14 DAY TRIAL // A Minneapolis federal judge has sentenced Sergiu Daniel Popa, 23, from Shelby Township, Michigan, to eight and a half years in jail for running a phishing scheme, which lasted almost seven years and totaled $700,000 in losses.
Popa emigrated to U.S. from Romania and started his illegal online activities in June 2000, at the early age of 14. Following the next seven years, up to February 2007, he grew to be a dealer of stolen personal and financial information, who was fairly respected on the black market.
From his homes in New York and Michigan, the Romanian teenager orchestrated multiple phishing schemes, which targeted the customers of financial institutions such as Citibank, PayPal and SunTrust. By sending e-mails in the name of those organizations, Popa tricked his victims into inputting their banking and personal details into fake websites that he operated.
The phisher moved to Spain in 2007, where he was extradited back to the United States in June 2008. He subsequently pleaded guilty in October to one count of aggravated identity theft and the possession of unauthorized access devices. According to the plea agreement, his scams affected over 7,000 people, who suffered combined losses of around $700,000.
In addition to the scams, Popa is also said to have sold a phishing kit to other spammers, including documentation. A single file discovered on his Yahoo! account contained financial and personal information on 5,800 victims and the FBI reportedly found credit and identity card forging devices and materials at his house.
"Because there were so many victims who were hurt badly, the court believes the sentence is appropriate in order to protect the public," explained Judge John Tunheim for the local media. "There needs to be a deterrent to others who are trying similar crimes over the Internet," added.
"What's eyebrow-raising to me is just how young Popa was when he started his identity fraud escapade. […] In the old days (back in the late 1980s and 1990s), it wasn't unusual for virus writers to be in their teens but this is a much more serious offence than the attention-seeking kind of malware writing we saw in yesteryear," commented Graham Cluley, senior technology consultant at antivirus vendor Sophos. "I guess Popa will have plenty of time now to reflect upon the mistake he made following a life of crime, rather than finding some other avenue for his interest in computer technology," he concluded.