The U.S. Department of Justice has extradited two Romanians to the U.S., where they face charges in connection with a massive phishing scam.
The two men, Petru Belbita, 25, and Cornel Tonita, 28, are accused of setting up fake phishing sites designed to steal user names and passwords from the Web customers of Citibank, Wells Fargo, eBay and other financial institutions.
Victims would receive e-mails or text messages that looked like they came from legitimate financial institutions, said Assistant U.S. Attorney Mark Aveis. "You'd of course freak out and be concerned that your account was under attack," he explained. "You'd click a link and that link would take you to what you thought was a legitimate [bank] site."
In fact it was a fake site. And once the phishers had this information, they'd send it to U.S.-based "cashiers," who would manufacture fake ATM cards with the information. They would then hand over those cards to "runners" who would go from ATM to ATM withdrawing money.
The Romanians preferred to work with runners located in the U.S. because they had more ATMs to choose from, Aveis said.
The phishers and the cashiers would meet in online "carder" Web sites to buy and sell stolen IDs, Aveis said.
A third alleged co-conspirator, Ovidiu-Ionut Nicola-Roman, also of Romania, became the first foreign national convicted in the U.S. of phishing. He was sentenced to more than four years in prison in March.
All of the charges stem from a May 2008 phishing sweep by U.S. authorities that led to charges against about 40 people, all with ties to international organized crime, according to the U.S. Department of Justice. More than half of those involved in the alleged conspiracy are still at large, most of them in Romania, the DoJ said.
Cyber security experts say that Romania has been a top source of phishing for the better part of the past decade. In 2006 the U.S. Federal Bureau of Investigation's Cyber Division dispatched six FBI agents to Bucharest to work with Romanian National Police. Last year the FBI conducted two phishing crackdowns, including the May 2008 action that led to Belbita's and Tonita's charges.
The two men now face more than 30 years in prison on the charges.
Belbita was arrested in Montreal on Jan. 24 and extradited to the U.S. on Friday. Tonita was arrested in Dubrovnik, Croatia, on July 18 and extradited on Sept. 4. Both men have pleaded not guilty to the charges.