Romanian Extradited to US for Role in Hacking Scheme 17 Years Ago

A Romanian national was recently extradited to the United States for his role in a cybercrime scheme carried out 17 years ago, the Justice Department announced this week.

The suspect, 53-year-old Gavril Sandu, was arrested in Romania in January 2026 and was extradited to the US in late April. 

According to the DOJ, Sandu was indicted by a federal grand jury in 2017 on conspiracy to commit bank fraud and bank fraud. However, his alleged crimes took place even earlier, between May 2009 and October 2010.

Sandu and others allegedly hacked into small businesses’ VoIP systems and deployed scripts designed to contact financial institution customers and trick them into handing over sensitive personal and financial information, including login credentials, and payment card numbers and PINs.

The man’s contribution to this vishing operation included using the stolen information to clone payment cards and acting as a money mule who withdrew funds from those cards, the DOJ said.

Sandu remains in custody and faces up to 30 years in prison.

While intervals of a decade or more are not unheard of in complex international cases, the 17-year gap between the alleged offenses and Sandu’s extradition stands out as particularly notable for a cybercrime operation.

Reid Davis, special agent in charge of the FBI in North Carolina, stated this week when Sandu’s court appearance was announced that “justice has no timeline”.

This is not the only notable case involving a Romanian national. Mihai Ionut Paunescu, a dual Romanian-Latvian national, was sentenced to three years in prison in mid-2023 for running a bulletproof hosting service used by trojans such as Gozi, Zeus, and SpyEye. His sentencing came more than a decade after his criminal activity.

Related: Karakurt Ransomware Negotiator Sentenced to Prison

Related: Two US Security Experts Sentenced to Prison for Helping Ransomware Gang

Related: Alleged Chinese State Hacker Extradited to US