analyzer
TRANSCRIPT
THE ANALYZER
EHUD TENENBAUM
Aka “The Analyzer” 29 years old From Hod HaSharon, Israel Part of a global ring of hackers that hacked into
financial institutions across the world United States Russia Turkey Sweden Holland Germany
In 2008, charged for hacking into four U.S banks
PIN CASHOUT CONSPIRACY
Hacked into financial institutions and other businesses to steal account information Used SQL injection attack which exploited a
vulnerability in the company’s database software Sell confidential financial account information to
“runners” via instant messaging services or email
Purchasers of the stolen account information would encode plastic credit/debit cards and use them to withdraw money at ATMs
10%-20% proceeds from the cashout would go to the hacker
USSS INVESTIGATION In 2007, US Secret Service began investigating an
international conspiracy to hack into computer systems of financial institutions and other businesses in the US
In 2008, Secret Service discovered several network intrusions of financial organizations with losses of over $10 million OmniAmerican Credit Union (Texas) Global Cash Card (California) Symmetrex (financial transaction processor in Florida) 1st Source Bank (Indiana) MetaBank (Iowa and South Dakota)
HOW THE CRIME WAS PERPETRATED
USSS traced the intrusions to servers belonging to HopOne Internet Corp in McLean, VA
Using pen registers and trap & trace devices, they found that much of the traffic going through those servers was coming from the Dutch company LeaseWeb
Intercepted the content of three servers hosted by LeaseWeb for 90 days and found that someone using the email address [email protected] had (registered under Tenenbaum’s real name and birthday) chatted about hacking into the U.S. and foreign financial institutions to other known hackers in MSN IM chat messages
USSS looked into Hotmail’s login records to see that the email address was connected to the Microsoft IM server from the IP address 69.70.122.98 In a forensic analysis of the network of Global
Cash Card, the IP Address was used to check balances of compromised accounts, increase balance limits, and obtain usernames and passwords
Conducted RWHOIS search of Videotron, the ISP in Montreal that owns the IP address
Results showed IP address was registered to Internet Labs Secure, Inc.
Found that Ehud Tenenbaum was the director for the corporation
PREVIOUS CHARGES AGAINST TENENBAUM
In 1998 at age of 19, Tenenbaum was convicted in Israel for penetrating computers belonging to NASA, Pentagon, Air Force and Navy, and several Ivy League universities Served 6 months of probation doing community servicce
In 2008, he is arrested in Montreal, Canada for stealing $1.5 million from Canadian banks Before he was released from jail through a bail,
U.S. issued a warrant to retain him in custody until can extradite him
PENALTY
Charges Single count of committing conspiracy Single count of bank-card fraud for $4 million
Plead guilty to single count of bank-card fraud
Faced maximum of 15 years of prison