A former Subway sandwich shop franchisee pled guilty to taking part in a scheme to hack point-of-sale terminals for at least 13 stores and obtaining gift cards worth $40,000.
Shahin Abdollahi, who also ran a business that sold and maintained point-of-sale terminals, sold the computerized checkout registers to the Subway shops that were illegally accessed, according to federal prosecutors in Massachusetts. He set up the terminals with software from LogMeIn, which allows people to remotely log in to PCs over the Internet. Abdollahi and other conspirators then used the software to repeatedly access the Subway terminals without authorization, usually early in the morning, when the restaurants were closed. Once logged in, they loaded gift cards with credit totaling $40,000. Co-conspirator Jeffrey Wilkinson, 37, of Rialto, California, would then advertise the cards for sale on eBay and Craigslist and hand deliver them to buyers.
On Wednesday, Abdollahi, 46, of Lake Elsinore, California, pled guilty in federal court in Massachusetts to one count of conspiracy to commit computer intrusion and wire fraud and one count of wire fraud. He is scheduled to be sentenced on August 6. Wilkinson pled guilty in February and is scheduled to be sentenced on May 28. It's not the first time Subway point-of-sale terminals have been illegally accessed by crooks for purposes of skimming the till. In 2012, two men pled guilty to participating in an international conspiracy that hacked into credit-card payment terminals at more than 150 Subway franchises and racked up more than $10 million in losses.
Read on Ars Technica | Comments