Romanian phisher stuck casting behind bars for four years

Judge Janet Half of the US District Court for the District of Connecticut made history on March 31 when she sentenced Ovidiu-Ionut Nicola-Roman, a 23-year-old native of Romania to 50 months in prison followed by three years of supervised release. This is the first time a foreign national has been tried and convicted as a phisher in the United States, which may be why Judge Half chose the sentence that she did. The intended message is quite clear—if we catch you at this, you're going to pay for it.

We weren't able to confirm that Ovidiu-Ionut's guilty plea and sentencing came out of the international, trans-Atlantic phishing bust we covered almost a year ago—sections of the PACER database were offline as of this writing—but the dates roughly match up. That takedown was the result of a joint FBI/Romanian endeavor; the phishers were charged under the Racketeer Influenced and Corrupt Organizations Act (RICO). The group's normal business operations and the actual phishing process were handled by the Romanian side of the business while the Americans were responsible for encoding and verifying the stolen credit card/debit card data.

The Register reports that this same group was also responsible for an October 2006 attack against the Brattleboro Savings & Loan Association. In that attack, the phishers sent out an e-mail advising Brattleboro S&L members that the bank's website was unavailable while service upgrades were being performed. Users were ordered to confirm their e-mail addresses under penalty of account deletion. In a nifty twist, the phishers than launched an actual DDoS attack against the bank to make the "service upgrades" appeared legitimate.

Nicola-Roman was captured in Bulgaria on an Interpol warrant and extradited to the US sometime later. Romania's decision to cooperate with US law enforcement on cracking down on phishers as well as allowing one or more of their nationals to be tried here speaks to the spirit of international cooperation that's needed at all levels if we, the Internet-using public, ever want to see a reduction in the sheer amount of malicious and illegal sewage flowing across the system.