Court records obtained by Wired show how Israeli-born hacker Ehud Tenenbaumand and his cohorts, using SQL attacks and obtaining administrative passwords, were able to break into the networks of several financial institutions in the United States to steal confidential personal information, which they then sold via the internet. This data was copied onto counterfeit credit cards and used at ATMs to withdraw cash,
Tenenbaum, 29, also known as "The Analyzer," gained notoriety 10 years ago when he broke into computer networks of NASA, the Pentagon and the Knesset, the legislative branch of the Israeli government.
At the time, he was celebrated in Israel -- first being congratulated by now Prime Minister-designate Benjamin Netanyahu for his "damn good IT skills," and then being featured in an advertisement and given a replacement computer to replace the one confiscated by the police, according to the U.S. Department of Defense Information Analysis Center. He then worked as a computer security consultant assisting Israeli enterprises to protect their networks from cyberattacks.
According to the court documents filed in Canada in September 2008, the U.S. Secret Service has been on his trail since October 2007, when they began an investigation into what they termed "an international conspiracy" of hackers attempting to make their way into computer networks of U.S. financial institutions and other businesses.
Tenenbaum eventually tripped up by choosing to not disguise his actual identity, using a Hotmail email account previously identified with him, as well as an IP address that led to a computer security company run out of Montreal called Internet Labs Secure, of which Tenenbaum was director. Court documents state that this IP address "was used to check balances of compromised accounts and attempted to increase balance limits on these compromised acounts. This IP address also was used to obtain compromised usernames and passwords in this attempt."
The USSS began their investigations at the source, that is, banks that were breached in Indiana, Florida, Texas and California. From there, they were able to follow the path of wire transactions from the banks to servers belonging to HopOne Internet in McLean, Va. Those servers proved to be the routing point of an attack originating from servers in the Netherlands belonging to LeaseWeb, one of Europe's largest hosting companies.
After the USSS requested Dutch law-enforcement agents to wiretap activity emanating from this point, email and IM from Tenenbaum appeared in traffic analyses. His discussions with co-conspirators mention hacks into several financial institutions and ATM withdrawals throughout the world.
According to documents, so far "the investigation has attributed at least $10 million in losses associated with these network intrusions and PIN cashout activities."
Tenenbaum also is the subject of another investigation by several Canadian law enforcement agencies.
Charges against him have expanded to now include alleged fraud involving banks and credit card firms in the U.S. and Canada.