A 21-year-old Dutch man appeared in US federal court this week to face charges related to computer hacking.
David Schrooten, aka “Fortezza,” was arrested in March in Romania and is charged in a 14-count indictment with conspiracy, access device fraud, bank fraud, intentional damage to a computer and aggravated identity theft.
“This defendant has wrought havoc on victims and financial institutions around the world,” Jenny Durkan, a US attorney in Seattle, said in a statement.
Schrooten and co-conspirator Christopher Schroebel, 21, are charged with marketing as many as 44,000 credit card numbers, resulting in millions of dollars in losses to financial institutions.
Schrooten pleaded innocent on Monday. If found guilty, he faces up to 50 years in prison, as well as up to $1.5 million in fines.
Authorities became aware of the illicit activity when one of the victimised business owners at Mondello Ristorante Italiano notified police after several customers experienced fraudulent charges on their credit cards roughly 10 minutes after dining at the establishment.
The indictment stated that Schroebel hacked into the computers of the restaurant, as well as another Seattle-area business, to install malware, which allowed him to extract credit card details from the retailers' point-of-sale terminals. The data was then transmitted to a server in Kansas managed by Schroebel.
The two men are also accused of building “carding websites,” which allowed them to sell the stolen credit card numbers to others. Four western Washington state residents are identified in the indictment as victims who had their personal information stolen, which was subsequenly used in bank fraud.
Schroebel was arrested in November and pleaded guilty last month. He is scheduled to be sentenced August 10 by US District Judge Ricardo Martinez.
A spokesman at the Seattle law firm Ressler & Tesh, representing Schrooten, declined to comment when reached by SCMagazine.com. Corey Endo of the Federal Public Defender's Office in Seattle, representing Schroebel, could not be immediately reached.