Its members are accused of instrumenting phishing attacks and hacking NASA and U.S. university servers

Mar 13, 2009 12:10 GMT  ·  By

The Romanian Police, together with D.I.I.C.O.T. (the Direction for Investigating Organized Crime and Terrorism), has executed an ample operation that has targeted hackers in the western part of the country. Between 15 and 20 persons have been arrested in the cities of Caransebeş, Lugoj, Timişoara, Hunedoara and Piteşti under the suspicion of being members of a cybercriminal group.

The gang is accused of executing phishing attacks and siphoning money from compromised accounts. According to local media, they cloned the websites of several banks in Spain and Italy, which they subsequently used to lure people into disclosing their financial information.

The Italian Post Office seems to have been the group's main target. The fraudsters sent e-mails impersonating the institution, in which they claimed that customer data had been lost due to technical issues. A link included in the e-mail directed unsuspecting victims to a page masquerading as the Post Office's online payment system. Once on the page, users were asked to input their financial details, which were then being stored on a server under the control of the Romanian phishers.

The gang's M.O. involved "money mules" (people hired to pick up stolen funds) walking into post offices and letting them know via mobile phones that they were good to go. The Romanians then issued online money orders using the banking information of their victims. This allowed the mules to cash in the money and leave in a matter of minutes.

Speed was vital to the whole scheme, as the system also sent SMS notifications of the transaction to the mobile phone number provided by the real account holder. In addition, in order to avoid arising suspicion from the post office employees, the transactions only involved sums of under 1,000 euros. The compromised accounts were also being used to recharge mobile pre-paid SIM cards, heavily used for communication.

One of the arrested individuals, Flavius Brăgăilă, a 21-year-old man from Caransebeş, is suspected of being the head behind the whole operation. According to authorities, he had been coordinating the entire cybercriminal network, which was devised into independent cells operating from different Romanian and Italian cities. Ovidiu Andraş, son of the manager of the BCR (Romanian Commercial Bank) branch in Caransebeş, was also one of the individuals who were arrested.

It was also noted that one of the detained persons was accused of hacking into several servers belonging to N.A.S.A. and various U.S. universities and using them to launch attacks that targeted banks. Details about this are yet scarce, but it is possible that these servers have been used to host the fake cloned websites.

Cosmin Bolosin, the attorney for four of the people detained in Caransebeş, commented for Caras Online that "[…] Even though people are speaking about those NASA servers, for the time being we haven't been presented with anything official in this respect. […] As far as the penal procedure is concerned, I can confirm that it has been fully respected and that the search warrants were legal. I was even a bit surprised." Meanwhile, the D.I.I.C.O.T. prosecutors pointed out that the network had been under surveillance for the past year.