Romanian Phisher to Spend 50 Months in a U.S. Prison

A federal judge has sentenced Ovidiu-Ionut Nicola-Roman, a Romanian citizen arrested in 2007 on phishing charges, to 50 months in a federal prison, according to Wired. In July 2008, the phisher pleaded guilty to one count of conspiracy to commit fraud.

Ovidiu-Ionut Nicola-Roman, 23, originally from Craiova, Romania, was apprehended by authorities in June 2007 in Bulgaria, following an international arrest warrant issued on his name by the Interpol. He was wanted by the authorities for taking part in a cyber-fraud operation that involved cloning the websites of various U.S. banks and stealing financial information.

The Romanian was extradited to the United States in November that same year to face trial. He subsequently pleaded guilty in July 2008 and asked for leniency through a letter sent to the judge. After he serves the prison sentence, Mr. Nicola-Roman will be placed under supervision for another three years.

According to a May 2008, FBI press release, Ovidiu-Ionut Nicola-Roman was a member of a larger international cyber-crime gang that operated out of the United States, Canada, Pakistan, Portugal and Romania. Ciprian Dumitru Tudor, Mihai Cristian Dumitru, Petru Bogdan Belbita, all residents of Craiova, Romania, as well as Radu Mihai Dobrica, Cornel Ionut Tonita and Cristian Navodaru, all residents of Galati, Romania, are also wanted in connection with the same operation.

The cyber-crooks cloned the websites of various financial institutions, including Citibank, Capital One, JPMorgan Chase & Co., Comerica Bank, Wells Fargo & Co., eBay and PayPal. They then sent e-mails to many customers of those institutions, claiming various technical difficulties within their online systems.

In order to trick the users into providing their banking details on the fake websites they set up, the phishers also launched denial of service attacks against the legit ones. One important aspect of this scheme was that significant effort was put into making the e-mails and cloned pages look genuine. For example, the poor spelling that characterizes many phishing schemes was not present.

The siphoned bank details were employed to forge fake credit cards and extract money from ATMs or buy goods online. Ovidiu-Ionut Nicola-Roman says that he did it in order to help his ill mother. "During the time of my criminal conduct, my family was going through some troubles. I was living with my mother who is on long term disability and received a monthly benefit in the amount of $100-120. This money was not enough for her to support herself, given that she spent it all on medication she needed. We needed money to pay the bills and to buy food and other necessary goods," the Romanian wrote in his letter to the judge.

"The defendant, Ovidiu-Ionut Nicola-Roman, is the first foreign defendant ever convicted in the United States for phishing. The Court is therefore presented with a unique opportunity, to demonstrate that criminals overseas cannot conduct their phishing schemes with impunity, by imposing a Guidelines sentence on the defendant," the U.S. prosecutors mentioned in the indictment.

We recently reported that the Romanian organized crime police arrested between 15 and 20 persons in connection with another phishing and cyber-fraud operation that targeted banks in Italy and other European countries. A Romanian hacker was also recently apprehended for compromising a computer network belonging to the U.S. Department of Defense back in 2006.

Romanian phisher stuck casting behind bars for four years

Judge Janet Half of the US District Court for the District of Connecticut made history on March 31 when she sentenced Ovidiu-Ionut Nicola-Roman, a 23-year-old native of Romania to 50 months in prison followed by three years of supervised release. This is the first time a foreign national has been tried and convicted as a phisher in the United States, which may be why Judge Half chose the sentence that she did. The intended message is quite clear—if we catch you at this, you're going to pay for it.

We weren't able to confirm that Ovidiu-Ionut's guilty plea and sentencing came out of the international, trans-Atlantic phishing bust we covered almost a year ago—sections of the PACER database were offline as of this writing—but the dates roughly match up. That takedown was the result of a joint FBI/Romanian endeavor; the phishers were charged under the Racketeer Influenced and Corrupt Organizations Act (RICO). The group's normal business operations and the actual phishing process were handled by the Romanian side of the business while the Americans were responsible for encoding and verifying the stolen credit card/debit card data.

The Register reports that this same group was also responsible for an October 2006 attack against the Brattleboro Savings & Loan Association. In that attack, the phishers sent out an e-mail advising Brattleboro S&L members that the bank's website was unavailable while service upgrades were being performed. Users were ordered to confirm their e-mail addresses under penalty of account deletion. In a nifty twist, the phishers than launched an actual DDoS attack against the bank to make the "service upgrades" appeared legitimate.

Nicola-Roman was captured in Bulgaria on an Interpol warrant and extradited to the US sometime later. Romania's decision to cooperate with US law enforcement on cracking down on phishers as well as allowing one or more of their nationals to be tried here speaks to the spirit of international cooperation that's needed at all levels if we, the Internet-using public, ever want to see a reduction in the sheer amount of malicious and illegal sewage flowing across the system.