A Romanian individual has confessed in a United States court to illicitly selling access to an Oregon state government’s network. The accused, Catalin Dragomir, aged 45, hails from Constanta, Romania, and gained entry into the computer system in June 2021.
Details of Unauthorized Network Access
Dragomir reportedly advertised administrative access to the state’s emergency management department and negotiated a sale for $3,000 in Bitcoin. To validate his claims, he accessed the network on multiple occasions and provided potential buyers with samples of personal data, including an employee’s login credentials, name, email, and Social Security number.
Court documents further revealed that Dragomir was implicated in breaching and vending access to the networks of ten additional victims across the United States, resulting in financial damages exceeding $250,000.
Extradition and Legal Proceedings
Following his arrest in Romania in November 2024, Dragomir was extradited to the US in January 2025. He faces several charges, including five counts related to obtaining information from a protected computer, aggravated identity theft, and money laundering, filed in May 2024.
On Friday, the US Department of Justice announced Dragomir’s guilty plea to charges of information theft and aggravated identity theft. As part of the plea agreement, he has consented to compensate his victims fully.
Potential Sentencing and Future Implications
Dragomir is looking at a potential prison sentence of up to seven years, comprising five years for information theft and a mandatory additional two-year sentence for identity theft. Further, he could face a fine of up to $250,000 and one year of supervised release.
This case underscores the ongoing challenges of combating international cybercrime and serves as a reminder of the vulnerabilities within governmental networks. As sentencing is set for May 26, this case continues to highlight the importance of robust cybersecurity measures.
