Two suspects who were arrested in Canada last year with Israeli hacker Ehud Tenenbaum have been cleared of all the charges against them.
A third suspect, Tenenbaum's girlfriend, is still charged with helping him commit millions of dollars in fraud. Tenenbaum himself is out on $30,000 bail but is being sought by the United States for extradition to New York to face felony charges of conspiracy and fraud.
Canadian Crown Prosecutor Jane McClellan stayed the charges against Spyros Xenoulis, 33, and Ralph Jean-Francois, 28, (various news reports have called him Ralph Jean-Francois and Jean Francois Ralph; Threat Level's efforts to clear up the confusion have so far been unsuccessful) without giving a reason. The government retains the right to re-open the case against them for up to a year.
Priscilla Mastrangelo, 30 (whom Tenenbaum has identified as his fiancee), has not been cleared of charges. Tenenbaum has been living with Mastrangelo since his release on bond last year, according to local news reports.
Tenenbaum, aka "The Analyzer" (shown at right in an old photo), achieved worldwide notoriety as a teenager in 1998, when he was caught pulling off a series of recreational intrusions into Pentagon computers, in an investigation the Defense Department code named "Solar Sunrise."
Last September Canadian authorities announced they had arrested the now-29-year-old Tenenbaum and three Canadian accomplices for allegedly hacking into computers belonging to Direct Cash Management in Calgary, Alberta, which sells prepaid debit and credit cards through various merchants, and increasing the cash limits on those cards.
Tenenbaum and the others allegedly withdrew CN$1.8 million (about U.S. $1.7 million) on the cards through ATMs in Canada and other countries. The arrests followed a months-long investigation by Canadian police and the U.S. Secret Service.
Canadian Crown Prosecutor McClellan described for Threat Level at the time how the alleged scheme worked. A number of people purchased 37 prepaid debit cards with small cash limits on them — usually CN$15. Then tracking data encoded in the magnetic stripe on the back of the card was allegedly passed to Tenenbaum.
That tracking data contained the account number and the customer PIN that allows the cardholder to withdraw cash from the account. Tenenbaum, alone or with the help of others, then allegedly hacked into Direct Cash's server using a SQL injection attack and deleted the limits on some cards and increased the limit on other cards to a combined total of more than CN$3.5 million. The amount on one card account alone was increased to more than CN$1 million.
The card track data was then given or sold to others around the world who encoded blank cards with the data and used it to withdraw cash on the accounts. Within days CN$1.8 million had been stolen.
Direct Cash discovered the problem when it conducted a weekly audit and noticed that CN$1.4 million was missing. A subsequent forensic audit of its system revealed that someone had used a SQL injection attack to hack the company's server.
McClellan said that Tenenbaum and people associated with him were caught on ATM video cameras withdrawing some of the cash soon after the cash limits on the cards were changed.
Tenenbaum was facing six counts of fraudulent use of credit card data and one count of fraud over $5,000 in Canada. He initially remained in custody in Calgary without bail, even though the three other suspects were released on bond.
Then a court granted him $30,000 bail. But before Tenenbaum could leave the Calgary jail, U.S. authorities obtained a provisional warrant ordering Canadian authorities to retain him in custody, presumably while the grand jury in New York met to examine the evidence against him in the United States.
Tenenbaum was 19 when he was arrested in 1998 along with several other Israelis and two California teens in one of the first high-profile hacker cases that made international news. According to Israeli court documents, Tenenbaum used sniffer and Trojan-horse programs to break into computer systems belonging to two Israeli ISPs and obtain user names and passwords of customers. He used the hijacked customer accounts to breach other computer systems belonging to all of the universities in Israel, the websites for the Israeli parliament and Israel's president, and a system belonging to Hamas, a militant Palestinian organization. An attempt to breach the computer system of the Israel Defense Forces failed.
Tenenbaum, who referred to the California teens as his pupils, taught his accomplices how to hack into U.S. systems and gave them sniffer and Trojan programs to assist them. He and his cohorts breached systems belonging to the Department of Defense, the Air Force and Navy, NASA, MIT, and several U.S. Ivy League universities.
See also:
- Israeli Hacker 'The Analyzer' Indicted in New York
- "The Analyzer" Released on Bail; Mom Says FBI Out to Get Her Son
- Israeli Hacker Known as "The Analyzer" Suspected of Hacking Again
- Video: Solar Sunrise, the Best FBI-Produced Hacker Flick Ever
- Kevin Mitnick Tells All in Upcoming Book — Promises No Whining
- Feds Charge 11 in Breaches at TJ Maxx
- E-Gold Gets Tough on Crime
- I Was a Cybercrook for the FBI
- Confessions of a Cybermule
- Secret Service Operative Moonlights as Identity Thief
