A Romanian national pleaded guilty in a US court to selling unauthorized access to an Oregon state government office’s network.
The man, Catalin Dragomir, 45, of Constanta, Romania, obtained access to the computer network in June 2021.
The hacker allegedly advertised admin access to the state’s emergency management department, negotiated a $3,000 sale in Bitcoin, and accessed the network several times to prove the legitimacy of his claim.
According to court documents, Dragomir provided a prospective buyer with samples of personal identifying information extracted from the compromised network, including an employee’s login information, name, email address, and Social Security number.
He is also accused of hacking into and selling access to the networks of 10 other victims in the US. Documents presented in court allege that his actions caused at least $250,000 in losses.
Dragomir was extradited to the US in January 2025, after being arrested in Romania in November 2024. He is scheduled for sentencing on May 26.
In May 2024, Dragomir was charged with five counts of obtaining information from a protected computer, aggravated identity theft, and money laundering.
On Friday, the US Department of Justice announced that Dragomir pleaded guilty to information theft and aggravated identity theft, and that he agreed to pay full restitution to his victims.
Dragomir faces up to seven years in prison (five years for information theft and a mandatory consecutive two-year sentence for identity theft), a fine of up to $250,000, and one year of supervised release.
Related: Tennessee Man Pleads Guilty to Repeatedly Hacking Supreme Court’s Filing System
Related: Two US Cybersecurity Pros Plead Guilty Over Ransomware Attacks
Related: Dutch Port Hacker Sentenced to Prison
Related: Ukrainian Nefilim Ransomware Affiliate Pleads Guilty in US
