A
hacking trio based in Romania has pleaded guilty to charges brought by U.S.
authorities after being caught siphoning cash from unwary Americans. The three
now await sentencing.

Between
2011 and 2014, three Romanian hackers working from their home country duped numerous
US citizens into handing over their personal information. The hackers then used
it to siphon money from the victims’ bank accounts through “vishing” and
“smishing” attacks.

According
to a news release by the U.S. Department of Justice, Robert Codrut Dumitrescu,
41, Teodor Laurentiu Costea, 42, and Cosmin Draghici, 29, were all from Ploiesti,
a city in south-eastern Romania. All three committed multiple federal computer
and fraud-related crimes in connection with this scheme, the DOJ report
reveals.

The
hackers illegally gained access to computer servers in the United States and deployed
custom-made phishing messages designed to steal the victims’ Social Security
numbers and bank account information.

The
DOJ said in a press release that the defendants hacked
servers in the US and installed interactive voice response and bulk emailing
software that initiated thousands of telephone calls and text messages to
victims to trick them into disclosing personally identifiable information (PII)
such as financial account numbers, PINs and Social Security numbers.  

“When
a victim received a telephone call, the recipient would be greeted by a
recorded message falsely claiming to be a bank. The interactive voice response
software would then prompt the victim to enter their PII,” the press release
says.

“When
a victim received a text message, the message purported to be from a bank and
directed the recipient to call a telephone number hosted by a compromised Voice
Over Internet Protocol server. When the victim called the telephone number,
they were prompted by the interactive voice response software to enter their
PII.

The
DOJ said the “stolen PII was stored on the compromised computer servers and
accessed by Dumitrescu and Costea, who then sold or used the fraudulently
obtained information with the assistance of Draghici.”

When
authorities arrested them, Dumitrescu possessed 3,278 financial account
numbers, Draghici had 3,465, and Costea held nearly 36,050, all obtained
through the scam. The FBI, which conducted the investigation that led to their
arrest, estimated the victims lost a combined $21 million.

In
2017, a grand jury charged Dumitrescu, Costea and Draghici with multiple
federal computer and fraud-related crimes in connection with the scheme. The
three have now pleaded guilty to federal charges of wire fraud conspiracy,
computer fraud and abuse, and aggravated identity theft. Sentencing is
scheduled in June for Costea and Draghici, and in July for Dumitrescu.