Thursday, March 26, 2009

Analyze This...More on Hack You!

Maybe we should rename this guy, Ehud Tenenbaum "The Innoculator" since he used SQL Injection.

Or get him as a spokesman.  After all...his initials are E.T. and he can tell the E(F)T Networks to "Call Home(ATM)  Maybe we should call our product "The Innoculator" as we would fully protect Internet Retailers AND Financial Institutions from SQL Attacks.  (Did  you know there's ONLY 450,000 SQL attacks per day, up from 5000 in the 2Q '08?)


Here's more on this guy:

A hacker previously convicted of breaking into the Pentagon may be responsible for as much as US$10 million of similar thefts from US banks, investigators believe.Israeli Ehud Tenenbaum, aka. “The Analyzer”, is currently in Canadian custody on charges relating to a fraud which netted US$1.47 million from Direct Cash Management in Calgary, a firm that sells pre-paid debit cards.

Editor's Note: "He allegedly used SQL injection exploits to gain access to these supposedly secure financial databases, giving him access to account and card details." 

Let me be "The Analyzer" for a moment here.  He "gained access" to "supposedly secure" "financial databases using SQL injection.  When's the sequel?  Who's going to STAR in it?  This guy Accels in the Exchange of Information.  So if you put your finger on the PULSE, then Shazam!  A PCI 2.0 certified Hardware device designed for the web (can you say SAFE-T-PIN) is EXPONENTIALLY safer than a software approach. 


Tenenbaum was arrested in Montreal a month before his six month tourist visa ran out last year.Tenenbaum first achieved notoriety back in 1998 when - at the age of 19 - he was caught and convicted of hacking into US government computers including those of NASA and the Pentagon, as well as the Israeli Knesset. He escaped jail and was sentenced by an Israeli court to one year probation and also received a two year suspended sentence and a fine. Since then he has been off the radar.US authorities now wish Tenenbaum to be held in custody and may wish to extradite him over several hacks on US banks and card processing companies. According to an affidavit (PDF, obtained by Wired.com), US authorities believe Tenenbaum to be the ringleader in a global “PIN Cashout” conspiracy, using “cashers” in numerous countries to systematically empty accounts at institutions that he successfully hacked and taking a 10%-20% cut of the proceeds.

US financial organizations listed in the affidavit include OmniAmerican Credit Union of Texas, Global Cash Card of California, Symmetrex of Florida and 1st Source Bank of Indiana.

Tenenbaum allegedly used SQL injection exploits to gain access to these supposedly secure financial databases, giving him access to account and card details.


Once inside, he is alleged to have increased card limits before farming out card details to accomplices who would burn copies onto blank swipe cards and withdraw money in the US and abroad. US investigators believe that losses of at least US$10 million occurred as a result of these attacks.Curiously for a hacker capable of such audacious and complex fraud, Tenenbaum appears to have become careless, using a hotmail address that was registered under his real name to discuss some of the hacks. Feds also traced an IP address used to access the hotmail account back to Tenenbaum’s security company Internet Labs Secure.

Read the full story over at Wired


Reblog this post [with Zemanta]

Disqus for ePayment News