A 23-year-old man suspected of having hacked into Department of Defense systems during 2006 has been arrested in Iaşi, Romania, by the local police and the Direction for Investigating Organized Crime and Terrorism (D.I.I.C.O.T.). If found guilty, the hacker risks a maximum sentence of 12 years behind bars.
The organized crime police descended in force on the apartment of Eduard Lucian Mandru, on 18 March, at 7 AM in the morning. Realizing that he had been tracked down, the hacker attempted to destroy the data on his hard drive, but the process was stopped in time by the authorities.
In his daily life, Eduard Lucian Mandru is studying for a masters degree in Banks and Financial Markets at the local Faculty of Economy and Business Management. However, the student is also very passionate about computers and the Linux operating system.
According to the U.S. investigators, Mr. Mandru is the hacker calling himself Wolfenstein, who broke into a secure computer network belonging to the Department of Defense in 2006 and infected several systems with an information-stealing trojan.
The authorities had a very hard time locating him, as the hacker was accessing the network through compromised servers in Japan. In addition, he was covering his tracks by deleting all access logs. One solid lead that the investigators had was a yahoo e-mail address associated with the perpetrator, which eventually led to his identification.
After more than two years since the attacks, being unemployed, Eduard Lucian Mandru decided to post his CV on several local job-seeking websites. He chose to use his old e-mail address, firstname.lastname@example.org, probably in order to avoid his new ones being spammed, without thinking that it might still be monitored after all this time.
According to a Police spokesperson, the damages he caused are currently estimated at over $35,000, but this amount might increase after the investigation is finalized. A judge has signed the temporary arrest proposal for 29 days under charges of unauthorized access to and unauthorized transfer of data from a computer system. The hacker risks a sentence between 3 and 12 years in prison.
Mr. Mandru's attorney, Ms. Claudia Ciofu, has appealed the decision of placing him under temporary arrest. "I do not think there is sufficient evidence. An e-mail address can be broken into or accessed by a lot of people, including friends. This young man is incredibly intelligent and I do not think he deserves to spend time under arrest," she comments for a local newspaper.
We have recently reported that around 20 members of a Romanian gang of hackers and credit-card fraudsters have been arrested by the organized crime police in the cities of Caransebeş, Lugoj, Timişoara, Hunedoara and Piteşti.
It will be interesting to see whether the U.S. will ask for extradition in this case and if such a request will be honored. Victor Faur, aka SirVic, another Romanian hacker who broke into U.S. Navy, NASA and Department of Energy computer systems, has only received a suspended prison sentence of 16 months. He avoided extradition, because the agreement between US and Romania did not include such offenses at the time. A new agreement has, since, been signed and ratified.
Gabriel Bogdan Ionescu, a Romanian hacker, who is apparently also an informatics and mathematics whiz, is serving a prison sentence in Italy for online fraud. At the same time, he is studying at the Polytechnic University of Milano where he has amazed his professors with his intellect. As a result, the Italian Police is considering hiring him to help it fight and investigate cyber-crime.