Alexandru Isvanca and Eveline Cismaru on a boat ride on the River Thames.
For years, Mr. Isvanca and Ms. Cismaru shared a sometimes-playful, sometimes-stormy partnership, supporting themselves at various times through identity-theft, credit-card fraud and ransomware attacks, according to friends, as well as U.S. and Romanian authorities.
Their latest gambit, authorities said, was the ransomware virus, which redirected the Washington video feed to their Bucharest apartment. For the couple, it seemed an unexpected stroke of good fortune.
This article about the pursuit of the hackers is based on sworn testimony, court documents, social media posts, and interviews with U.S. and European investigators, family members, neighbors, landlords and friends of Mr. Isvanca and Ms. Cismaru.
When asked for comment on the case,
assistant director of the Secret Service Office of Investigations, said only that it illustrates how “physical systems that are dependent upon networked infrastructure are especially vulnerable.”
The couple has, over time, given conflicting and contradictory accounts. Mr. Isvanca at first admitted the hacking to the Secret Service, a court filing said. He later told The Wall Street Journal that the Washington police department wasn’t an intended target. Later, he said he hadn’t participated at all.
Ms. Cismaru initially denied her involvement to Secret Service agents. Later, as part of a 2018 plea agreement, she acknowledged her role in the scheme.
Ms. Cismaru sent a message to the Journal in June asking, “How much are you willing to pay for this interview?” (The Journal doesn’t pay for interviews.)
In August, she denied having anything to do with the computer hijacking. Communicating to the Journal by text and
messages, Ms. Cismaru said, “I don’t know who wrote” and signed the court document in her name.
Ms. Cismaru said breaking into the U.S. capital’s video surveillance system was easy. “Americans are stupid,” Ms. Cismaru said in a text.
In fact, the couple brought about their own downfall.
Mr. Isvanca and Ms. Cismaru, known to friends as Bobo and Eve, met in 2010. She was 21 years old. Mr. Isvanca, 18 at the time, supported himself “through computer crimes and credit card fraud,” Ms. Cismaru said in a court statement. Mr. Isvanca told the Journal she had lied about him in court and denied the allegations. His lawyer said she wouldn’t comment on the case.
Within a year of their meeting, Ms. Cismaru learned to acquire and use stolen credit cards to buy items online, according to Romanian prosecutors.
The couple kept to relatively low-risk capers using black-market software, email lists and stolen credit-card numbers, small fish in an ocean of fraud.
Share Your Thoughts
Can cybercrime be thwarted? Join the conversation below.
In the U.S., fraud involving debit- and credit-card payments in 2016 neared $7.5 billion, 60% of it from online fraud, according to the most recent surveys from the Federal Reserve.
Banks and retailers generally accept those losses, either because they don’t want to risk losing customers by refusing them refunds, or because the cost of pursuing suspects like the Romanian couple is too high. Consumers, at some point, end up paying higher prices to cover the losses.
In 2012, Ms. Cismaru was convicted in Romania of participating in credit-card fraud, according to court files.
The judge issued Ms. Cismaru a suspended 3-year prison sentence. The court required that she check in every three months with police, appointments she frequently missed, Romanian officials said.