Thursday, March 26, 2009

'The Analyzer' Hack Probe Widens; $10 Million Allegedly Stolen From U.S. Banks

Via (Threat Level) -

Ehud Tenenbaum, an Israeli hacker arrested in Canada last year for allegedly stealing about $1.5 million from Canadian banks, also allegedly hacked two U.S. banks, a credit and debit card distribution company and a payment processor in what U.S. authorities are calling a global "cashout" conspiracy.

The U.S. hacks have resulted in at least $10 million in losses, according to court records obtained by Threat Level, and are just part of a larger international conspiracy to hack financial institutions in the United States and abroad.

The broadened case highlights the continued vulnerability of U.S. financial networks to cybercrime, despite supposedly tight industry security standards. It comes on the heels of other multimillion-dollar heists that also breached the security protecting ATM codes and account information. In late 2007, criminals used four hacked iWire payroll cards to steal $5 million from ATMs around the world in just two days. Shortly thereafter, a processing server that handles withdrawals from Citibank-branded ATMs at 7-Eleven convenience stores was cracked, leading crooks to converge on New York to withdraw at least $2 million from Citibank accounts using the stolen ATM data. And a carefully coordinated global heist last November resulted in a one-day haul of $9 million in cash, following a breach at payment processor RBS WorldPay.

Tenenbaum, 29, made headlines a decade ago under his hacker handle "The Analyzer" for penetrating Pentagon computers and other networks. He'd been living in France, and had only been in Canada about five months on a six-month visitor's permit when he was arrested last August in Calgary with three alleged accomplices for allegedly hacking into Direct Cash Management, a Calgary company that distributes prepaid debit and credit cards. A Canadian court granted him CDN $30,000 bail, but before he could be released from jail, U.S. authorities swooped in with a provisional warrant to retain him in custody while they pursued an indictment and extradition.

"I think he's probably been getting away with stuff for 10 years," said Darren Hafner, an acting detective with the Calgary police who investigated Tenenbaum on the Canadian charges. "We haven't seen or heard from him since the Pentagon attack. But these guys tend to get this 'cops can't touch me attitude' and then they get sloppy like any criminal in any type of crime."

Documents in the U.S. case have been sealed, but Threat Level obtained an affidavit detailing the U.S. allegations filed with the Canadian court handling Tenenbaum's extradition case. The affidavit (.pdf) was signed by Hafner and provides insight into the wave of multimillion-dollar hacks that have hit a number of financial institutions in the last year as well as the trail of clues left behind by at least one of the alleged hackers.

According to the affidavit, in October 2007, the United States Secret Service began investigating "an international conspiracy" to hack into computer networks of U.S. financial institutions and other businesses. As part of that investigation, agents examined network intrusions that occurred in January and February 2008 at OmniAmerican Credit Union, based in Fort Worth, Texas, and Global Cash Card of Irvine, California, a distributor of prepaid debit cards used primarily for payroll payments.

In both cases, the attacker gained access using a SQL injection attack that exploited a vulnerability in the company's database software. The attacker grabbed credit and debit card numbers that were then used by thieves in several countries to withdraw more than $1 million from ATMs.

In April and May 2008, agents investigated two additional hacks at 1st Source Bank in Indiana, and at Symmetrex, a prepaid debit card processor based in Florida. The intruder again used a SQL injection attack, and losses added up to more than $3 million.


SOLAR SUNRISE was a series of DoD computer network attacks which occurred from 1-26 February 1998. At least eleven attacks followed the same profile on Air Force, Navy, and Marine Corps computers worldwide.The attacks targeted key parts of the defense networks and obtained hundreds of network passwords. Although all DoD targeted systems were reported as unclassified, many key support systems reside on unclassified networks (Global Transportation System, Defense Finance System, medical, personnel, logistics, and official e-mail).

The attackers were two teenagers from California and one teenager from Israel - Analyzer.

No comments:

Post a Comment