Romanian National Extradited to U.S. for 2009‑2010 VoIP Vishing Bank Fraud Scheme Targeting Small Businesses
What Happened — Romanian citizen Gavril Sandu was extradited to the United States after a 17‑year investigation. He was indicted for conspiring to hack small‑business VoIP systems between May 2009 and October 2010, using spoofed voice calls to harvest debit‑card numbers and PINs, then laundering the proceeds through cash withdrawals and money‑mule activity. The case closes a long‑running cyber‑crime probe and underscores the persistence of legacy compromises.
Why It Matters for TPRM —
- Legacy attacks can surface years later, forcing vendors to reassess historical incidents in risk models.
- Abuse of third‑party communication platforms (VoIP) shows that supply‑chain services can become covert channels for credential theft.
- Demonstrates the importance of continuous monitoring and contractual security clauses for telephony and payment‑processing partners.
Who Is Affected — Financial services (banks), small‑business merchants, VoIP service providers, and any downstream partners that process payment card data.
Recommended Actions —
- Review contracts with VoIP and telephony vendors for security obligations, anti‑spoofing measures, and incident‑response clauses.
- Verify that suppliers enforce strong authentication, call‑origin verification, and regular SIP hardening.
- Incorporate historical breach data into third‑party risk scoring and require evidence of remediation for legacy incidents.
Technical Notes — Attack vector: vishing (voice phishing) via compromised VoIP systems; no specific CVE, exploitation relied on weakly secured SIP endpoints and default credentials. Stolen data included debit‑card numbers, PINs, and magnetic‑stripe details, which were used to forge cards and withdraw cash. Source: SecurityAffairs