14 DAY TRIAL // A Romania hacker received a three-year prison sentence last week after he previously pleaded guilty to hacking several US companies and stealing data from their networks.
The hacker's name is Mircea-Ilie Ispasoiu, 31, of Drobeta-Turnu Severin, Romania, and he was arrested on November 13, 2014, in Romania. At the time of his arrest, Ispasoiu worked as a computer systems administrator at a large financial institution in Romania.
On January 26, 2015, the Bucharest Court of Appeal granted his extradition to the US. Ispasoiu arrived in New Jersey on March 20, 2015, and three days later appeared in the Newark federal court, where he was arraigned. He pleaded guilty a year later, on March 2, 2016.
Ispasoiu deployed RATs to steal data from victims
Ispasiou hacked several companies from August 2011 through February 2014. He acknowledged using malware (a remote access trojan - RAT) to infect the computer systems of several US companies.
Among his victims, the Department of Justice named a restaurant in Montclair, New Jersey; a car dealership in North Brundswick, New Jersey; a medical office in Phoenix, Arizona; and a large security firm operating across the US.
US officials say he used the RAT to collect login credentials for sensitive systems. Ispasoiu then used these logins to access the victims' networks and steal information such as personally identifiable information (PII) and payment card data.
Ispasoiu's most famous hack is that in which he breached a security company that ran background checks for job applicants across the US. From their systems, the hacker stole the applicants’ personal identifying information, such as names, addresses, social security numbers and fingerprints.
Hacker gets 3 years from a maximum sentence of 42
Before he pleaded guilty, Ispasoiu was charged with two counts of wire fraud, two counts of unauthorized computer access to obtain information, two counts of unauthorized computer access that caused damage, and four counts of aggravated identity theft. In total, he faced up to 42 years in prison and several fines.
The last four charges come from the fact that he used stolen payment card data to make fraudulent purchases. Officials said Ispasoiu stole more than $10,000 from one of the victims.
Besides the three-year prison sentence, the US court ordered the hacker to pay restitution of $907,204.88.
UPDATE: A previous version of this article said that Ispasoiu received a ten-year prison sentence. That was incorrect.