14 DAY TRIAL // A Grand Jury from the Eastern District of New York has indicted Israeli hacker Ehud Tenenbaum, reports Threat Level. He is being accused of conspiring to commit and committing access device fraud and faces a maximum of 30 years in prison. Tenenbaum was arrested last month in Canada, where he is currently being detained and awaits extradition.
Ehud Tenenbaum, also known as “The Analyzer”, was born in Hod HaSharon, Israel. He achieved international fame in 1998, at the age of 19, when he was arrested for hacking into governmental systems in both Israel and the U.S. Tenenbaum started his hacking activity by using sniffing and Trojan applications to hack into the servers of an Israeli college where he stole usernames and passwords for numerous accounts. He continued by hacking into servers belonging to numerous Israeli universities, the Parliament, the Presidency and even a system used by the Palestinian Hamas organization.
After giving significant headaches to Israeli system administrators, he teamed up with a bunch of Californian teenagers, whom he taught how to hack by exploiting known vulnerabilities in the Solaris operating system and using malware applications. They called themselves the Enforcers and successfully got into systems belonging to the Pentagon, NASA, the U.S. Air Force and Navy as well as MIT and other U.S. universities. Their deeds even prompted the authorities to suspect Saddam Hussein being behind the attacks.
As a result, U.S. authorities launched an investigation codenamed Operation Solar Sunrise, which eventually led to the arrest of the Californian teenagers. They drove them to Tenenbaum, who was arrested in Israel, but was never extradited. He received two years of suspended prison and an $18,000 fine; after six months of community service, he started working as a security consultant. At that time, Bibi Netanyahu, Israel's prime minister, referred to the 19-year-old hacker as “damn good, but very dangerous, too".
Fast forward ten years and 2008 finds the now 29-year-old Tenenbaum in Canada, running a computer security business. He didn't give up the shady practices which previously earned his fame; however, the guy who once hacked for personal entertainment, now hacks for financial gain. Teaming up with Priscilla Mastrangelo (his fiancee), Sypros Xenoulis (his business partner) and Jean Francois Ralph, he pulls off a credit card scheme. Using SQL injection, he hacks into the servers of Direct Cash Management in Calgary, Alberta, and inflates the accounts of pre-paid debit cards, which were previously purchased by his accomplices. By using the cards, they proceed to withdrawing cash from ATMs across Canada, U.S. and other countries causing damage of around $1.7 million.
The gang was arrested by Canadian authorities in September, bails were set and all of Tenenbaum's accomplices were released after posting the bond. Even though a bail of $30,000 was also set for Tenenbaum's release, the U.S. authorities served their Canadian counterparts with a provisional warrant which forced them to detain him while extradition proceedings start.
“In or about February 2008, within the Eastern District of New York and elsewhere, the defendant Ehud Tenenbaum, [...] together with others, did knowingly and with intent to defraud effect transactions with one or more access devices,” reads the indictment.