Feeds

Pentagon hacker Analyzer suspected of $10m cyberheist

Credit card scam exposed

Beginner's guide to SSL certificates

Charges against notorious hacker-turned-suspected-cyber-fraudster Ehud Tenenbaum have expanded to include alleged fraud involving banks and credit card firms in both Canada and the US.

Ehud Tenenbaum (AKA The Analyzer), 29, was arrested in Canada last September on suspicion he conspired with others to hack into the systems of a financial service companies, before transferring funds into pre-paid debit card accounts under the control of a cyberfraud crew. The group subsequently cashed out these accounts, making an estimated $1.5m in the process.

Tenenbaum is now suspected of hacking into two US banks, a credit and debit card firm and a payment processor outfit as part of a global "cashout" conspiracy that resulted in losses of a least $10m, Wired reports.

Ten years ago and while still a teenager, Tenenbaum broke into unclassified computers run by NASA, the Pentagon, the Israeli parliament and Hamas. He was caught and convicted but managed to avoid jail, receiving only a suspended sentence and fine. Tenenbaum found work defending Israeli sites from cyber attack before dropping out of the public eye for several years.

He moved from France to Canada last year, spending five months in the country on a visitor's permit, before being arrested by police in Calgary along with three alleged accomplices. The group were suspected of hacking into the systems of Calgary-based Direct Cash Management, a distributor of prepaid debit and credit cards. The other suspects made bail but Tenenbaum was detained in custody after US authorities served notice that they were compiling a case that may result in extradition proceedings against him.

Details of the likely US case against Tenenbaum have emerged for the first time after Wired obtained an affidavit, filed with the Canadian court handling Tenenbaum's extradition case. The affidavit (PDF) details how a US Secret Service investigation into computer hacking covered early 2008 attacks against the websites of OmniAmerican Credit Union and Global Cash Card, a California distributor of prepaid debit cards.

In both cases SQL Server vulnerabilities were used to hack into database systems and steal credit and debit card records, resulting in losses of $1m after these details were used to create counterfeit cards that were used to withdraw money from bank ATMs. The same approach was used to inflict losses of $3m on 1st Source Bank in Indiana and Symmetrex, a prepaid debit card processor, following hacking attacks in April and May 2008.

Investigation traced these attacks back through servers at HopOne Internet to systems at Dutch web hosting company LeaseWeb, where the assault was thought to originate. A warrant was obtained to intercept traffic running through the suspected cybercrime server at LeaseWeb. Evidence obtained, including web chats between the suspected hackers, led police to suspect Tenenbaum of involvement in the case, Wired reports.

On April 18, 2008, authorities say Tenenbaum gave a co-conspirator the compromised debit and credit card account numbers of more than 150 accounts taken from Symmetrex as well as the computer commands he'd used to execute the attack. Then, throughout the night of April 20, he received updates from accomplices in Russia and Turkey as they successfully withdrew cash from ATMs, and from Pakistan and Italy where the cards apparently failed to work. The next day, more cards were used in Bulgaria, Canada, Germany, Sweden and the United States. By late afternoon that day, Tenenbaum told an accomplice he'd racked up about "350 - 400" in earnings. The affidavit notes that this likely referred to 350,000 to 400,000 dollars or euros.

According to investigators, intercepted communications show that Tenenbaum had admin access to systems at 1st Source Bank network that allowed him to view ATM outputs, as well as credit card numbers. The hacker identified as Tenenbaum went on to brag that he had broken into systems at Alpha Bank in Greece a month later, in May 2008.

Tenenbaum was director of a computer security consultancy called Internet Labs Secure, based in Montreal. IP addresses registered to the firm were used to access a Hotmail account - Analyzer22@hotmail.com - linked to the hacking sessions and recovered from the Dutch server. This account was registered using Tenenbaum's real name and birthday, as well as incorporating his infamous hacking handle.

Attempts to access the compromised network at Global Cash Card network to check, and in some cases attempt to increase, the available balances of compromised cards, were also traced back to the network at Internet Labs Secure. Tenenbaum was also caught on camera at an ATM attempting to withdraw funds from one of the compromised Canadian accounts, local detectives told Wired.

Investigators blame Tenenbaum for masterminding a hacking spree that resulted in fraudulent losses of more than $10m though, as Wired notes, the declared value of the attacks against OmniAmerican, Global Cash Card hacks, 1st Source Bank and Symmetrex comes to just $4m.

The case illustrates the growing incidents of attacks where hackers have gained access to prepaid payroll and gift card systems before creating counterfeit cards and withdrawing huge sums. A breach at payment processor RBS WorldPay last November, for example, resulted in losses of $9m. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
Desperate VXers enslave FREEZERS in DDoS bot
Updated Spike malware targets Asia
Heatmiser digital thermostat users: For pity's sake, DON'T SWITCH ON the WI-FI
A stranger turns up YOUR heat with default password 1234
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.