€100 Million a Month Fraud Ring, and a Hacker From the 1998 Pentagon Breach

Thursday, 16/07/2026 | 08:18 GMT by Damian Chmiel
  • Police in the Netherlands and Belgium said they dismantled a network of about 20 call centers and more than 700 fake financial advisers.
  • The Dutch media identify him as "The Analyzer," the hacker who first drew global attention with the 1998 Pentagon and NASA break-ins.
Media reports suggest the alleged ringleader may be the hacker known as "The Analyzer." Source: NSA
Media reports suggest the alleged ringleader may be the hacker known as "The Analyzer." Source: NSA

Police in the Netherlands and Belgium said this week they had broken up an international investment-fraud operation that ran roughly 20 call centers and more than 700 people posing as financial advisers, an organization that at its peak took in an estimated €100 million (about $114 million) a month.

Six people have been arrested, and investigators say the central figure is a 46-year-old dual Israeli-Polish national with a long history in the hacking world.

The main suspect was detained at a Polish airport on May 26 as he arrived from Dubai, then handed to the Netherlands, where a judge ordered him held for 14 days pending trial.

Dutch police said he had been prosecuted before for breaking into the computer systems of foreign government bodies.

An Operation Run Like a Company

The network had been active since at least 2021 and was built to resemble a legitimate business, police said. One head office managed the branches spread across several countries, each with teams assigned to a specific target market.

The scale is large even by the standards of Europe's boiler rooms, the industrialized call-center scams that FinanceMagnates.com has tracked through leaked recordings and internal data. Police link about 550 complaints in the Netherlands and another 200 in Belgium to the group, and believe the worldwide victim count runs into the tens of thousands.

Dutch victims alone lost close to €25 million, most of them more than €10,000 each, according to police. Henrique van Huisstede of the Midden-Nederland police told broadcaster RTL the network was "responsible for a significant portion of all investment fraud in the Netherlands."

The Hacker Police Won't Name

Dutch police did not release the suspect's name, describing him only as a well-known hacker who was, in their words, "no stranger to the cyber world." That reticence has not stopped the identification from spreading.

The newspaper De Telegraaf and the English-language outlet NL Times identified the man as Ehud "Udi" Tenenbaum, a 46-year-old dual national long known in hacking circles as "The Analyzer." Police, however, have not confirmed the name.

If that reporting is correct, it would put a figure from the early history of computer crime at the center of the case. Tenenbaum drew international attention in 1998, when a teenage break-in later dubbed Solar Sunrise hit systems at the Pentagon, NASA and the US military, an intrusion American officials at first feared was a state-backed attack.

A decade later he surfaced again, arrested in Canada in 2008 and extradited to the United States over a scheme prosecutors tied to about $10 million stolen from US banks and card processors. He pleaded guilty in 2012 and was sentenced to time served plus restitution.

The age, nationality and record cited by Dutch reporters match that public trail, though none of it has been confirmed by authorities in this case.

The group used pseudonyms and technical tricks to hide identities and locations, the kind of concealment that has frustrated European investigators in other takedowns.

Europe's Boiler-Room Busts Keep Growing

European police have been pulling these call-center networks apart at a steady clip, and the totals keep climbing. In November, Cypriot, French and Belgian authorities arrested seven people over a Limassol operation said to have turned over close to €1 billion in five years.

A month later, a Europol-coordinated action broke up a network accused of laundering more than €700 million, one that leaned on deep-fake celebrity ads to reel in victims.

Spanish investigators dismantled a €460 million ring earlier in 2025, part of a run of cases that stretched from the Canary Islands to shell companies in Hong Kong.

An older German case reached €89 million across roughly 33,000 victims. The Dutch-Belgian network stood out for its pace rather than its headline total, an estimated €100 million a month at its peak, run by a payroll of more than 700 that made it look closer to a mid-sized company than a back-room scam.

How the Money Disappeared

The playbook, as police describe it, changed little from earlier schemes. So-called advisers spent weeks or months building a rapport with targets, often by phone, before steering them toward what looked like a professional trading platform.

First deposits were small and appeared to turn a quick profit. The dashboards victims logged into looked convincing, but no money was ever invested.

