Adrian-Tiberiu Oprea, 29, of Constanta, Romania, pleaded guilty on Tuesday to the charges against him, stemming from his participation in a 2011 scheme to steal payment card data from point of sale (POS) systems.
Earlier this year, the Department of Justice sentenced another of Opera’s co-conspirators, Cezar Butu, of Ploiesti, Romania, to 21 months for his role in the same scheme. At the time, Opera was scheduled for trial in February. That trial was ultimately delayed, but he later pled guilty to one count of conspiracy to commit computer fraud, one count of conspiracy to commit wire fraud and two counts of conspiracy to commit access device fraud.
According to the indictment he pled guilty to, between 2009 and 2011, Opera conspired with Iulian Dolan and Butu to hack into hundreds of U.S.-based computers to steal credit, debit, and payment account numbers and associated data.
For his part in the scheme, Oprea used the Internet to identify vulnerable POS systems based in the U.S., and leveraged a number of attack vectors to install keylogging software. The POS systems were maintained by the Subway chain, throughout the country.
Once the keyloggers got to work, the compromised data was then transferred to various dump sites that he had setup. Later, he would use the stolen data to make purchases and transfer funds from the hijacked accounts. The DOJ says that the scheme eventually victimized more than 100,000 cardholders.
Dolan and Butu have previously pleaded guilty for their roles. Dolan agreed to be sentenced to serve seven years in prison. On January 7, Butu was sentenced to serve 21 months in prison. Opera is scheduled to be sentenced on August 15.
