Subway sandwich chain hit again with point of sale hack

Subway, the sandwich franchise, has not had a lot of luck with its point of sale computers. Shortly after two Romanian hackers were indicted for hacking into the systems, a the District Court of Massachusetts indicted another two hackers for stealing up to $40,000 from the company.

Shahin Abdollahi and Jeffrey Thomas Wilkinson allegedly went to great lengths to remotely log in to Subway point of sale systems, create fake gift cards totaling around $40,000, and use them or sell them on eBay. They supposedly did this by either installing remote access software on the systems or selling Subway point of sale computers that already had LogMeIn, a remote access tool, previously loaded.

That’s right, Abdollahi ran an entire point of sale system business and is also indicted for selling a number of these LogMeIn-ready machines to businesses. According to the indictment he allegedly sold these POS systems under the company name POS Doctor, to Subways in Massachusetts, Wyoming, and California.

From there, they would have hopped inside the system and electronically loaded the gift cards for use or sale.

Furthermore, the Abdollahi ran a number of his own Subway franchises in Southern California, according to the indictment, to learn the point of sale systems. Seems like a lot of effort for $40,000 in gift cards, but it could have been that the two were setting up infrastructure for a bigger scheme, if the allegations are true.

Check out the indictment below:

hat tip Ars Technica; Subway image via pat00139/Flickr

blog comments powered by Disqus