Occasionally we witness the underground coming above ground to face the music. Here what could be considered a brilliant hacker who even owned and operated a security company, is enemy number one.
At age 19, an Israeli criminal hacker named Ehud Tenebaum made news as “The Analyzer,” (a great tag for a criminal hacker) after he cracked and penetrated the Pentagon, NASA and even Hamas computer networks.
He then went silent and is believed to have embarked on a 10 year long international conspiracy to hack networks of United States and Canadian banks and other financial institutions. Losses are estimated at $10-12 million.
The Analyzer’s hacking technique is believed to be “SQL injection,” a tactic that I’ve blogged about previously, which exploits vulnerabilities in software
A forensic analyst who investigated breaches in both countries found a common thread in each hack. Servers in Virginia owned by HopOne, an ISP, were used as a routing point, receiving their commands from another set of servers at a Dutch hosting company.
Here’s where Big Brother is watching, and in this case, for good reason.
Last spring, US investigators working with Dutch authorities requested that all data traffic from the Dutch servers on route to Virginia be intercepted through wiretapping and provided to authorities.
During this time, criminal hackers from all over the world used the stolen data to create ATM white cards and prepaid gift cards loaded with cash. They withdrew cash from ATMs on three continents to the tune of approximately $450,000.
Wired, the wiretapped traffic included email discussions between numerous criminal hackers, regarding their accomplishments. One email address, Analyzer22@hotmail.com, provided investigators with their smoking gun. The Hotmail address had Ehud Tenebaum’s
name and age registered along with it. Not too smart, E.T.
Ehud Tenebaum owned and operated a Canadian computer security company called Internet Labs Secure. One of the IP addresses used to access the Hotmail account was registered to Tenebaum’s business. E.T. phoned home and got caught.
This is one example of high tech organized criminals taking advantage of numerous flaws in the technology we use every day.
Be warned, there are plenty more to take E.T.’s place. Chances are, someone moved right in where he left off.
Invest in identity theft protection. Install and update Internet security software. Check your bank and credit card statements online bi-weekly and make sure to refute unauthorized charges within a 30 to 60 day period.
Identity Theft Speaker Robert Siciliano discussing credit card hacks