Is Heartland/World Pay Suspect in Custody?
By Anthony M. Freed, Information-Security-Resources.com Financial Editor
Jailed international hacker and cyber criminal “The Analyzer,” (See Analyze This...More on "Hack You!") who awaits extradition to the U.S. from Canada to face charges related to cyber crimes committed in 2008, is now also a suspect in several other unspecified electronic crimes, according to authorities.
Finextra.com - Ehud Tenenbaum, a notorious Israeli hacker arrested in Canada last year in relation to the theft of around $1.5 million, is now suspected of breaking into the systems of four US institutions as part of a global “cashout” conspiracy that resulted in the loss of at least $10 million. In 1998 Tenenbaum gained notoriety as “The Analyzer” after being arrested following hacks on computer systems used by the Pentagon, Nasa, the Israeli parliament and Hamas.
In August he made the news again as one of four gang members arrested by Canadian police for allegedly stealing C$2 million by hacking the database of a Calgary-based business and loading money onto pre-paid cards. The gang allegedly compromised the company’s computer system and loaded money onto the pre-paid debit cards before withdrawing the cash at ATMs in Canada and several other countries.
The few details that have been released by authorities show a number of similarities to details from the RBS WorldPay breach of their pre-paid credit card division in late 2008, that resulted in a reported $9 million dollar heist perpetrated at numerous ATMs in several different countries.
ISR news - RBS WorldPay announced on December 23 that they’d been hacked, and personal information on approximately 1.5 million payroll-card and gift-card customers had been stolen. (Payroll cards are debit cards issued and recharged by employers as an alternative to paychecks and direct-deposit.) Now we know that account numbers and other mag-stripe data needed to clone the debit cards were also compromised in the breach.
Authorities investigating the RBS WorldPay breach, as well as the breach at Heartland Payment Systems, have used similar language to describe an international conspiracy that is targeting multiple financial institutions.
Based on these similarities, it seems highly likely that Tenenbaum and his cohorts may indeed be the culprits behind a rash of major information security breaches that have the Payment Card Industry pointing fingers and attempting to dodge responsibility for security compliance.
Early in the Heartland investigation, authorities indicated that the perpetrators were most likely part of an international crime ring, and stated that they had already identified a suspect, leading infosec blogger Evan Schuman to conclude in an article that this could be evidence that authorities had already been on the perpetrator’s trail for some time:
Given the word that the Secret Service believes it has located the prime suspect, it raises the possibility that law enforcement was already on their trail long before the Heartland spyware was detected.
In an email from Evan, he offered:
“The similarities of the modus operandi here are eerie. I’m not hearing that this guy is involved in Heartland, but it certainly wouldn’t stun me if he turns out to be.”
Heartland was apparently breached sometime in the Spring of 2008, but was supposedly not aware of the security lapse until notified by Visa and MasterCard at the end of October that they had problems.
This corresponds to the time line of similar criminal activities revealed in the investigation of Tenenbaum, with the majority of activity beginning in early 2008 and lasting most of the year:
Finextra.com - According to the affidavit, in January and February 2008 a US Secret Service investigation into a computer hacking “conspiracy” against banks and other firms, uncovered attacks on the systems of Texas-based OmniAmerican Credit Union and pre-paid card distributor Global Cash Card.In April and May 2008, authorities investigated further SQL injection attacks on 1st Source Bank in Indiana, and pre-paid debit card processor Symmetrex, which resulted in losses of over $3 million.
According to the affidavit, in an MSN instant messenger conversation, on 18 April 2008, Tenenbaum revealed that he was responsible for hacking into the network of Global Cash Card, adding “yesterday I rechecked [Global Cash Card] they are still blocking everything. so we cant hack them again.”
On 20 April, the affidavit says he received updates on a “cashout” operation, where accomplices used stolen card data to withdraw money from ATMs in the US, Russia, Turkey and Canada, among others.
It would be quite a relief to the finance industry if we knew for sure that the ringleader of such a prolific group of criminals was behind bars and awaiting trial. We can only hope that he turns on his partners in an effort to gain leniency for himself.
Until more details of the breaches are released, this is all purely speculation. Even if Tenenbaum turns out to be responsible for the RBS WorldPay and Heartland breaches, there are still an undisclosed number of participants on the loose, and an unknown number of systems that may be under threat of dormant malware that has yet to be discovered and neutralized.
Anthony is a researcher, analyst and freelance writer who worked as a consultant to senior members of product development, secondary, and capital markets from the largest financial institutions in the country during the height of the credit bubble. Anthony’s work is featured by leading Internet publishers including Reuters, The Chicago Sun-Times, Business Week’s Business Exchange, Seeking Alpha, and ML-Implode.
The Author gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author and to Information-Security-Resources.com
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uwooOdYM5rmwJxE7V1hMpqDHi1H7Moxbt14bodQhXgKHSbPAxaFYcJlbtazM_vmbh4gp-0UvZAcXl9C9NZSfjPSBT3fyfOcygkoM_zyMNf9l9T5jTp9_-w6Z1v4oPmkeSPah5L9L12M4Rm-MY6wbEl=s0-d)
