Ehud Tenenbaum, a notorious Israeli hacker arrested in Canada last year in relation to the theft of around $1.5 million, is now suspected of breaking into the systems of four US institutions as part of a global "cashout" conspiracy that resulted in the loss of at least $10 million.
In 1998 Tenenbaum gained notoriety as "The Analyzer" after being arrested following hacks on computer systems used by the Pentagon, Nasa, the Israeli parliament and Hamas.
In August he made the news again as one of four gang members arrested by Canadian police for allegedly stealing C$2 million by hacking the database of a Calgary-based business and loading money onto pre-paid cards.
The gang allegedly compromised the company's computer system and loaded money onto the pre-paid debit cards before withdrawing the cash at ATMs in Canada and several other countries.
He was granted bail by a Canadian court but was detained after US authorities asked for him to be kept in jail while they worked on extradition.
Details of the US allegations have now emerged after Wired magazine obtained an affidavit filed by officials with the Canadian court handling Tenenbaum's extradition case.
According to the affidavit, in January and February 2008 a US Secret Service investigation into a computer hacking "conspiracy" against banks and other firms, uncovered attacks on the systems of Texas-based OmniAmerican Credit Union and pre-paid card distributor Global Cash Card.
The attacker allegedly gained access using a SQL injection before stealing credit and debit card numbers that were then used to withdraw more than $1 million from ATMs around the world.
In April and May 2008, authorities investigated further SQL injection attacks on 1st Source Bank in Indiana, and pre-paid debit card processor Symmetrex, which resulted in losses of over $3 million.
The Secret Service traced the attacks to servers in Virginia acting as a routing point for systems at Dutch Web hosting company LeaseWeb.
Authorities in the Netherlands were asked to track and intercept traffic from three servers, resulting in the discovery of communications thought to be between Tenenbaum - using the e-mail address Analyzer22@hotmail.com - and other known criminals discussing the four hacks as well as moves against "many other" financial institutions.
According to the affidavit, in an MSN instant messenger conversation, on 18 April 2008, Tenenbaum revealed that he was responsible for hacking into the network of Global Cash Card, adding "yesterday I rechecked [Global Cash Card] they are still blocking everything. so we cant hack them again."
He also exchanged over 150 compromised card numbers stolen from Symmetrex.
On 20 April, the affidavit says he received updates on a "cashout" operation, where accomplices used stolen card data to withdraw money from ATMs in the US, Russia, Turkey and Canada, among others.
"Tenenbaum stated that after paying his cashers, he earned approximately "350 - 400," which, based on this investigation, most likely refers to 350,000 to 400,000 dollars or euros," says the affidavit.
Authorities say identifying Tenenbaum as Analyzer22@hotmail.com was surprisingly easy - he used his real name and date of birth to register for the account.
In addition, someone using an IP address registered to Internet Labs Secure, where he was a director, accessed the hotmail account. The address was also used to access the network of Global Cash Card and check and increase the balances of compromised accounts.
Israeli Hacker 'The Analyzer' Suspected of Hacking Again - Wired