A Romanian man pleaded guilty Tuesday to a federal fraud charge for his role in setting up fake Web sites in order to steal credit and debit card details.
Ovidiu-Ionut Nicola-Roman, 22, could also face a US$250,000 fine, according to the US Department of Justice (DOJ). Nicola-Roman pleaded guilty to one count of conspiracy to commit fraud.
Nicola-Roman is one of 38 people of several nationalities charged in May with running a cybercrime ring centred around spam and phishing. In just one incident, the crew sent 1.3 million spam messages luring people to visit Web sites they had built to collect financial details.
Using instant messaging programs, the hackers sent those details to "cashiers" in the US. Those cashiers would make fraudulent bank cards, encoding the bank information onto the magnetic stripe of dummy cards.
The cards would then be used to withdraw money at cash machines with the highest withdrawal limits, DOJ said. The hackers, some of who were located in Romania and elsewhere, would be sent a cut of the proceeds.
Financial institutions affected included Citibank, Capital One, JP Morgan Chase and Wells Fargo. Also targeted was auction site eBay and its electronic payment branch, PayPal.
A full accounting of the losses hasn't been released, but DOJ said one institution reported a loss of $150,000.
Nicola-Roman was arrested in Bulgaria on an Interpol warrant in June 2007 and extradited to the U.S. last November. He's scheduled for sentencing in U.S. District Court for Connecticut on Oct. 10.
Romania has come under an intense focus by law enforcement due to computer crime. Last week, authorities there in cooperation with the U.S. Federal Bureau of Investigation arrested 19 people in a wide-ranging cybercrime and money-laundering operation.
An official with the Romanian National Police said the scheme netted the group at least €400,000 (US$635,000), but the losses are likely to reach millions of euros as investigators unravel their deeds.