-
Romanian national Gavril Sandu faces up to 30 years in US prison after extradition on conspiracy and bank fraud charges stemming from a vishing scheme that operated from 2009-2010.
-
The scheme involved hacking small business VoIP systems to run automated calling scripts, with caller IDs displaying legitimate company names to trick victims into revealing debit card numbers and PINs.
-
Sandu served as a money mule, he created counterfeit physical cards from stolen data, withdrew cash from ATMs, and kept a portion before sending the rest to the hackers.
Currently, 53 years old Romanian male, Gavril Sandu, sits in a federal detention center in Charlotte, North Carolina. The US authorities extradited from his home country, Romania on April 30th, this year to face charges of conspiracy and bank fraud stemming from a scheme that began in 2009.
The US Department of Justice released details of the case following Sandu’s arrival on American soil. Federal prosecutors allege that Sandu and his co-conspirators targeted small businesses across the country. The group continued their criminal activities until October 2010, netting substantial sums from unsuspecting victims.
Hackers Hijacked Business Phone Systems to Run Automated Calling Scams
The scheme involved breaking into Voice over Internet Protocol systems owned by legitimate small businesses. This technology allows users to place phone calls through broadband internet connection rather than through traditional analog telephone service providers.
Once the hackers have compromised the internet-based phone servers of legitimate businesses, they use a computer script to automatically make outgoing calls. Since the calls traveled through compromised VoIP accounts belonging to real companies, the caller ID displayed trustworthy business names to potential victims.
In the cybersecurity community, an attack of this type is called ‘vishing,’ which is short for voice phishing. Vishing is any attack that criminals use to obtain sensitive information by tricking people into giving that information over the phone. In this case, the automated callers are attempting to obtain the debit card number and personal identification number of the called party.
Victims, believing they spoke with legitimate company representatives, handed over their financial credentials. The group then converted this stolen data into cash through a network of money mules.
Sandu Served as a Money Mule, Creating Fake Cards and Withdrawing Cash
According to the indictment, which a grand jury first issued on November 14, 2017, Sandu played the role of a money mule within the criminal operation. His job involved taking the stolen card numbers and manufacturing counterfeit physical cards, complete with magnetic stripes.
Sandu then visited various automated teller machines to withdraw funds directly from victims’ bank accounts. He kept a portion of the stolen money for himself and forwarded the remaining amount to the hackers who originally stole the card data.
The conspiracy relied on this division of labor. Hackers focused on stealing financial information through vishing calls. Money mules like Sandu handled the riskier task of physical cash extraction, exposing themselves to ATM cameras and potential arrest.
Justice Finally Catches Up After Years of Evading Arrest
Sandu managed to avoid capture for many years following the indictment. Romanian authorities finally arrested him in January this year, they finally set in motion the extradition process that brought him to the United States this spring.
If the court finds Sandu guilty, he faces a maximum sentence of three decades in federal prison – but for now, he remains in custody awaiting trial. According to Reid Davis, Special Agent with the FBI, there is no set time frame for justice. Therefore, there is no longer a safe haven for cybercriminals.
Also, US Attorney Ferguson described the number of international scams as out of control and promised that, as a federal prosecutor, he would use the maximum resources available to prosecute those offenders who commit crimes within the United States as well as outside the country.
This situation illustrates the increasing problems associated with international cybercrime rates. The majority of cybercriminals tend to operate from countries that have very few extradition agreements with the United States, thus making it difficult to apprehend these offenders.
Romania, however, has proven to be a cooperative partner. A global police operation recently targeted a dark web murder-for-hire scam in Romania, seizing $600,000 in crypto and demonstrating that international law enforcement collaboration can yield results.
Sandu’s case is an example that law enforcement will eventually catch up with those who commit fraud; his extradition from Romania, a country that has an established and strong working relationship with law enforcement agencies in the US, is a formidable indication.
