Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Two Charged in Hacking Subway Restaurant Point-of-Sale Systems in Fraud Scheme

Federal authorities have charged two California men with remotely hacking into the computerized cash registers of various merchants to obtain fraudulent gift cards.

Federal authorities have charged two California men with remotely hacking into the computerized cash registers of various merchants to obtain fraudulent gift cards.

An indictment against Shahin Abdollahi, aka “Sean Holdt,” 46, of Lake Elsinore, Calif., and Jeffrey Thomas Wilkinson, 35, of Rialto, Calif., was unsealed March 15. It charged the men with one count each of conspiracy to commit computer intrusion, wire fraud and one count of wire fraud.

POS systems have increasingly come under attack of late. In December, researchers at Seculert noted that a piece of malware known as ‘Dexter’ has been used in hundreds of attacks in the last few months of 2012. In addition, two Romanian nationals pleaded guilty in September to participating in an international, multimillion dollar plot to hack into POS systems and steal payment card information.

According to the indictment in the recent case, Abdollahi owned Subway franchises in southern California between 2005 and 2008. He later created a California company called ‘POS Doctor’ that sold point-of-sale (POS) computer systems to Subway restaurant franchises around the country.  POS systems are a type of computerized checkout register that allows merchants to manage customer purchases made by credit, debit and gift cards, the U.S. Department of Justice noted in its announcement of the charges.

According to authorities, starting in roughly 2011, Abdollahi and Wilkinson worked together to remotely hack into POS systems in Subway franchises, accessing at least 13 of the POS systems Abdollahi sold through POS Doctor. Using the gift cards, the duo fraudulently added at least $40,000 in value to Subway gift cards and used them to make purchases at Subway. Wilkinson also allegedly sold fraudulent gift cards to others using eBay and Craigslist, according to the indictment.

 The case was investigated by the US Secret Service and is being prosecuted by Trial Attorney Mona Sedky of the Criminal Division’s Computer Crime and Intellectual Property Section and Assistant U.S. Attorney Adam J. Bookbinder of the District of Massachusetts.

Written By

Click to comment

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...