Case 1:13-cr-10060-RGS Document 1 Filed 03/06/13 Page 1 of 10 UNITED STATES DISTRICT COURT DISTRICT OF MASSACHUSETTS UNITED STATES OF AMERICA ) ) ) ) ) ) ) ) v. SHAHIN ABDOLLAHI, JEFFREY T. WILKINSON, Defendants Case No. 13U-.loobo -> 18 U.S.C. §371 (Conspiracy) 18 U.S.C. §§1343, 2 (Wire Fraud) 18 U.S.c. §§981 and 2461 (Crim. Forfeiture) INDICTMENT The Grand Jury charges: INTRODUCTION At all times relevant to the charges in this Indictment: 1. SHAHIN ABDOLLAHI, a.k.a. Sean Holdt, and JEFFREY WILKINSON lived in California. 2. Beginning in or before 2011, ABDOLLAHI and WILKINSON conspired to (1) remotely hack into point-of-sale ("POS") computer systems in Subway restaurant franchises around the country, (2) use the hacked pas systems to electronically load value onto Subway restaurant gift cards, and (3) either use these fraudulently loaded gift cards to make purchases at Subway restaurants or sell the cards to others to use them. 3. A POS system, which is essentially a computerized checkout register, allows merchants to process customer purchases, including those made using credit, debit, and gift cards. The POS system typically includes a computer, monitor, card processing system, signature capture device, and customer pin pad device. 4. POS systems are frequently connected to the internet to allow remote access by authorized users. In order to allow remote access, the POS systems have remote desktop Isoftware applications installed on them. Subway restaurant franchise owners typically buy their I~~~~~1 Case 1:13-cr-10060-RGS Document 1 Filed 03/06/13 Page 2 of 10 POS systems from third party vendors. "POS Doctor," which is operated In part by ABDOLLAHI, is such a third-party vendor based in Southern California. 5. Subway, like many merchants, sells gift cards as a way for customers to pay for future purchases at any Subway nationwide. Using a gift card to make a purchase typically involves two steps: first, loading (or re-loading) the card, and then redeeming it. 6. To acquire a gift card, a Subway customer typically goes to a Subway restaurant and pays at the checkout register (i.e., the POS system). The cashier, using the restaurant's POS system, then electronically encodes a plastic Subway card so that it loads an equivalent value onto the card. For record-keeping purposes, Subway also stores the card's value on computer systems in Florida and Illinois. 7. A Subway customer typically later redeems the gift card by presenting it to a Subway cashier and using it to pay for the customer's purchases. The cashier, again using the POS system, deducts the cost of the purchase from the card's value. 8. A Subway customer can load, or re-load, a Subway gift card at one Subway location and then later redeem the card at a different Subway location. 9. A "fraudulent load" occurs when someone causes a gift card to be loaded without making any payment. 10. When a Subway customer acquires a gift card, the customer has the option of registering the card through the Subway website in order to protect the customer if the card is lost or stolen. In the registration process, the customer inputs an e-mail address and the unique identification number that is printed on the gift card. In that way, Subway can link a gift card number with a customer e-mail address. Subway maintains electronic records of all of the gift cards that have been registered. 2 Case 1:13-cr-10060-RGS Document 1 Filed 03/06/13 Page 3 of 10 Sale of POS Systems to Subway Franchises 11. In 2009 or 2010, ABDOLLAHI, using the alias "Sean Holde' and working for POS Doctor, sold a POS system to a Subway franchise in Franklin, Massachusetts. 12. In 2009 or 2010, ABDOLLAHI sent several e-mails to a representative of the Subway franchise in Franklin, discussing the sale of the POS system. 13. In 2009 or 2010, ABDOLLAHI spoke by phone to a representative of the Subway franchise in Franklin, discussing the sale of the POS system. 14. In 2009 or 2010, ABDOLLAHI sent a POS system to a Subway franchise in Franklin. Installed on that POS system was a remote desktop application called "Loglvleln." 15. In or about March 2009, ABDOLLAHI, along with R.H., sold one or more POS systems, with "Loglvleln" installed, to a Subway franchise in Sundance, Wyoming. 16. In or about April 2009, ABDOLLAHI sold one or more POS systems, with "Loglvleln" installed, to a Subway franchise located in Lakewood, California. 