including a program called Web Data Extractor, which harvested e-mail addresses. He sent spam to victims using a program called Email Sender Express, which could send 30,000 spam messages per hour, and created counterfeit cards using a program called T2Gen, prosecutors said. Another program, called WebZIP Unlimited, could be used to counterfeit legitimate websites.
According to data supplied to prosecutors by People's Bank, 78 of the 88 People's Bank card numbers that investigators found in Nicola-Roman's possession had been used for fraud. Nicola-Roman was able to take an average of $960 (approx £722) per card number collected, prosecutors said.
Nicola-Roman, a clothing salesman by trade, committed the fraud in part to help pay for medication and support for his sick mother, according to his defence attorney.
Prosecutors managed to contact many of the victims of the scheme, who reported a sense of fear and outrage at having been phished. One woman said her credit score dropped from "800+ to 400" after the fraud. "My credit is damaged and it will never be the same," the woman, identified as Michele S., wrote in a victim's impact statement.
"Above all else is the helplessness, knowing that all my personal information is forever now in the public domain," wrote Thomas B. "[T]his is a huge invasion of privacy, and as such it has caused me a great deal of anxiety."
Add your commentComments
Jim Anderson | Published: 14:04 GMT, 01 April 2009
As far as I'm concerned, the sentence is woefully light. The amount of grief to the victims, and the money stolen, should have warranted a much stiffer sentence. It appears that judges do not look on cyber crime as the very serious, and sometimes life wrecking thing that it is. The money that it costs to get ones credit rating back should always be taken into account. Jim Anderson.
Steve | Published: 16:01 GMT, 31 March 2009
I've no sympathy for this little weasel, and I'm only sorry that his sentence is as short as it is -- especially given the normal rules re parole and such. I hope his time in the slammer is both instructive and unpleasant.