Israeli media announced (and Hebrew) that Eliran Rosanes, 30, a disgruntled employee of Bank Leumi’s credit card unit (Leumi Card), stole data from 2.5-million bank clients, and was arrested. He worked as a customer service representative there from 2008-2013. In 2009, he was promoted to senior customer service representative, which offered him access to the customer database.
In 2013, he sought another promotion to a leadership role in the bank and it was denied. He then decided to steal the database and try to sell it or extort money from the bank after quitting.
He would listen to recorded conversations between bank representatives and customers opening new credit card accounts. He would listen for the customer to offer the security code and then locate the same account in the database. Combining this information allowed him to proceed to the next step in the fraud. Using a Skype account and a special application that disguised his voice, he would call the bank pretending to be the credit card holder and ask to change the mailing address. Once he’d done that he would call the bank and say the card had been lost or no longer worked. New cards would be mailed to the new addresses Rosanes and his partners in crime had provided. Then they used a motor scooter registered with false papers to travel to ATMs throughout the city, where they withdrew funds from the accounts they’d compromised.
He also used the cards to make fraudulent purchases making sure the amounts were under $75 so that it would be unlikely to arouse the suspicion of the credit card holder.
Later he, along with co-conspirators he’d known since childhood and whom police are calling “a bunch of nerds,” threatened to sell or expose the stolen data unless it paid $3-million.
Until this point, the case is a run of the mill extortion-credit-card-fraud scheme. But a confidential Israeli source tells me that the Shabak has been interrogating Rosanes and for the first few days he received the standard treatment, according to which he was denied access to his attorney. My source confirms, and this is where the case gets interesting, there is a security element to the charges (though he refused to elaborate further) against the suspect.
Yisrael Hayom alludes to this fact in this sentence from its report:
Additional charges were filed against him which are concealed under gag order…The secret [portion of the] investigation was highly complex and sophisticated, using advanced technological, intelligence and investigatory techniques with cooperation from the police negotiations unit.
The news articles note that he was captured in Thailand, where he’d become a fugitive. That’s an important clue to what Rosanes was likely doing there. You’ll recall that one of several alleged Iranian terror attacks against Israeli targets occurred in Thailand. It is a country that is neutral ground regarding the Israeli-Arab conflict. Israel operates there as well as many Arab countries. I find it highly likely Rosanes was peddling his data to an “enemy” Arab state or that such a country was collaborating with him in his extortion attempt against the bank.
My guess is that it was Iran. Iran has reportedly engaged in various hacks targeting western and Gulf business and intelligence interests, including the U.S. Such attacks were in retaliation for Israeli-U.S. hacks of Iran’s nuclear facilities and other forms of industrial sabotage.
This certainly would be known to Rosanes. If Bank Leumi refused to pay, why not get the ultimate revenge? Sell the data to an enemy of Israel. That would hurt the bank and the State. Such a potential crime would certainly pique the interest of the Shabak and explain their involvement.
But again as I’ve written here many times before, how does an Israeli citizen trying to sell stolen bank data to a state hostile to Israel become a national security threat worthy of judicial gag order? Why doesn’t the Israeli public deserve the right to know the full story?
Finally, this has to be a huge embarrassment for Bank Leumi, which has just offered to pay a substantial fine to the IRS for allowing customers to shield taxable assets from the U.S. government. How does Israel’s largest bank permit the theft of data from 2.5 million customers by an employee? One hopes shareholders and bank customers are asking that question today.
NOTE: I published a new piece in Middle East Eye about the legacy of Stuxnet and other Israeli-U.S. cyber-weapons as seen in the recent Sony-North Korea hacking scandal. Please read and promote on social media.