Two men hacked Subway to steal gift cards totaling $40,000

Mar 17, 2013
4

Two men were charged for an elaborate hacking scheme. They have been identified as Shahin Abdollahi, whose alias was Sean Holdt, and Jeffrey Thomas Wilkinson. The two men hacked over 13 point-of-sale (POS) computers at a variety of Subways located in Massachusetts, Wyoming, and California. This isn't the first time Subway's been hacked. Last September, the franchise's credit card terminals were hacked at over 150 of its locations. It suffered $10 million in losses and 146,000 accounts were compromised.

Abdollahi and Wilkinson went through an elaborate scheme to execute their plans. Abdollahi operated his own POS business, called "POS Doctor". There he sold POS computers to various Subways, and he preloaded his LogMeIn (remote desktop tool) information into those machines. In order to get a better understanding of how Subway and their POS systems worked, he operated a few of his own Subway franchises in Southern California.

After learning how Subway operates and how they use their POS system, he and Wilkinson then remotely accessed Subway's POS systems to create fake gift cards totaling up to $40,000. They took the fake gift cards and sold them either on eBay, or Craigslist. According to the reports, Abdollahi's hacked systems were sold to a variety of other businesses besides Subway as well.

The two men were charged with computer intrusion and wire fraud. It seems like they did an awful lot of scheming and prep work just to create fake gift cards. Abdollahi went through alot of hassle of owning his own POS company and a few Subways just to get this plan into motion. It's speculated that Subway was just the testing grounds for an even bigger scheme the two had planned.

[via Ars Technica]


Must Read Bits & Bytes