Feeds

Pentagon hacker Analyzer suspected of $10m cyberheist

Credit card scam exposed

High performance access to file storage

Charges against notorious hacker-turned-suspected-cyber-fraudster Ehud Tenenbaum have expanded to include alleged fraud involving banks and credit card firms in both Canada and the US.

Ehud Tenenbaum (AKA The Analyzer), 29, was arrested in Canada last September on suspicion he conspired with others to hack into the systems of a financial service companies, before transferring funds into pre-paid debit card accounts under the control of a cyberfraud crew. The group subsequently cashed out these accounts, making an estimated $1.5m in the process.

Tenenbaum is now suspected of hacking into two US banks, a credit and debit card firm and a payment processor outfit as part of a global "cashout" conspiracy that resulted in losses of a least $10m, Wired reports.

Ten years ago and while still a teenager, Tenenbaum broke into unclassified computers run by NASA, the Pentagon, the Israeli parliament and Hamas. He was caught and convicted but managed to avoid jail, receiving only a suspended sentence and fine. Tenenbaum found work defending Israeli sites from cyber attack before dropping out of the public eye for several years.

He moved from France to Canada last year, spending five months in the country on a visitor's permit, before being arrested by police in Calgary along with three alleged accomplices. The group were suspected of hacking into the systems of Calgary-based Direct Cash Management, a distributor of prepaid debit and credit cards. The other suspects made bail but Tenenbaum was detained in custody after US authorities served notice that they were compiling a case that may result in extradition proceedings against him.

Details of the likely US case against Tenenbaum have emerged for the first time after Wired obtained an affidavit, filed with the Canadian court handling Tenenbaum's extradition case. The affidavit (PDF) details how a US Secret Service investigation into computer hacking covered early 2008 attacks against the websites of OmniAmerican Credit Union and Global Cash Card, a California distributor of prepaid debit cards.

In both cases SQL Server vulnerabilities were used to hack into database systems and steal credit and debit card records, resulting in losses of $1m after these details were used to create counterfeit cards that were used to withdraw money from bank ATMs. The same approach was used to inflict losses of $3m on 1st Source Bank in Indiana and Symmetrex, a prepaid debit card processor, following hacking attacks in April and May 2008.

Investigation traced these attacks back through servers at HopOne Internet to systems at Dutch web hosting company LeaseWeb, where the assault was thought to originate. A warrant was obtained to intercept traffic running through the suspected cybercrime server at LeaseWeb. Evidence obtained, including web chats between the suspected hackers, led police to suspect Tenenbaum of involvement in the case, Wired reports.

On April 18, 2008, authorities say Tenenbaum gave a co-conspirator the compromised debit and credit card account numbers of more than 150 accounts taken from Symmetrex as well as the computer commands he'd used to execute the attack. Then, throughout the night of April 20, he received updates from accomplices in Russia and Turkey as they successfully withdrew cash from ATMs, and from Pakistan and Italy where the cards apparently failed to work. The next day, more cards were used in Bulgaria, Canada, Germany, Sweden and the United States. By late afternoon that day, Tenenbaum told an accomplice he'd racked up about "350 - 400" in earnings. The affidavit notes that this likely referred to 350,000 to 400,000 dollars or euros.

According to investigators, intercepted communications show that Tenenbaum had admin access to systems at 1st Source Bank network that allowed him to view ATM outputs, as well as credit card numbers. The hacker identified as Tenenbaum went on to brag that he had broken into systems at Alpha Bank in Greece a month later, in May 2008.

Tenenbaum was director of a computer security consultancy called Internet Labs Secure, based in Montreal. IP addresses registered to the firm were used to access a Hotmail account - Analyzer22@hotmail.com - linked to the hacking sessions and recovered from the Dutch server. This account was registered using Tenenbaum's real name and birthday, as well as incorporating his infamous hacking handle.

Attempts to access the compromised network at Global Cash Card network to check, and in some cases attempt to increase, the available balances of compromised cards, were also traced back to the network at Internet Labs Secure. Tenenbaum was also caught on camera at an ATM attempting to withdraw funds from one of the compromised Canadian accounts, local detectives told Wired.

Investigators blame Tenenbaum for masterminding a hacking spree that resulted in fraudulent losses of more than $10m though, as Wired notes, the declared value of the attacks against OmniAmerican, Global Cash Card hacks, 1st Source Bank and Symmetrex comes to just $4m.

The case illustrates the growing incidents of attacks where hackers have gained access to prepaid payroll and gift card systems before creating counterfeit cards and withdrawing huge sums. A breach at payment processor RBS WorldPay last November, for example, resulted in losses of $9m. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.