[ISN] Hacker cracks bank's computer code

InfoSec News isn at c4i.org
Thu Apr 7 02:13:58 EDT 2005


April 6, 2005 

A hacker who managed to break into the computer network of the Postal
Bank and transfer large sums of money to the accounts of
co-conspirators was sentenced to 16 months in prison by the Haifa
magistrate's court on Wednesday.

David Sternberg, 24, of Haifa, was caught in January last year shortly
after setting up his sophisticated computer "sting" operation that
involved six collaborators who were also arrested.

Sternberg apparently lived in the US for a while and was allegedly
responsible for causing the collpase at the time of the "E-Bay" web
site and other offenses that, according to police here, brought him to
the attention of the FBI.

He returned to Israel, but it was not long before he was once again up
to his tricks - this time concentrating on using the computer network
of the Postal Bank to try and make some easy money.

It started with a mysterious break-in at the Postal Bank branch office
in the exclusive Dania housing district of Haifa. Bank officials
reported the apparent burglarly but found that nothing had been stolen
and the case was closed.

In fact, Sternberg perhaps accompanied by an accomplice, had simply
opened the communications box in the bank and connected a remote
controlled "access point" device to the computer network.

"This gave him instant access to all of the bank's accounts and
transactions nationwide," Supt. Herby Frimet of the Northern Region
White Collar Fraud Squad told the Jerusalem Post on Wednesday.

"The device itself could barely be seen and would not mean anything to
anyone except an expert in the field, which is eventually what

Frimet said that in the interim Sternberg had made arrangements with
six accomplices who either had accounts with the bank or opened new
ones to which Sternberg transferred money from other accounts.

"The deal was that they would get a percentage of the takings and he
and his main partner would get the remainder," said Frimet.

The range of the wire-less connector was apparently restricted but
Sternberg overcame this problem by renting a small room in the offices
of a real estate agents less than 30 meters away from the Postal Bank
branch office in Dania.

"He posed as a business representative and had a desk, a chair and his
computer and that is where he worked with nobody being any the wiser
as to his real activities," said Frimet.

The computer fraud came to light when officials at the Tel Aviv head
office of the bank noticed that certain amounts of money were being
transferred on a regular basis from the bank's main account to those
of certain individuals.

The instructions for the transfers originated from the Dania branch
and security experts, including those well versed in computers, were
sent to the scene to investigate and eventually uncovered the
wire-less access point device attached to the computer network.

Sternberg was convicted of having stolen some NIS 70,000 from the
bank's accounts in this manner, although police said the actual figure
was closer to NIS 400,000.

Ambushes were set up and the accomplices were caught after making
withdrawals from their accounts. Sternberg was arrested while "at
work" at his "office" near the bank branch in Dania.

"He and his gang were caught in the early stages and we were able to
seize and return a large amount of the money," said Frimet.

"Sternberg is a very clever man whom some might call a genius. He
knows how to break codes and break through barriers. He could have
earned a great deal of money doing a regular job but he chose a
different path," Frimet added.

More information about the ISN mailing list