3 Case 1:13-cr-10060-RGS Document 1 Filed 03/06/13 Page 4 of 10 COUNT ONE Conspiracy (18 U.S.c. § 371) 17. The Grand Jury realleges and incorporates by reference the allegations III Paragraphs 1 through 16 of this Indictment, and further charges that: 18. Beginning in or before 2011, in the District of Massachusetts and elsewhere, the defendants, SHAHIN ABDOLLAHI and JEFFREY WILKINSON, and others, knowingly and intentionally conspired to commit the following offenses: (a) Computer Intrusion (18 U.S.C. § 1030(a)(4»: to knowingly and with intent to defraud, access a protected computer without authorization and exceeding authorized access, and by means of such conduct further the intended fraud and obtain anything of value. (b) Computer Intrusion (18 U.S.c. § 1030(a)(5)(A»: to knowingly cause the transmission of a program, information, code, and command, and as a result of such conduct, intentionally cause damage without authorization, to a protected computer. (c) Wire Fraud (18 U.S.C. § 1343): having devised, and intending to devise, a scheme to defraud and to obtain money and property by means of material false and fraudulent pretenses, representations, and promises, to transmit and cause to be transmitted in interstate commerce, wire communications, including writings, signals, and sounds, for the purpose of executing the scheme to defraud. MANNER AND MEANS 19. From 2005 to 2008, ABDOLLAHI, aka Sean Holdt, owned and operated one or more Subway restaurant franchises in Southern California, where he gained experience with Subway pas systems and Subway gift cards. 4 Case 1:13-cr-10060-RGS Document 1 Filed 03/06/13 Page 5 of 10 20. Starting in approximately March 2008, ABDOLLAHI operated a California-based company called "POS Doctor," "Point-of-Sale Doctor," or "Posdr.com," which sold and, in some cases also installed, new and refurbished ABDOLLAHI marketed his pas pas systems to merchants around the country. systems to Subway franchisees, primarily by placing online advertisements with eBay and similar websites. He generally used the alias "Sean Holdt" when operating his POS system business. 21. ABDOLLAHI sold POS systems to at least 13 Subway restaurant franchises around the country, including at least one in Massachusetts. On many, if not all, of those POS systems, ABDOLLAHI also installed a remote desktop application. 22. Members of the conspiracy repeatedly accessed, without authorization, at least 13 of the Subway POS systems that ABDOLLAHI had sold, including the pas system ofa Subway in Franklin, Massachusetts. Members of the conspiracy then used the compromised pas systems to make fraudulent loads onto Subway gift cards, typically in the early hours of the morning when the restaurants were closed. These loads totaled at least $40,000. 23. ABDOLLAHI and WILKINSON used fraudulently loaded gift cards at Subways in California. 24. WILKINSON sold fraudulently loaded Subway gift cards to buyers who were usually in Southern California. He advertised discount gift cards on websites such as eBay and Craigslist and then hand-delivered the fraudulently loaded cards to his buyers. 25. In order to keep track of fraudulently loaded cards in case of loss or theft, members of the conspiracy sometimes registered them online with Subway. They often used e­ mail accounts associated with internet domain names they had registered, including "in2itpos.com." 5 Case 1:13-cr-10060-RGS Document 1 Filed 03/06/13 Page 6 of 10 OVERT ACTS The defendants committed the following overt acts within Massachusetts and elsewhere: Accesses of Subway POS Systems and Fraudulent Loads onto Gift Cards 26. On or about November 29,2011, at approximately 2:07 a.m. EST, members of the conspiracy, without authorization, remotely accessed a pas system at the Subway in Franklin, Massachusetts, and fraudulently loaded dollar values onto five Subway gift cards. Four of the five fraudulently loaded cards had been registered using the e-mail addressblue@in2itpos.com. 27. On or about December 4, 2011, at approximately 2:32 a.m. and December 7, 2011, at approximately 4:34 a.m., members of the conspiracy, without authorization, remotely accessed a pas system at a Subway in Lakewood, California, and fraudulently loaded dollar values onto Subway gift cards. 