The Subway Sandwich Hacker

Sandwich artist? More like con artist. 
Reuters (with manipulation)

Is nowhere safe from cybercrime? 

Of all the places one might expect to be safe from the scourge of hackers, Subway, is quite high on my list. The only fraud I thought occurred in stripmall sandwich shops were the pepperoncinis. 

But I was wrong.

Shahin Abdollahi, a California man, pled guilty to exploiting point-of-sale systems he and a partner had sold to Subway franchises.

Here's how the hustle worked: On one end of it, they ran a business called the POS Doctor—not a gastrointestinal clinic—that dealt in point-of-sale systems. They talked various Subway franchisees in Franklin, Massachusetts, Sundance, Wyoming, and Lakewood, California into purchasing these POSs. Because businesses need cash registers, I guess, and someone has to sell you one.

But along with the working POS, they bundled in a remote access program—one that's commercially available, LogMeIn. That's pretty standard because of course it makes sense to connect your cash register to the Internet, but the catch was that Abdhollahi kept the virtual keys to the till. So after some unsuspecting 17-year-old would close up the shop, he would switch on the cash register in the wee hours of the night and load up gift cards with a bunch of money. 

Then he and his partners in crime sold the gift cards on Craigslist to unsuspecting sandwich bargain hunters, who took them to stores in Colton, Victorville, Menifee, and other cities in California, and unwittingly handed them to other high-school kids to pay for six-inchers, foot-longs, and maybe even their weird breakfast sandwiches. 

All in, Abdhollahi loaded about $40,000 on the gift cards, which is a lot of sandwiches, no matter how you slice them. But not really very much money on The Heist Scale, which ranges from the Mona Lisa to petting a cat in your lair.

We normally think of people who commit cybercrimes as like Evil Bill Gates, misguided geniuses who have turned to a life of crime. But this is a story filled with bumbling. Abdhollahi knew how gift cards and POSs worked because he himself had owned a Subway franchise. 

Even so, when he registered the gift cards online—an optional step in the gift-card redistribution mechanism—he used email addresses with domains that he had registered. D’oh! It doesn't sound like investigators had a hard time figuring out what was going on. 

You attack Subway and you attack us all, especially Jared and various professional athletes with non-overlapping demographic influences.

I mean, if you can't buy an Internet-connected cash register or a Subway gift card from a random, barely reputable person you found on Craigslist, what can you really do? 

Jump to comments
Presented by

Alexis C. Madrigal

Alexis Madrigal is the deputy editor of He's the author of Powering the Dream: The History and Promise of Green Technology. More

The New York Observer has called Madrigal "for all intents and purposes, the perfect modern reporter." He co-founded Longshot magazine, a high-speed media experiment that garnered attention from The New York Times, The Wall Street Journal, and the BBC. While at, he built Wired Science into one of the most popular blogs in the world. The site was nominated for best magazine blog by the MPA and best science website in the 2009 Webby Awards. He also co-founded Haiti ReWired, a groundbreaking community dedicated to the discussion of technology, infrastructure, and the future of Haiti.

He's spoken at Stanford, CalTech, Berkeley, SXSW, E3, and the National Renewable Energy Laboratory, and his writing was anthologized in Best Technology Writing 2010 (Yale University Press).

Madrigal is a visiting scholar at the University of California at Berkeley's Office for the History of Science and Technology. Born in Mexico City, he grew up in the exurbs north of Portland, Oregon, and now lives in Oakland.

Get Today's Top Stories in Your Inbox (preview)

In Online Dating, Everyone's a Little Bit Racist

The co-founder of OKCupid shares findings from his analysis of millions of users' data.

Join the Discussion

After you comment, click Post. If you’re not already logged in you will be asked to log in or register. blog comments powered by Disqus


In Online Dating, Everyone's a Little Bit Racist

The co-founder of OKCupid shares findings from his analysis of millions of users' data.


What Is a Sandwich?

We're overthinking sandwiches, so you don't have to.


How Will Climate Change Affect Cities?

Urban planners and environmentalists predict the future of city life.


The Inner Life of a Drag Queen

A short documentary about cross-dressing, masculinity, identity, and performance


Let's Talk About Not Smoking

Why does smoking maintain its allure? James Hamblin seeks the wisdom of a cool person.



More in Technology

Just In