FOR IMMEDIATE RELEASE
From the United States Attorney’s Office – District of New Jersey
March 23, 2015
NEWARK, N.J. – A Romanian citizen made his initial court appearance today following his extradition to face charges that he orchestrated an international hacking scheme targeting retailers, security companies, medical offices and individuals in the United States, U.S. Attorney Paul J. Fishman announced.
Mircea-Ilie Ispasoiu, 29, of Drobeta-Turnu Severin, Romania, is charged by federal indictment with two counts of wire fraud, two counts of unauthorized computer access to obtain information, two counts of unauthorized computer access that caused damage and three counts of aggravated identity theft. Ispasoiu was arrested Nov. 13, 2014, following an investigation led by the U.S. Secret Service and coordinated with Romanian law enforcement. The Court of Appeal of Bucharest granted extradition on Jan. 26, 2015, and Ispasoiu arrived in the United States on March 20, 2015. He appeared this afternoon before U.S. Magistrate Judge Michael A. Hammer in Newark federal court.
According to documents filed in this case and statements made in court:
From August 2011 through February 2014, Ispasoiu was employed as computer systems administrator at a large financial institution in Romania. Ispasoiu’s scheme allegedly involved hacking networks belonging to retailers, security companies, medical offices and individuals in order to steal user names and passwords, personal identifiers and credit and debit card data. For just one of the victims identified in the indictment, Ispasoiu was able to steal more than 10,000 credit and debit card numbers. Ispasoiu also gained access to a computer at a large security company that ran background checks on job applicants. Ispasoiu stole the applicants’ personal identifying information, including their fingerprints.
The maximum potential penalties for each count are as follows:
|1 and 2||Wire fraud||30 years; $1 million fine or twice the gain or loss from the offense|
|3 and 4||Unauthorized computer access to obtain information||Five years; $250,000 fine or twice the gain or loss from the offense|
|5 and 6||Unauthorized computer access that caused damage||Five years; $250,000 fine or twice the gain or loss from the offense|
|7-11||Aggravated identity theft||Mandatory two years (consecutive to any other imposed sentence); $250,000 fine or twice the gain or loss from the offense|
U.S. Attorney Fishman credited the special agents of the U.S. Secret Service, Newark Field Office, under the direction of Acting Special Agent in Charge Carl Agnelli, with the investigation leading to the charges. U.S. Attorney Fishman also thanked the Justice Department’s Office of International Affairs in Washington, as well as the Prosecutor’s Office attached to the High Court of Cassation and Justice in Romania and its law enforcement partners, for their support.
The government is represented by Assistant U.S. Attorney Daniel Shapiro of the Computer Hacking and Intellectual Property Section of the Office’s Economic Crimes Unit.
The charges and allegations contained in the indictment are merely accusations, and the defendant is considered innocent unless and until proven guilty.
Defense counsel: Kevin Carlucci Esq., Assistant Federal Public Defender, Newark
A series of incidents has been attributed by a South Korean government special investigation team to North Korean hackers “aimed at causing social unrest and agitating the people.” Prosecutor Choi Yun-soo has indicated training and educaiton material “far from critical” were compromised from email and online communities – rather than actual systems such as the indigenous advanced power reactors.
A physics professor at University of Maine was the victim of theft on February 10th. His laptop was stolen from his checked baggage for a flight from Seattle to Boston. Unfortunately, while the laptop was “password protected”, the sensitive data was actually on a removable media card which was not encrypted.
UMaine’s spokesperson Margaret Nagle has emphasized that university employees are individually responsible for ensuring proper handling and storage of sensitive data whom receive annually required training sessions. Though, the university does not have explicit data-security policies which require encryption nor purging of sensitive data after it is no longer needed.
Only three years ago, UMaine suffered the loss of 1,175 student social security numbers when the local campus computer store was breached by hackers in 2012.
UMaine plans to notify the affected students and offer them a year of identity theft monitoring protection.