SubscribeFREE EBOOK
Valid Email Required to receive free eBookSecurity Tips
Browse by Category
Identity Theft Expert; Anatomy of a Hack
Published: Mar 26, 2009Robert Siciliano Identity Theft Expert
There is a battle going on round the clock, between the bad hackers and the good hackers. Most of the time, the good guys lose. Here we have an example of the bad guy actually getting caught.
At age 19, an Israeli criminal hacker named Ehud Tenebaum made news as “The Analyzer,” (a great tag for a criminal hacker) after he cracked and penetrated the Pentagon, NASA and even Hamas computer networks. 
He then went silent and is believed to have embarked on a 10 year long international conspiracy to hack networks of United States and Canadian banks and other financial institutions. Losses are estimated at $10-12 million.
The Analyzer’s hacking technique is believed to be “SQL injection,” a tactic that I’ve blogged about previously, which exploits vulnerabilities in software development.
A forensic analyst who investigated breaches in both countries found a common thread in each hack. Servers in Virginia owned by HopOne, an ISP, were used as a routing point, receiving their commands from another set of servers at a Dutch hosting company.
Here’s where Big Brother is watching, and in this case, for good reason.
Last spring, US investigators working with Dutch authorities requested that all data traffic from the Dutch servers on route to Virginia be intercepted through wiretapping and provided to authorities.
During this time, criminal hackers from all over the world used the stolen data to create ATM white cards and prepaid gift cards loaded with cash. They withdrew cash from ATMs on three continents to the tune of approximately $450,000.
According to Wired, the wiretapped traffic included email discussions between numerous criminal hackers, regarding their accomplishments. One email address, Analyzer22@hotmail.com, provided investigators with their smoking gun. The Hotmail address had Ehud Tenebaum’s name and age registered along with it. Not too smart, E.T.
Ehud Tenebaum owned and operated a Canadian computer security company called Internet Labs Secure. One of the IP addresses used to access the Hotmail account was registered to Tenebaum’s business. E.T. phoned home and got caught.
This is one example of high tech organized criminals taking advantage of numerous flaws in the technology 
we use every day.
Be warned, there are plenty more to take E.T.’s place. Chances are, someone moved right in where he left off.
Invest in identity theft protection. Install and update Internet security software such as McAfee. Check your bank and credit card statements online bi-weekly and make sure to refute unauthorized charges within a 30 to 60 day period.
I’m excited to work with uni-ball in 2009 in a partnership to help raise awareness about the growing threat of identity theft and provide tips for protecting yourself. Check out uniball-na.com for more information.
Identity Theft Speaker Robert Siciliano discussing credit card hacks here
Similar Posts
- Criminal Hacker Gets 20. Books, Movies and Hollywood Starlet Next
Robert Siciliano Identity Theft Expert Albert Gonzalez and his gang of criminal hackers were responsible for data breaches in retailers and payment processors, with some estimates saying they breached over 230 million records combined. Gonzalez, considered a proficient criminal hacker, provided “dumps,” a term which refers to stolen credit card data, to “carders.” “Carders” are the - Big Time Identity Theft Hackers Indicted
Robert Siciliano Identity Theft Expert ABC news and a bazillion other outlets report that a former informant for the Secret Service was one of three men charged with stealing credit and debit card information from 170 million accounts in the largest data breach in history. The former informant, Albert Gonzalez of Florida, A.K.A “Segvec”, “SoupNazi,” and “j4guar17,” - Russian Hackers Make Millions Breaching 7/11 and ATMs
Robert Siciliano Identity Theft Expert It started simply by hacking 7-Elevens public website using a SQL injection. SQL is abbreviation of Structured Query Language. Pronounced ”Ess Que El” or ”Sequel” depending on who you ask. This led to 7 elevens main servers compromised which led to ATMs within 7-Eleven hacked. Wired reports ““The Russians, evidently using an SQL injection vulnerability, “gained unauthorized access - Data Breaches; LexisNexis – FAA Hacked, Botnets Grow, Hackers Hold Data Ransom
Identity Theft Expert What a week. Just when it starts to get boring, criminal hackers put on a spectacular show. Criminal hackers continue to step up to the plate. Security professionals are fighting, and sometimes losing, the battle. Here’s one week’s worth of hacks: Lexis Nexis, which owns ChoicePoint, an information broker I recently blogged about that was - Stealing Secrets: Telling Lies Over the Phone
In a recent post (Hackers Play “Social Engineering Capture The Flag” At Defcon) I pointed to a game in which contestants used the telephone to convince company employees to voluntarily cough up information they probably shouldn’t have. At the recent Defcon event, social engineers proved that it doesn’t take much more than asking to get
5 Responses to “Identity Theft Expert; Anatomy of a Hack”
[...] Criminal hackers are going hog wild. [...]
[...] fact remains there are scumbags out there trying to figure out how to get you to part with your money in thousands of ways every [...]
[...] fact remains there are scumbags out there trying to figure out how to get you to part with your money in thousands of ways every [...]
[...] hacking for fun and fame is no more. He cut his hair and has now graduated into a full time professional criminal hacker, hacking for government secrets and financial [...]
[...] hacking for fun and fame is no more. He cut his hair and has now graduated into a full time professional criminal hacker, hacking for government secrets and financial [...]