Described as "international computer hackers" by the United States Department of Justice, Teodor Laurentiu Costea, 41, and Robert Codrut Dumitrescu, 40, allegedly rob Americans of more than $18 million in an elaborate phishing scheme.
Costea and Dumitrescu were named in the 31-count federal grand jury indictment on August 16 last year and were accused last week in the Northern District of Georgia following their extradition.
Another co-defendant, Cosmin Draghici, 28, remains in custody in Romania awaiting his extradition to the United States.
"These extraditions send a strong warning to cybercriminals and fraudsters worldwide, that we, along with our law-enforcement partners, will work tirelessly to bring you to justice," said U. S. Attorney Byung J. "BJay" Pak.According to the indictment, between October 2011 and February 2014, Costea and Dumitrescu installed interactive voice response software on vulnerable PCs located in the U.S. to initiate thousands of automated phone calls and text messages.
Those messages and phone calls purported to be from a financial institution and directed victims to call a number due to an issue with their respective financial accounts.
When victims called that number, they were prompted by the IVR software to hand over their bank account numbers, PINs, and full or partial Social Security Numbers (SSNs), which were then allegedly sold or used by Costea and Dumitrescu with the assistance of Draghici.
The U.S. Department of Justice described this elaborated voice- and SMS-phishing tactics as "vishing" and "smishing" respectively.
At the time of Costea's arrest, he alone possessed 36,051 financial account numbers fraudulently obtained by innocent people, the court documents alleged.
U.S. officials estimate the losses from the vishing and smishing scheme amount to more than $18 million.
The United States government has recently extradited several cyber criminals in connection with different cyber crimes. Earlier this year, Spain deported Russian hacker Peter Yuryevich Levashov to America for his alleged role in a massive Kelihos botnet.
In March, Russian hacker Yevgeniy Aleksandrovich Nikulin was extradited to the United States from the Czech Republic for his ties to data breaches at LinkedIn, Dropbox, and now-defunct social-networking firm Formspring.
FBI Special Agent in Charge David LeValley hopes the extraditions will serve as a message to cybercriminals across the world, saying "Our message to the victims of cyber fraud is that the FBI won't let geographic boundaries stop us from pursuing and prosecuting the persons who cause them tremendous financial pain."