Feeds

Pentagon hacker Analyzer suspected of $10m cyberheist

Credit card scam exposed

Using blade systems to cut costs and sharpen efficiencies

Charges against notorious hacker-turned-suspected-cyber-fraudster Ehud Tenenbaum have expanded to include alleged fraud involving banks and credit card firms in both Canada and the US.

Ehud Tenenbaum (AKA The Analyzer), 29, was arrested in Canada last September on suspicion he conspired with others to hack into the systems of a financial service companies, before transferring funds into pre-paid debit card accounts under the control of a cyberfraud crew. The group subsequently cashed out these accounts, making an estimated $1.5m in the process.

Tenenbaum is now suspected of hacking into two US banks, a credit and debit card firm and a payment processor outfit as part of a global "cashout" conspiracy that resulted in losses of a least $10m, Wired reports.

Ten years ago and while still a teenager, Tenenbaum broke into unclassified computers run by NASA, the Pentagon, the Israeli parliament and Hamas. He was caught and convicted but managed to avoid jail, receiving only a suspended sentence and fine. Tenenbaum found work defending Israeli sites from cyber attack before dropping out of the public eye for several years.

He moved from France to Canada last year, spending five months in the country on a visitor's permit, before being arrested by police in Calgary along with three alleged accomplices. The group were suspected of hacking into the systems of Calgary-based Direct Cash Management, a distributor of prepaid debit and credit cards. The other suspects made bail but Tenenbaum was detained in custody after US authorities served notice that they were compiling a case that may result in extradition proceedings against him.

Details of the likely US case against Tenenbaum have emerged for the first time after Wired obtained an affidavit, filed with the Canadian court handling Tenenbaum's extradition case. The affidavit (PDF) details how a US Secret Service investigation into computer hacking covered early 2008 attacks against the websites of OmniAmerican Credit Union and Global Cash Card, a California distributor of prepaid debit cards.

In both cases SQL Server vulnerabilities were used to hack into database systems and steal credit and debit card records, resulting in losses of $1m after these details were used to create counterfeit cards that were used to withdraw money from bank ATMs. The same approach was used to inflict losses of $3m on 1st Source Bank in Indiana and Symmetrex, a prepaid debit card processor, following hacking attacks in April and May 2008.

Investigation traced these attacks back through servers at HopOne Internet to systems at Dutch web hosting company LeaseWeb, where the assault was thought to originate. A warrant was obtained to intercept traffic running through the suspected cybercrime server at LeaseWeb. Evidence obtained, including web chats between the suspected hackers, led police to suspect Tenenbaum of involvement in the case, Wired reports.

On April 18, 2008, authorities say Tenenbaum gave a co-conspirator the compromised debit and credit card account numbers of more than 150 accounts taken from Symmetrex as well as the computer commands he'd used to execute the attack. Then, throughout the night of April 20, he received updates from accomplices in Russia and Turkey as they successfully withdrew cash from ATMs, and from Pakistan and Italy where the cards apparently failed to work. The next day, more cards were used in Bulgaria, Canada, Germany, Sweden and the United States. By late afternoon that day, Tenenbaum told an accomplice he'd racked up about "350 - 400" in earnings. The affidavit notes that this likely referred to 350,000 to 400,000 dollars or euros.

According to investigators, intercepted communications show that Tenenbaum had admin access to systems at 1st Source Bank network that allowed him to view ATM outputs, as well as credit card numbers. The hacker identified as Tenenbaum went on to brag that he had broken into systems at Alpha Bank in Greece a month later, in May 2008.

Tenenbaum was director of a computer security consultancy called Internet Labs Secure, based in Montreal. IP addresses registered to the firm were used to access a Hotmail account - Analyzer22@hotmail.com - linked to the hacking sessions and recovered from the Dutch server. This account was registered using Tenenbaum's real name and birthday, as well as incorporating his infamous hacking handle.

Attempts to access the compromised network at Global Cash Card network to check, and in some cases attempt to increase, the available balances of compromised cards, were also traced back to the network at Internet Labs Secure. Tenenbaum was also caught on camera at an ATM attempting to withdraw funds from one of the compromised Canadian accounts, local detectives told Wired.

Investigators blame Tenenbaum for masterminding a hacking spree that resulted in fraudulent losses of more than $10m though, as Wired notes, the declared value of the attacks against OmniAmerican, Global Cash Card hacks, 1st Source Bank and Symmetrex comes to just $4m.

The case illustrates the growing incidents of attacks where hackers have gained access to prepaid payroll and gift card systems before creating counterfeit cards and withdrawing huge sums. A breach at payment processor RBS WorldPay last November, for example, resulted in losses of $9m. ®

Boost IT visibility and business value

More from The Register

next story
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.