**Catalin Dragomir**, a 46-year-old from Constanta, Romania, who operated under the online handle "inthematrixl," was sentenced this week for his role in compromising an Oregon state government computer network and targeting numerous other U.S. victims. ### Guilty Plea and Sentencing Dragomir pleaded guilty on February 19 to one count of aggravated identity theft and one count of obtaining information from a protected computer. The charges carried a significant sentence, reflecting the severity of his crimes. The court ordered Dragomir to forfeit approximately 23 **Monero** (XMR), a cryptocurrency, valued at roughly $8,500. This forfeiture represents the financial gains he derived from his illegal activities. ### Details of the Breach According to court documents, in June 2021, Dragomir gained unauthorized access to a computer on the network of the **Oregon Department of Emergency Management** (then called the Oregon Office of Emergency Management). He subsequently attempted to monetize this access by selling it to a prospective buyer. During this transaction, Dragomir provided the buyer with samples of personally identifiable information (PII), including names, email addresses, dates of birth, and passport numbers, extracted from the compromised device. This exposed sensitive data and heightened the risk of identity theft for affected individuals. ### Widespread Impact Dragomir also sold access to the networks of nearly a dozen other victims across the United States. These breaches led to total losses of at least $250,000, highlighting the extensive damage caused by his cybercriminal activities. ### International Collaboration and Arrest Dragomir's arrest in Romania in November 2024 was the result of coordinated efforts among the Justice Department's Office of International Affairs, the Romanian Ministry of Justice, the Directorate for International Law and Judicial Cooperation, and the Romanian Judiciary. He was extradited to the United States in January 2025 to face charges. ### Justice Department's Efforts The case was investigated by the **FBI**'s Portland Field Office and prosecuted by the Justice Department's Computer Crime and Intellectual Property Section. Since 2020, this section has secured court orders to return over $350 million in victim funds following convictions against more than 180 cybercriminals and intellectual property criminals. ### Related News This week, the U.S. Justice Department also announced that a Canadian man was sentenced to 33 years in prison after admitting to targeting over 145 children across the United States in an eight-year-long sextortion scheme. <div> <a rel="noopener nofollow" href="https://hubs.li/Q048zztN0"><img alt="article image" src="https://www.bleepstatic.com/c/p/validation-gap.jpg"></a> <div> <h2><a rel="noopener nofollow" href="https://hubs.li/Q048zztN0">The Validation Gap: Automated Pentesting Answers One Question. You Need Six.</a></h2> <p>Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.</p> <p>This guide covers the 6 surfaces you actually need to validate.</p> <p><a rel="noopener nofollow" href="https://hubs.li/Q048zztN0">Download Now</a></p> </div> </div>