Romanian authorities have arrested a phisher suspected of stealing over $3 million from high value eBay customers after accessing the company's internal systems.
The Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT) arrested Liviu Mihail Concioiu on several charges related to cyberfraud.
According to the authorities, sometime during the first half of 2009, Concioiu launched two targeted attacks, also known as spear phishing, against a total of over 3,000 eBay employees.
The login credentials stolen as a result of these phishing campaigns, gave the attacker access restricted areas of the eBay website, which contained confidential documents, as well as a special application normally used by eBay workers to search through customer databases.
Using the newly gained unauthorized access, he stole the personal information and email addresses of 1,183 high value eBay users and targeted them in new spear phishing attacks.
DIICOT prosecutors, who were assisted in the investigation by US Secret Service officers stationed at the US Embassy in Bucharest, claim [Google translation] that Concioiu's operation resulted in loses of over $3 million to eBay and its customers.
Gary Warner, director of research in Computer Forensics at the University of Alabama at Birmingham (UAB), says that the highly targeted nature of these attacks is what made them so successful and allowed the Romanian phisher to fly under the radar.
"One of the problems with phishing campaigns is that when criminals broadly spread spam messages advertising their fake login pages, the anti-spam services and ISPs observe these spam messages and place the advertised pages on blacklists.
"Concioiu was able to avoid this typical phishing trap by selectively targeting his phishing emails at high value eBay customers whose email addresses he had confirmed by harvesting them from eBay's internal systems," he explains.
Concioiu was arrested on Wednesday along with two other individuals. He is also accused of participating in a different ATM fraud operation, which involved counterfeit credit cards created with data stolen from cards issued by Italian banks.