18 Mar 2013

Hackers Indicted for $40,000 Subway Franchise Fraud through POS Theft


Two hackers in the US were charged for stealing more than $40,000 from point-of-sale terminals loaded with malware and then sold on the Internet, according to cNet. Shahin Abdollahi and Jeffrey Thomas Wilkinson fraudulently placed the money onto Subway gift cards to make illegal purchases.

The California men installed LogMeIn, a remote desktop tool, on at least 13 POS terminals, according to the indictment unsealed in Boston. Both were charged with wire fraud and conspiracy to commit computer intrusion and wire fraud.

Abdollahi owned his own Subway franchise for three years. He then opened “POS Doctor,” a business that sold POS terminals to Subways across the country. The indictments were announced by the U.S. attorney who oversaw the criminal case of Aaron Swartz before the Reddit co-founder committed suicide in January.

This isn't the first time Subway POS terminals have been hacked. Last year, Romanian nationals Iulian Dolan and Cezar Butu pleaded guilty to conspiracy to commit computer and access device fraud in a similar POS scam. Hundreds of Subway restaurants in the US were targeted, and more than $10 million was drained in the cyber-attack. Dolan is to serve seven years in prison, while Butu is expected to stay 21 months behind bars.