Catalin Dragomir, now 46, pleaded guilty to aggravated identity theft and obtaining information from a protected computer.
“Our country takes these types of crimes very seriously because of the harms and risk of harms that they cause,” said U.S. District Judge Michael H. Simon.
The crime is particularly egregious when it involves a government agency that guards the state’s critical infrastructure, the judge said.
Dragomir advertised on the dark web “admin access” to a network that included three servers and 50 computers connected to the state Department of Emergency Management, according to federal prosecutors.
The department works to prevent, prepare for and respond to disasters, including wildfires and floods, and administers federal and state grants to help local communities rebuild after disasters.
As part of his plea agreement, Dragomir admitted that he shared screenshots of a state employee’s personal information with a prospective buyer in early June 2021 to prove he had access to the state office’s computer network. The screenshots included the employee’s name, date of birth, Social Security number and email address.
On June 16, 2021, he sold access to the network for $3,000 in Bitcoin.
Separately, he admitted he also sold personal information from at least 10 other victims’ computer networks in the U.S., causing a loss of at least $250,000, according to his plea agreement.
Prosecutors did not identify the other victims, but Assistant U.S. Attorney Katherine Rykken called Dragomir “quite prolific,” sharing sensitive computer network information “all over the world, over and over and over again.”
Dragomir, who has spent the past 16 months in Columbia County Jail, told Simon that he accepted responsibility once the FBI showed up at his door in Romania in November 2024 by providing the passwords to his computer and phone.
He said he later spent three hours speaking with the FBI, agreeing to cooperate with investigators, before signing his plea deal in February.
He said, however, that he was not the mastermind of the scheme and that he worked for another hacker.
Regardless, he said he accepted full responsibility.
“I made a mistake. I didn’t know what was in my mind,” he said. “I didn’t know what I was thinking.”
Simon sentenced Dragomir to four years and eight months.
The judge shaved off two months from the prosecutor’s recommended sentence to account for the two months that Dragomir served in custody in Romania before he was extradited to the United States.
©2026 Advance Local Media LLC. Visit oregonlive.com. Distributed by Tribune Content Agency, LLC.
