Feeds

Pentagon hacker Analyzer suspected of $10m cyberheist

Credit card scam exposed

Choosing a cloud hosting partner with confidence

Charges against notorious hacker-turned-suspected-cyber-fraudster Ehud Tenenbaum have expanded to include alleged fraud involving banks and credit card firms in both Canada and the US.

Ehud Tenenbaum (AKA The Analyzer), 29, was arrested in Canada last September on suspicion he conspired with others to hack into the systems of a financial service companies, before transferring funds into pre-paid debit card accounts under the control of a cyberfraud crew. The group subsequently cashed out these accounts, making an estimated $1.5m in the process.

Tenenbaum is now suspected of hacking into two US banks, a credit and debit card firm and a payment processor outfit as part of a global "cashout" conspiracy that resulted in losses of a least $10m, Wired reports.

Ten years ago and while still a teenager, Tenenbaum broke into unclassified computers run by NASA, the Pentagon, the Israeli parliament and Hamas. He was caught and convicted but managed to avoid jail, receiving only a suspended sentence and fine. Tenenbaum found work defending Israeli sites from cyber attack before dropping out of the public eye for several years.

He moved from France to Canada last year, spending five months in the country on a visitor's permit, before being arrested by police in Calgary along with three alleged accomplices. The group were suspected of hacking into the systems of Calgary-based Direct Cash Management, a distributor of prepaid debit and credit cards. The other suspects made bail but Tenenbaum was detained in custody after US authorities served notice that they were compiling a case that may result in extradition proceedings against him.

Details of the likely US case against Tenenbaum have emerged for the first time after Wired obtained an affidavit, filed with the Canadian court handling Tenenbaum's extradition case. The affidavit (PDF) details how a US Secret Service investigation into computer hacking covered early 2008 attacks against the websites of OmniAmerican Credit Union and Global Cash Card, a California distributor of prepaid debit cards.

In both cases SQL Server vulnerabilities were used to hack into database systems and steal credit and debit card records, resulting in losses of $1m after these details were used to create counterfeit cards that were used to withdraw money from bank ATMs. The same approach was used to inflict losses of $3m on 1st Source Bank in Indiana and Symmetrex, a prepaid debit card processor, following hacking attacks in April and May 2008.

Investigation traced these attacks back through servers at HopOne Internet to systems at Dutch web hosting company LeaseWeb, where the assault was thought to originate. A warrant was obtained to intercept traffic running through the suspected cybercrime server at LeaseWeb. Evidence obtained, including web chats between the suspected hackers, led police to suspect Tenenbaum of involvement in the case, Wired reports.

On April 18, 2008, authorities say Tenenbaum gave a co-conspirator the compromised debit and credit card account numbers of more than 150 accounts taken from Symmetrex as well as the computer commands he'd used to execute the attack. Then, throughout the night of April 20, he received updates from accomplices in Russia and Turkey as they successfully withdrew cash from ATMs, and from Pakistan and Italy where the cards apparently failed to work. The next day, more cards were used in Bulgaria, Canada, Germany, Sweden and the United States. By late afternoon that day, Tenenbaum told an accomplice he'd racked up about "350 - 400" in earnings. The affidavit notes that this likely referred to 350,000 to 400,000 dollars or euros.

According to investigators, intercepted communications show that Tenenbaum had admin access to systems at 1st Source Bank network that allowed him to view ATM outputs, as well as credit card numbers. The hacker identified as Tenenbaum went on to brag that he had broken into systems at Alpha Bank in Greece a month later, in May 2008.

Tenenbaum was director of a computer security consultancy called Internet Labs Secure, based in Montreal. IP addresses registered to the firm were used to access a Hotmail account - Analyzer22@hotmail.com - linked to the hacking sessions and recovered from the Dutch server. This account was registered using Tenenbaum's real name and birthday, as well as incorporating his infamous hacking handle.

Attempts to access the compromised network at Global Cash Card network to check, and in some cases attempt to increase, the available balances of compromised cards, were also traced back to the network at Internet Labs Secure. Tenenbaum was also caught on camera at an ATM attempting to withdraw funds from one of the compromised Canadian accounts, local detectives told Wired.

Investigators blame Tenenbaum for masterminding a hacking spree that resulted in fraudulent losses of more than $10m though, as Wired notes, the declared value of the attacks against OmniAmerican, Global Cash Card hacks, 1st Source Bank and Symmetrex comes to just $4m.

The case illustrates the growing incidents of attacks where hackers have gained access to prepaid payroll and gift card systems before creating counterfeit cards and withdrawing huge sums. A breach at payment processor RBS WorldPay last November, for example, resulted in losses of $9m. ®

Remote control for virtualized desktops

More from The Register

next story
Knock Knock tool makes a joke of Mac AV
Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
BlackEnergy crimeware coursing through US control systems
US CERT says three flavours of control kit are under attack
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.