Romanian Man Extradited to US for Role in Hacking Scheme 17 Years Ago

The Sandu case revives a 2009‑2010 vishing operation that leveraged vulnerable VoIP infrastructure in small businesses. By injecting malicious scripts, the attackers redirected customer calls, harvested login credentials and payment‑card details, then used the data to clone cards and withdraw funds. Such “voice phishing” attacks remain a low‑cost, high‑yield method for cyber‑fraudsters, especially against organizations lacking robust call‑center security protocols. The indictment highlights how even seemingly modest targets can become entry points for large‑scale financial theft.

Extradition from Romania required coordinated diplomatic and legal efforts, reflecting the growing willingness of U.S. agencies to pursue cybercriminals abroad regardless of elapsed time. The Department of Justice first indicted Sandu in 2017, but the suspect evaded capture until his 2026 arrest. Similar cross‑border prosecutions—such as the sentencing of dual Romanian‑Latvian host‑service operator Mihai Ionuț Paunescu—signal a pattern: authorities are closing the gap between cyber‑crime and accountability, even when statutes of limitations appear to have expired.

For businesses, the case serves as a reminder to harden VoIP and telephony systems, implement multi‑factor authentication, and monitor for anomalous call‑routing behavior. Regulators and insurers are also likely to scrutinize firms’ cyber‑risk controls more closely, potentially influencing underwriting standards. As law‑enforcement demonstrates persistence, cyber‑fraud actors may face higher operational risk, prompting a shift toward more sophisticated, harder‑to‑trace attack vectors. Staying ahead of these threats requires continuous investment in security awareness, technology, and incident‑response planning.