Attacks/Breaches

5/7/2018
11:21 AM
50%
50%

US Extradites Romanian Hackers Charged with Vishing, Smishing

Suspects fraudulently obtained more than $18 million through fraud by voice and SMS.

A pair of Romanian men face charges in the US after netting $18 million in a vishing and smishing scheme targeting US citizens. Teodor Laurentiu Costea and Robert Codrut Dumitrescu have been extradited from Romania to the US and have been charged with wire fraud conspiracy, wire fraud, computer fraud and abuse, and aggravated identity theft.

The extradition comes after a federal grand jury returned a 31-count indictment against the pair. A third co-defendant in the case, Cosmin Draghici, remains in Romanian custody while awaiting extradition.

According to US Attorney Byung J. "BJay" Pak, the defendants targeted US citizens from their base in Romania, using US-based telephones to initiate phone calls to others for the purpose of fraud. The pair were engaged in vishing, which communicates a phishing message through a voice recording, and smishing, which phishes via text messages.

Costea and Dumitrescu would identify vulnerable computers in the U.S. and install interactive voice response software that would automatically interact with call recipients. They also used computers in the Atlanta area to install software that placed telephone calls and text messages to victims around the country.

The messages purported to be from a financial institution and directed victims to call a telephone number due to a problem with their respective financial account. When victims called the telephone number, they were prompted by the interactive voice response software to enter their bank account numbers, PINs, and full or partial Social Security numbers. Draghici then allegedly helped the pair turn the information into money.

For more, read here.

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Google to Delete 'Secure' Label from HTTPS Sites
Kelly Sheridan, Staff Editor, Dark Reading,  5/21/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-2598
PUBLISHED: 2018-05-23
Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304).
CVE-2018-1124
PUBLISHED: 2018-05-23
procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution ...
CVE-2018-1126
PUBLISHED: 2018-05-23
procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.
CVE-2018-11396
PUBLISHED: 2018-05-23
ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call.
CVE-2018-8176
PUBLISHED: 2018-05-23
A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly validate XML content, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office.