'The Analyzer' Hack Probe Widens - $10 Million Allegedly Stolen From U.S. Banks

[Paul Ferguson <fergdawgster () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Via Threat Level.

[snip]

Ehud Tenenbaum, an Israeli hacker arrested in Canada last year for
allegedly stealing about $1.5 million from Canadian banks, also allegedly
hacked two U.S. banks, a credit and debit card distribution company and a
payment processor in what U.S. authorities are calling a global "cashout"
conspiracy.

The U.S. hacks have resulted in at least $10 million in losses, according
to court records obtained by Threat Level, and are just part of a larger
international conspiracy to hack financial institutions in the United
States and abroad.

The broadened case highlights the continued vulnerability of U.S. financial
networks to cybercrime, despite supposedly tight industry security
standards. It comes on the heels of other multimillion-dollar heists that
also breached the security protecting ATM codes and account information. In
late 2007, criminals used four hacked iWire payroll cards to steal $5
million from ATMs around the world in just two days. Shortly thereafter, a
processing server that handles withdrawals from Citibank-branded ATMs at
7-Eleven convenience stores was cracked, leading crooks to converge on New
York to withdraw at least $2 million from Citibank accounts using the
stolen ATM data. And a carefully coordinated global heist last November
resulted in a one-day haul of $9 million in cash, following a breach at
payment processor RBS WorldPay.

Tenenbaum, 29, made headlines a decade ago under his hacker handle "The
Analyzer" for penetrating Pentagon computers and other networks. He'd been
living in France, and had only been in Canada about five months on a
six-month visitor's permit when he was arrested last August in Calgary with
three alleged accomplices for allegedly hacking into Direct Cash
Management, a Calgary company that distributes prepaid debit and credit
cards. A Canadian court granted him CDN $30,000 bail, but before he could
be released from jail, U.S. authorities swooped in with a provisional
warrant to retain him in custody while they pursued an indictment and
extradition.

[snip]

More:
http://blog.wired.com/27bstroke6/2009/03/the-analyzer-ha.html

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)

wj8DBQFJybDXq1pz9mNUZTMRAha2AJ9IZw/gQunezVvUGtewsgDxn8BhmACfb/sn
jejt2Fm8dFTo8OiZ8g80b+c=
=5XwB
-----END PGP SIGNATURE-----



-- 
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawgster(at)gmail.com
 ferg's tech blog: http://fergdawg.blogspot.com/
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.