28. On or about February 22, 2012, between approximately 2:35 a.m. and 2:44 a.m., members of the conspiracy, without authorization, remotely accessed a pas system at a Subway in Sundance, Wyoming, and fraudulently loaded dollar values onto ten Subway gift cards. Redemption of Fraudulently Loaded Gift cards 29. On or about December 1, 2011, approximately two days after the fraudulent loads occurred at the Massachusetts Subway, several of these fraudulently loaded gift cards were then used to make purchases at Subways in Redlands, Colton, and Victorville, California. 30. On or about December 3,2011, approximately four days after the fraudulent loads occurred at the Massachusetts Subway, two of these gift cards were then used to make purchases at Subways in Rialto and Ontario, California. 31. On or about December 6, 2011, approximately seven days after the fraudulent loads occurred at the Massachusetts Subway, two of those gift cards were then used to make purchases at Subways in Menifee and Victorville, California. 6 Case 1:13-cr-10060-RGS Document 1 Filed 03/06/13 Page 7 of 10 32. On or about February 22,2012, approximately six hours after the fraudulent loads occurred at the Wyoming Subway, WILKINSON used one of these gift cards at a Subway in Alameda, California. 33. The next day, February 23, 2012, ABDOLLAHI used the same gift card that WILKINSON had used the day before at the same Alameda Subway. Re-Sale of Fraudulently Loaded Gift cards 34. In approximately December 2011, WILKINSON placed advertisements on websites including eBay and Craigslist, offering gift cards for sale. 35. On or about December 11, 201 1,WILKINSON met with Rl. in Brea, California, and sold several fraudulently loaded Subway gift cards. All in violation of 18 U.S.C. § 371. 7 Case 1:13-cr-10060-RGS Document 1 Filed 03/06/13 Page 8 of 10 COUNT TWO Wire Fraud (18 U.S.c. § 1343) 36. The Grand Jury realleges and incorporates by reference the allegations in Paragraphs 1-16 and 19-35 and further charges that: 37. In the District of Massachusetts and elsewhere, the defendants, SHAHIN ABDOLLAHI, and JEFFREY WILKSINSON, and others, having devised, and intending to devise, a scheme to defraud and to obtain money and property by means of material false and fraudulent pretenses, representations, and promises, transmitted and caused to be transmitted in interstate commerce, on or about November 29, 2011, wire communications, including writings, signals, and sounds - specifically, the electronic accessing, from outside Massachusetts, of the Franklin, Massachusetts Subway POS system for the purpose of fraudulently loading a Subway gift card - for the purpose of executing the scheme, and aided and abetted others in doing so. All in violation of 18 U.S.C. §§ 1343,2. 8 Case 1:13-cr-10060-RGS Document 1 Filed 03/06/13 Page 9 of 10 CONSPIRACY AND WIRE FRAUD FORFEITURE ALLEGATIONS (18 U.S.C. § 981(a)(I)(C) and 28 U.S.C. § 2461(c» The Grand Jury further charges that: 38. Upon conviction of one or more of the offenses in violation of 18 U.S.C. § 371 and 18 U.S.C. § 1343 changed in Counts One and Four of this indictment, the defendants, SHAHIN ABDOLLAHI,and JEFFREY WILKSINSON, shall forfeit to the United States, jointly and severally, pursuant to 18 U.S.C. § 981(a)(l)(C) and 28 U.S.c. § 2461(c), any property, real or personal, that constitutes, or is derived from, proceeds traceable to the commission of the offenses. 39. If any of the property described in paragraph 38 hereof as being forfeitable pursuant to 18 U.S.C. § 981(a)(l)(C) and 28 U.S.c. § 2461(c), as a result of any act or omission of the defendants -­ a. cannot be located upon the exercise of due diligence; b. has been transferred to, sold to, or deposited with a third party; c. has been placed beyond the jurisdiction of this Court; d. has been substantially diminished in value; or e. has been commingled with other property which cannot be divided without difficulty; it is the intention of the United States, pursuant to 28 U.S.C. § 2461(c), incorporating 21 U.S.C. § 853(P), to seek forfeiture of all other property of the defendants up to the value of the property described in paragraph 38. All pursuant to Title 18, United States Code, Section 981 and Title 28, United States Code, Section 2461(c). 9 Case 1:13-cr-10060-RGS Document 1 Filed 03/06/13 Page 10 of 10 March 6, 2013 DISTRICT OF MASSACHUSETTS Returned into the District Court by the Grand Jurors and filed. 3}6(17 c@J \if: C/0 p~v'\. 10