Romanian Phisher to Spend 50 Months in a U.S. Prison

A federal judge has sentenced Ovidiu-Ionut Nicola-Roman, a Romanian citizen arrested in 2007 on phishing charges, to 50 months in a federal prison, according to Wired. In July 2008, the phisher pleaded guilty to one count of conspiracy to commit fraud.

Ovidiu-Ionut Nicola-Roman, 23, originally from Craiova, Romania, was apprehended by authorities in June 2007 in Bulgaria, following an international arrest warrant issued on his name by the Interpol. He was wanted by the authorities for taking part in a cyber-fraud operation that involved cloning the websites of various U.S. banks and stealing financial information.

The Romanian was extradited to the United States in November that same year to face trial. He subsequently pleaded guilty in July 2008 and asked for leniency through a letter sent to the judge. After he serves the prison sentence, Mr. Nicola-Roman will be placed under supervision for another three years.

According to a May 2008, FBI press release, Ovidiu-Ionut Nicola-Roman was a member of a larger international cyber-crime gang that operated out of the United States, Canada, Pakistan, Portugal and Romania. Ciprian Dumitru Tudor, Mihai Cristian Dumitru, Petru Bogdan Belbita, all residents of Craiova, Romania, as well as Radu Mihai Dobrica, Cornel Ionut Tonita and Cristian Navodaru, all residents of Galati, Romania, are also wanted in connection with the same operation.

The cyber-crooks cloned the websites of various financial institutions, including Citibank, Capital One, JPMorgan Chase & Co., Comerica Bank, Wells Fargo & Co., eBay and PayPal. They then sent e-mails to many customers of those institutions, claiming various technical difficulties within their online systems.

In order to trick the users into providing their banking details on the fake websites they set up, the phishers also launched denial of service attacks against the legit ones. One important aspect of this scheme was that significant effort was put into making the e-mails and cloned pages look genuine. For example, the poor spelling that characterizes many phishing schemes was not present.

The siphoned bank details were employed to forge fake credit cards and extract money from ATMs or buy goods online. Ovidiu-Ionut Nicola-Roman says that he did it in order to help his ill mother. "During the time of my criminal conduct, my family was going through some troubles. I was living with my mother who is on long term disability and received a monthly benefit in the amount of $100-120. This money was not enough for her to support herself, given that she spent it all on medication she needed. We needed money to pay the bills and to buy food and other necessary goods," the Romanian wrote in his letter to the judge.

"The defendant, Ovidiu-Ionut Nicola-Roman, is the first foreign defendant ever convicted in the United States for phishing. The Court is therefore presented with a unique opportunity, to demonstrate that criminals overseas cannot conduct their phishing schemes with impunity, by imposing a Guidelines sentence on the defendant," the U.S. prosecutors mentioned in the indictment.

We recently reported that the Romanian organized crime police arrested between 15 and 20 persons in connection with another phishing and cyber-fraud operation that targeted banks in Italy and other European countries. A Romanian hacker was also recently apprehended for compromising a computer network belonging to the U.S. Department of Defense back in 2006.