Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Former Subway Franchise Owner Pleads Guilty to PoS System Hacking

A California man pleaded guilty this week in federal court to charges related to hacking into point-of-sale systems in Subway restaurants around the country.

A California man pleaded guilty this week in federal court to charges related to hacking into point-of-sale systems in Subway restaurants around the country.

Shahin Abdollahi, aka Sean Holdt, 46, of Lake Elsinore, California, pleaded guilty before U.S. District Judge Richard G. Stearns in Massachusetts to one count of conspiracy to commit computer intrusion and wire fraud and one count of wire fraud. His co-conspirator, Jeffrey Wilkinson, 37, of Rialto, California, pleaded guilty on Feb. 27.

According to authorities, Abdollahi owned Subway franchises in southern California from 2005 to 2008. He later operated a company called ‘POS Doctor’ that sold and installed point-of-sale (PoS) systems for Subway franchises across the country.

Beginning in roughly 2011, Abdollahi and Wilkinson conspired to remotely hack into PoS systems at Subway restaurants. The two hit at least 13 Subway PoS systems that Abdollahi had sold through POS Doctor and fraudulently added at least $40,000 in value to Subway gift cards.  Abdollahi and Wilkinson then used the fraudulent gift cards to make purchases at Subway. Wilkinson also sold fraudulent gift cards to others using eBay and Craigslist.

“Point of sale systems that process debit and credit cards are still being attacked with an increasing variety of malware,” Curt Wilson, ASERT analyst at Arbor Networks, blogged recently. “Over the last several years PoS attack campaigns have evolved from opportunistic attacks involving crude theft of card data with no centralized Command & Control, through memory scraping PoS botnets with centralized C&C [command and control] and most recently to highly targeted attacks that require a substantial amount of lateral movement and custom malware created to blend in with the target organization.”

The Retail Industry Leaders Association (RILA), which is composed of businesses such as Walmart and Target, recently announced the formation of the Retail Cyber Intelligence Sharing Center (R-CIS) to better identify and respond to cyber attacks.

“Point-of-sale malware operators have varying degrees of sophistication, and they are indiscriminately targeting retail organizations both large and small,” said Tom Cross, director of security research at Lancope. “All they want are credit card numbers and they’ll take them anywhere they can find them. If one retailer discovers attacks against its networks, it can be very important to share information about those attacks with other retailers. This sort of information sharing will uncover other attack activity.”

Abdollahi is scheduled to be sentenced Aug. 6. Wilkinson is scheduled for sentencing May 28. 

Advertisement. Scroll to continue reading.
Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.