A Romanian citizen made his initial court appearance today following his extradition to face charges that he orchestrated an international hacking scheme targeting retailers, security companies, medical offices and individuals in the United States, U.S. Attorney Paul J. Fishman announced.
Mircea-Ilie Ispasoiu, 29, of Drobeta-Turnu Severin, Romania, is charged by federal indictment with two counts of wire fraud, two counts of unauthorized computer access to obtain information, two counts of unauthorized computer access that caused damage and three counts of aggravated identity theft. Ispasoiu was arrested Nov. 13, 2014, following an investigation led by the U.S. Secret Service and coordinated with Romanian law enforcement. The Court of Appeal of Bucharest granted extradition on Jan. 26, 2015, and Ispasoiu arrived in the United States on March 20, 2015. He appeared this afternoon before U.S. Magistrate Judge Michael A. Hammer in Newark federal court.
According to documents filed in this case and statements made in court:
From August 2011 through February 2014, Ispasoiu was employed as computer systems administrator at a large financial institution in Romania. Ispasoiu’s scheme allegedly involved hacking networks belonging to retailers, security companies, medical offices and individuals in order to steal user names and passwords, personal identifiers and credit and debit card data. For just one of the victims identified in the indictment, Ispasoiu was able to steal more than 10,000 credit and debit card numbers. Ispasoiu also gained access to a computer at a large security company that ran background checks on job applicants. Ispasoiu stole the applicants’ personal identifying information, including their fingerprints.
The maximum potential penalties for each count are as follows:
Count | Violation | Maximum Penalty |
1 and 2 | Wire fraud | 30 years; $1 million fine or twice the gain or loss from the offense |
3 and 4 | Unauthorized computer access to obtain information | Five years; $250,000 fine or twice the gain or loss from the offense |
5 and 6 | Unauthorized computer access that caused damage | Five years; $250,000 fine or twice the gain or loss from the offense |
7-11 | Aggravated identity theft | Mandatory two years (consecutive to any other imposed sentence); $250,000 fine or twice the gain or loss from the offense |
U.S. Attorney Fishman credited the special agents of the U.S. Secret Service, Newark Field Office, under the direction of Acting Special Agent in Charge Carl Agnelli, with the investigation leading to the charges. U.S. Attorney Fishman also thanked the Justice Department’s Office of International Affairs in Washington, as well as the Prosecutor’s Office attached to the High Court of Cassation and Justice in Romania and its law enforcement partners, for their support.
The government is represented by Assistant U.S. Attorney Daniel Shapiro of the Computer Hacking and Intellectual Property Section of the Office’s Economic Crimes Unit.
The charges and allegations contained in the indictment are merely accusations, and the defendant is considered innocent unless and until proven guilty.
15-097
Defense counsel: Kevin Carlucci Esq., Assistant Federal Public Defender, Newark
Ispasoiu, Mircea-Ilie Indictment
SOURCE: U.S. Attorney’s Office, District of New Jersey
According to the indictment, which does not name the victim entities:
“Victim 1” was a restaurant in or around Montclair, New Jersey,
“Victim 2” was a car dealership in or around North Brunswick, New Jersey,
“Victim 3” was a large security firm operating throughout the United States, and
“Victim 4” was a medical office in or around Phoenix, Arizona.
So… anyone want to name the four victim entities?