Marius Oprea, a Romanian man, has been sentenced to 75 months in US prison for orchestrating a sophisticated ATM skimming scheme. As part of an operation, described by prosecutors as “unusually professional,” the perpetrators installed skimming devices on ATMs to harvest data.

Oprea and his accomplices then used the stolen personal information to create counterfeit debit cards, which they used to make cash withdrawals from numerous victims, including low-income individuals on public assistance programs.

The skimming ring primarily targeted Bank of America accounts, which are associated with California anti-poverty programs.

Oprea, who prosecutors believe illegally entered the United States, pleaded guilty in June 2023 to one count of conspiracy to commit bank fraud. Alongside the prison sentence, Marius Oprea will have to pay $28,974 in restitution to the victims of his crimes.

ImmuniWeb can help prevent data breaches and meet regulatory requirements.
Request your free demo now and talk to our experts.

Russia charges members of an international carding gang

The General Prosecutor's Office of the Russian Federation has indicted six individuals involved in a cybercrime gang that stole data from foreign online shops. The accused are Denis Priymachenko, Alexander Aseev, Alexander Basov, Dmitry Kolpakov, Vladislav Patyuk, and Anton Tolmachev.

According to Russian prosecutors, since late 2017, the gang has compromised e-commerce platforms using malware to bypass implemented defenses and gain access to the shops’ databases. From there, they copied the details of bank cards and sent the stolen information to the remote servers.

Using this scheme, the hacker group obtained information on nearly 160,000 payment cards belonging to foreign citizens, which they sold on Dark Web marketplaces.

The suspects are accused of committing crimes under Part 2 of Article 187 of the Criminal Code of the Russian Federation (illegal circulation of payment funds) and Part 3 of Article 273 of the Criminal Code of the Russian Federation (creation, use, and dissemination of malicious computer programs).

Australian hacker Abdilo extradited to the US

David Kee Crees, known in the hacking community as Abdilo, has been extradited to the United States from Australia to face trial for his alleged cybercrimes. Crees, who also goes by the aliases “DR32,” “Notavirus,” “Surivaton,” and “Grey Hat Mafia’s Bitch,” gained notoriety back in 2015 when he claimed responsibility for orchestrating one of the largest cyberattacks in Australian history.

He claimed that he breached the systems of Aussie Travel Cover, an Australian travel insurance company. Abdilo regularly boasted about his hacking exploits. He took credit for hacking various high-profile targets, including a website operated by the Australian Nuclear Science and Technology Organisation (ANSTO), as well as several local government websites and Australian universities. Crees even embarked on a short-lived hacking spree, during which he live-streamed one of his attacks online.

According to reports, Abdilo was behind a booter stresser named “LizardStresser” operated by The Lizard Squad, an infamous band of hackers that launched crippling distributed denial-of-service (DDoS) attacks against Sony’s and Microsoft’s gaming networks.

In the United States, Crees is charged with 22 counts, including fraud and related activity in connection with computers, identification documents, and access devices, as well as money laundering, and identity theft. His trial is scheduled for August 2024.

Prosecutors seek a 64-month prison sentence for Tornado Cash developer

Netherland’s Public Prosecution Service (Openbaar Ministerie, OM) is asking that Tornado Cash developer Alexey Pertsev be sentenced to 64 months in prison.

Pertsev is accused of laundering 535,809 ethereum (ETH) worth a total of $1.2 billion through the Tornado Cash virtual currency mixer obtained via major cryptocurrency heists, including those attributed to the North Korean hacker outfit Lazarus Group, such as the $625 million hack of Ronin Bridge, a crypto protocol linked to the popular game Axie Infinity. The US authorities imposed sanctions on Tornado Cash in August 2022 for its involvement in money laundering for cybercriminals.

Speaking in court, the prosecutors said that Pertsev developed Tornado Cash as a “technological tool for ensuring privacy in financial transactions,” and, while there’s nothing wrong with mixing cryptocurrency, “mixing criminal cryptocurrency and concealing or disguising its origin and destination is illegal.” The OM said that Pertsev knew that large amounts of cryptocurrency that went through Tornado Cash were obtained illegally but did nothing to prevent this.

The developer was arrested in the Netherlands in August 2022. His sentencing is scheduled for May 14, 2024.

A former sysadmin pleads guilty to identity theft spanning over 30 years

Matthew David Keirans, a former hospital administrator from Wisconsin, the US, pleaded guilty to charges stemming from a 30-year identity theft scheme. Keirans, aged 58, admitted to living under a false identity and causing the false imprisonment of his victim.

According to court documents, Keirans assumed the identity of his victim, William Donald Woods, during the late 1980s and used it in every aspect of his life, purchasing forged documents, including an identification card, a Social Security number, insurance, and driver’s licenses.

In 2013, Keirans secured employment as a high-ranking administrator at an Iowa City hospital, using fake identification documents during the hiring process. Abusing his position, Keirans obtained loans totaling over $200,000 from credit unions in Northern Iowa between August 2016 and May 2022, all under the victim's name. After Woods learned about a huge loan taken in his name, he visited a national bank branch in Los Angeles, California, but was arrested on felony charges resulting from Keirans’s false reports to law enforcement. Furthermore, after a California judge deemed him mentally unfit to stand trial, Woods was sent to a mental hospital for a total of 147 days.

Keirans’s scheme was exposed in 2023 following a several month-long investigation. He is now facing a possible maximum sentence of 32 years’ imprisonment, with a minimum of 2 years in prison, a $1.25 million fine, and five years of supervised release.

United States of America Russian Federation Romania Netherlands Australia

What’s next:

Join our upcoming webinars
Follow ImmuniWeb on Twitter, LinkedIn and Telegram
Explore 20 use cases how ImmuniWeb can help
Browse open positions to join our great Team
See the benefits of our partner program
Request a demo, quote or special price
Subscribe to our newsletter

Cyber Law and Cybercrime Investigation Weekly Blog by Key Dutch

Key Dutch has been working in information technology and cybersecurity for over 20 years, starting his first job with Windows 95 and dial-up modems. As the Editor-in-Chief of our Cybercrime Prosecution Weekly blog series, he compiles the most interesting news about police operations against cybercrime, as well as about regulatory actions enforcing data protection and privacy law.

Recent Blog Posts:

German Authorities Dismantle the Nemezis Market Dark Web Marketplace

A Cybercrime Ring Responsible For Hijacking Over 100M Email, Instagram Accounts Dismantled

Bitcoin Fog Mixer Operator Faces Decades In Prison For Laundering $400M