Israel Hacker ‘The Analyzer’ Steals Over $10 Million USD


It’s seems like a new hacker is in the sights of the US Government, this time it’s Ehud Tenenbaum AKA ‘The Analyzer’.

He seems to have been quite sloppy about covering his tracks and remaining under the radar, he acts as if no-one can get him. Perhaps he knows something we don’t?

Anyway he’s firmly under investigation now having first popped onto the radar 10 years at the age of 19 for hacking into Pentagon computers.

Ehud Tenenbaum, an Israeli hacker arrested in Canada last year for allegedly stealing about $1.5 million from Canadian banks, also allegedly hacked two U.S. banks, a credit and debit card distribution company and a payment processor in what U.S. authorities are calling a global “cashout” conspiracy.

The U.S. hacks have resulted in at least $10 million in losses, according to court records obtained by Threat Level, and are just part of a larger international conspiracy to hack financial institutions in the United States and abroad.

The broadened case highlights the continued vulnerability of U.S. financial networks to cybercrime, despite supposedly tight industry security standards. It comes on the heels of other multimillion-dollar heists that also breached the security protecting ATM codes and account information. In late 2007, criminals used four hacked iWire payroll cards to steal $5 million from ATMs around the world in just two days. Shortly thereafter, a processing server that handles withdrawals from Citibank-branded ATMs at 7-Eleven convenience stores was cracked, leading crooks to converge on New York to withdraw at least $2 million from Citibank accounts using the stolen ATM data. And a carefully coordinated global heist last November resulted in a one-day haul of $9 million in cash, following a breach at payment processor RBS WorldPay.

It seems like the US banking system has some major problems, with all their self-invented, self-imposed regulations (SOX, PCI, ISO27001 etc.) you’d think they would be more secure.

Obviously all these regulations and reams of paperwork are just making things worse, burying problems under tonnes of dead trees really doesn’t help.

It’s a very International crime network with participants all over the World including Dutch servers and hackers in Russia and Turkey.

According to the affidavit, in October 2007, the United States Secret Service began investigating “an international conspiracy” to hack into computer networks of U.S. financial institutions and other businesses. As part of that investigation, agents examined network intrusions that occurred in January and February 2008 at OmniAmerican Credit Union, based in Fort Worth, Texas, and Global Cash Card of Irvine, California, a distributor of prepaid debit cards used primarily for payroll payments.

In both cases, the attacker gained access using a SQL injection attack that exploited a vulnerability in the company’s database software. The attacker grabbed credit and debit card numbers that were then used by thieves in several countries to withdraw more than $1 million from ATMs.

In April and May 2008, agents investigated two additional hacks at 1st Source Bank in Indiana, and at Symmetrex, a prepaid debit card processor based in Florida. The intruder again used a SQL injection attack, and losses added up to more than $3 million.

It seems like this might have been going on for some time, he managed to pull similar stunts in both Canada and the US and perhaps even Greece too.

I wonder where he is now, and where he’s going to hit next. Or perhaps he won’t, he must have plenty of cash to lay low in some country with no extradition treaty with the US.

Do read the whole article as it’s very interesting.

Source: Wired Blog

Posted in: Hacking News, Legal Issues

, , ,


Latest Posts:


Sooty - SOC Analyst All-In-One CLI Tool Sooty – SOC Analyst All-In-One CLI Tool
Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process.
UBoat - Proof Of Concept PoC HTTP Botnet Project UBoat – Proof Of Concept PoC HTTP Botnet Project
UBoat is a PoC HTTP Botnet designed to replicate a full weaponised commercial botnet like the famous large scale infectors Festi, Grum, Zeus and SpyEye.
LambdaGuard - AWS Lambda Serverless Security Scanner LambdaGuard – AWS Lambda Serverless Security Scanner
LambdaGuard is a tool which allows you to visualise and audit the security of your serverless assets, an open-source AWS Lambda Serverless Security Scanner.
exe2powershell - Convert EXE to BAT Files exe2powershell – Convert EXE to BAT Files
exe2powershell is used to convert EXE to BAT files, the previously well known tool for this was exe2bat, this is a version for modern Windows.
HiddenWall - Create Hidden Kernel Modules HiddenWall – Create Hidden Kernel Modules
HiddenWall is a Linux kernel module generator used to create hidden kernel modules to protect your server from attackers.
Anteater - CI/CD Security Gate Check Framework Anteater – CI/CD Security Gate Check Framework
Anteater is a CI/CD Security Gate Check Framework to prevent the unwanted merging of filenames, binaries, deprecated functions, staging variables and more.


3 Responses to Israel Hacker ‘The Analyzer’ Steals Over $10 Million USD

  1. ThePrivateMan March 26, 2009 at 4:37 pm #

    My only question is, why would he steal currency (USD) that is not worth anything?!

  2. terrery March 27, 2009 at 10:16 am #

    Ehud Tenenbaum, an Israeli hacker arrested in Canada last year for allegedly stealing about $1.5 million from Canadian banks, also allegedly hacked two U.S. banks, a credit and debit card distribution company and a payment processor in what U.S. authorities are calling a global

  3. Graydon McKee March 27, 2009 at 12:19 pm #

    Bravo nice post. The problem is that these institutions practice compliance more than they practice information security.