Romanian authorities dismantle cybercrime ring responsible for $25 million credit card fraud

Sixteen suspected members of a cybercrime gang that stole credit card data from foreign companies were arrested in Romania

Romanian law enforcement authorities have dismantled a criminal group that stole credit card data from foreign companies as part of an operation that resulted in fraudulent transactions totaling US$25 million.

Officers from the country's organized crime police together with prosecutors from the Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT) executed 36 search warrants on Tuesday at residential addresses in several Romanian cities and arrested 16 individuals suspected of being members of the credit card fraud ring.

According to DIICOT, the group's members gained unauthorized access to computer systems belonging to foreign companies that operate gas stations and grocery stores, and installed computer applications designed to intercept credit card transaction data.

The applications were configured to store the captured data locally for later retrieval, upload it automatically to external servers or send it to email addresses controlled by the gang's members, the agency said. The stolen credit card information was then sold or used to create counterfeit cards.

For example, between December 2011 and October 2012 members of the group sold 68,000 credit cards at $4 each through a specialized online shop, making a profit of $270,000, DIICOT revealed.

The group opened several IT services companies in Romania and used them for the specific purpose of building and maintaining a computer infrastructure that would support its criminal operation, a DIICOT spokeswoman said Tuesday.

The spokeswoman confirmed that the companies targeted by the fraud ring are not from Romania, but declined to name them or reveal in which countries they operate because the investigation is ongoing.

The criminal operation resulted in fraudulent transactions totaling over $25 million being performed with 500,000 credit cards, the agency said Tuesday.

Even though 16 suspects have been arrested so far, DIICOT said that it plans to bring 20 individuals in for questioning in connection with the fraud operation.

The fact that the gang's members were able to capture credit card transaction data, suggests that the affected companies did not use end-to-end encryption in order to protect the data while in transit from their payment terminals to their payment processors.

Join the CSO newsletter!

Error: Please check your email address.

Tags securitylegaldata breachcybercrimefraud

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Lucian Constantin

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place