Hacker Stole Data From US Companies and Gets 10 Years in Prison

A hacker from Romania received a ten-year prison sentence last week after he previously pleaded guilty to hacking several US companies and stealing data from their networks.

The hacker’s name is Mircea-Ilie Ispasoiu, 31, of Drobeta-Turnu Severin, Romania, and he was arrested on November 13, 2014, in Romania. At the time of his arrest, Ispasoiu worked as computer systems administrator at a large financial institution in Romania.

On January 26, 2015, the Bucharest Court of Appeal granted his extradition. Ispasoiu arrived in New Jersey on March 20, 2015, and three days later appeared in the Newark federal court, where he was arraigned. He pleaded guilty a year later, on March 2, 2016.

Ispasiou hacked several companies from August 2011 through February 2014. He acknowledged to using malware (a remote access trojan – RAT) to infect the computer systems of several companies.

Among his victims, the Department of Justice named a restaurant in Montclair, New Jersey; a car dealership in North Brundswick, New Jersey; a medical office in Phoenix, Arizona; and a large security firm operating across the US.

US officials say he used the RAT to collect login credentials for sensitive systems. Ispasoiu then used these logins to access the victims’ networks and steal information such as personally identifiable information (PII) and payment card data.

Ispasoiu’s most famous hack is when he breached a security company that ran background checks for job applicants across the US. From their systems, the hacker stole the applicants’ personal identifying information, such as names, addresses, social security numbers and fingerprints.

Before he pleaded guilty, Ispasoiu was charged with two counts of wire fraud, two counts of unauthorized computer access to obtain information, two counts of unauthorized computer access that caused damage, and four counts of aggravated identity theft. In total, he faced up to 42 years in prison and several fines.

The last four charges come from the fact that he used stolen payment card data to make fraudulent purchases. Officials said Ispasoiu stole more than $10,000 from one of the victims.

Besides the ten-year prison sentence, the US court ordered the hacker to pay restitution of $907,204.88.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients