Romania: New Citadel Of Cybercrime

Editor's Note: In a story on Romanian cybercriminals, the Associated Press, citing information from the FBI, reported erroneously that extortionists compromised a computer that controlled life-support systems at the South Pole Research Center.

Drew Logan, the station's network administrator, denied that the affected server involved life-support systems. The FBI subsequently issued a statement concurring that "it does not appear that the life-support systems were compromised when the extortion e-mail was received."

"I've hacked into the server. Pay me off or I'll sell the station's data to another country and tell the world how vulnerable you are," the message warned.

Proving it was no hoax, the message included scientific data showing the extortionist had roamed freely around the server, which controlled the 50 researchers' life-support systems.

The FBI traced the e-mail to an Internet cafe in Bucharest and helped Romanian police arrest two locals — the latest evidence that computer-savvy Romanians are fast emerging as a bold menace in the shadowy world of cybercrime.

"It's one of the leading places for this kind of activity," said Gabrielle Burger, who runs the FBI's office in Bucharest and is working with Romanian authorities to arrest suspects "and avoid the Sept. 11 of cybercrime."

Law enforcement documents obtained by The Associated Press portray a loosely organized but increasingly aggressive network of young Romanians conspiring with accomplices in Europe and the United States to steal millions of dollars each year from consumers and companies.

Their specialties: defrauding consumers through bogus Internet purchases, extorting cash from companies after hacking into their systems, and designing and releasing computer-crippling worms and viruses.

Alarmed authorities say the South Pole case underscores the global impact of this new breed of cyber-outlaw.

"Frustrated with the employment possibilities offered in Romania, some of the world's most talented computer students are exploiting their talents online," the U.S.-based Internet Fraud Complaint Center, run by the FBI and the National White Collar Crime Center, says in a new report.

Computer crime flourished in Romania because the country lacked a cybercrime law until earlier this year, when it enacted what may be the world's harshest. The new law punishes convicts with up to 15 years in prison — more than twice the maximum for rape.

Varujan Pambuccian, a lawmaker and former programmer, helped draft the new law after Romania's government realized the nation, which is racing to join the European Union by 2007, was getting a bad online reputation.

"We want a good name for our country," he said. "I'm very angry that Romania is so well-known for ugly things — for street dogs, street children and hackers." Pambuccian said there was a noticeable decline in criminal activity in the first three months since the law took effect.

More than 60 Romanians have been arrested in recent joint operations involving the FBI, Secret Service, Scotland Yard, the U.S. Postal Inspection Service and numerous European police agencies.

They include the two suspects implicated in the South Pole extortion attempt last May. Both are awaiting trial. Another Romanian pair was arrested on suspicion of extorting cash from Integrity Media of Mobile, Ala., after information on 30,000 credit card accounts was stolen in March.

Police say several hackers have been convicted, though in lower-profile cases.

Although the Russians are better known for online extortion, Romanians have become major players in the scam, a specialty also favored by criminals from Bulgaria, Poland and Slovenia.

Information technology is a Romanian forte dating to the former regime, when the late dictator Nicolae Ceausescu saw computers as a way to advance communist ideology. Software piracy took firm hold during the Soviet era, when Romanians too poor to buy licensed software simply copied it.

Today, Romanians get their first computer lessons in nursery school. Universities have top-notch IT programs whose graduates are heavily recruited by Western companies. Microsoft Corp. recently acquired GeCAD, a leading Bucharest data-security firm.

But all that know-how has spawned a dark side: Internet vampires who prey on victims half a world away.

The classic scam: Offer high-end electronics or other goods for sale or auction, take the order, confirm the "shipment" — and simply vanish the moment the consumer has wired payment.

The Internet Fraud Complaint Center said it gets hundreds of complaints daily from defrauded Americans. Many cases trace to Romania, where criminals use Internet cafes to elude capture and avoid leaving a digital trail to their home PCs.

Some have developed Web pages that mimic legitimate sites such as eBay, diverting them into the cyberspace equivalent of a back alley. Buyers think they're dealing with eBay, but their money ends up in criminal hands and the goods are never shipped.

The most brazen hack into protected corporate databases, where they copy proprietary information and demand cash on threats of publishing the findings on the open Internet.

This past summer, authorities aided by FBI experts arrested six young Romanians in the Transylvania town of Sibiu after they successfully extorted $50,000 from several leading American corporations, which were not identified.

Virgil Spiridon, chief inspector of Romania's national police and head of a newly launched computer crime task force, said authorities have intercepted online traffic, tracked Internet headers and addresses, searched suspects' homes and seized hard drives.

But Mihai Radu of Bucharest-based BitDefender, a data security company, says criminals are smarter than local authorities.

Romanian police asked BitDefender to help track down a 24-year-old university student suspected of creating and releasing a version of the crippling MSBlaster worm in August. The suspect, Dan Ciobanu, has not been arrested but remains under investigation.

"The Romanian police aren't qualified," Radu said as young analysts in jeans, T-shirts and sneakers disassembled strings of code to detect possible viruses. "They don't have the tools, the skills, the software."

Pointing up the criminals' knack for staying one step ahead of the law, FBI documents note that because consumers are reluctant to do business with Romanians, some scammers have found accomplices in other countries. Others pass themselves off as coming from elsewhere.

When police caught on that criminals were getting paid through Western Union transactions, they switched to direct bank-to-bank transfers, which are trickier to trace. Lately, they've set up bogus PayPal-style escrow accounts.

In an astonishing show of bravado, some cybercriminals dare even to toy with those tracking them.

Radu recalls logging on to his PC at home, only to watch in horror as the cursor moved independently around the screen and the CD-ROM tray slid in and out as though possessed by a poltergeist.

"I was hacked," he said. "There's a fight between the dark side and the light side."

Gesturing toward BitDefender's football field-sized room of programmers, he added cryptically: "They can do anything. If they weren't working for us, who knows what they'd be up to."