As trust grew the sums grew with it, much of it moved in cryptocurrency, until the funds simply landed with the operators. The small-deposit, fake-profit hook has been a fixture of these frauds for years, Europol has noted in earlier cases.

For victims, the collapse was abrupt. One Dutch victim, identified only as Alex, said that when he tried to withdraw, "all contact was suddenly cut off." He described the moment he understood the savings were gone as watching the life he had planned come apart.

A Second Scam Aimed at the Same Victims

There is a sting in the tail. Police warned that victims who pull out are sometimes approached by a so-called recovery firm promising to claw back their money for an upfront fee, an outfit that in many cases belongs to the same criminal group.

That double-dip is a well-worn tactic. Spanish police last year described a gang that hit the same victims three times, posing first as investment managers, then as recovery agents, then as officials demanding tax before releasing funds.

For now, Dutch prosecutors have the alleged organizer in custody on a 14-day detention order and say more arrests may follow. The financial investigation, including efforts to trace and freeze assets, is still going on.

Police in the Netherlands and Belgium said this week they had broken up an international investment-fraud operation that ran roughly 20 call centers and more than 700 people posing as financial advisers, an organization that at its peak took in an estimated €100 million (about $114 million) a month.

Six people have been arrested, and investigators say the central figure is a 46-year-old dual Israeli-Polish national with a long history in the hacking world.

The main suspect was detained at a Polish airport on May 26 as he arrived from Dubai, then handed to the Netherlands, where a judge ordered him held for 14 days pending trial.

Dutch police said he had been prosecuted before for breaking into the computer systems of foreign government bodies.

An Operation Run Like a Company

The network had been active since at least 2021 and was built to resemble a legitimate business, police said. One head office managed the branches spread across several countries, each with teams assigned to a specific target market.

The scale is large even by the standards of Europe's boiler rooms, the industrialized call-center scams that FinanceMagnates.com has tracked through leaked recordings and internal data. Police link about 550 complaints in the Netherlands and another 200 in Belgium to the group, and believe the worldwide victim count runs into the tens of thousands.

Dutch victims alone lost close to €25 million, most of them more than €10,000 each, according to police. Henrique van Huisstede of the Midden-Nederland police told broadcaster RTL the network was "responsible for a significant portion of all investment fraud in the Netherlands."

The Hacker Police Won't Name

Dutch police did not release the suspect's name, describing him only as a well-known hacker who was, in their words, "no stranger to the cyber world." That reticence has not stopped the identification from spreading.

The newspaper De Telegraaf and the English-language outlet NL Times identified the man as Ehud "Udi" Tenenbaum, a 46-year-old dual national long known in hacking circles as "The Analyzer." Police, however, have not confirmed the name.

If that reporting is correct, it would put a figure from the early history of computer crime at the center of the case. Tenenbaum drew international attention in 1998, when a teenage break-in later dubbed Solar Sunrise hit systems at the Pentagon, NASA and the US military, an intrusion American officials at first feared was a state-backed attack.

A decade later he surfaced again, arrested in Canada in 2008 and extradited to the United States over a scheme prosecutors tied to about $10 million stolen from US banks and card processors. He pleaded guilty in 2012 and was sentenced to time served plus restitution.

The age, nationality and record cited by Dutch reporters match that public trail, though none of it has been confirmed by authorities in this case.

The group used pseudonyms and technical tricks to hide identities and locations, the kind of concealment that has frustrated European investigators in other takedowns.

Europe's Boiler-Room Busts Keep Growing

European police have been pulling these call-center networks apart at a steady clip, and the totals keep climbing. In November, Cypriot, French and Belgian authorities arrested seven people over a Limassol operation said to have turned over close to €1 billion in five years.

A month later, a Europol-coordinated action broke up a network accused of laundering more than €700 million, one that leaned on deep-fake celebrity ads to reel in victims.

Spanish investigators dismantled a €460 million ring earlier in 2025, part of a run of cases that stretched from the Canary Islands to shell companies in Hong Kong.

An older German case reached €89 million across roughly 33,000 victims. The Dutch-Belgian network stood out for its pace rather than its headline total, an estimated €100 million a month at its peak, run by a payroll of more than 700 that made it look closer to a mid-sized company than a back-room scam.

How the Money Disappeared

The playbook, as police describe it, changed little from earlier schemes. So-called advisers spent weeks or months building a rapport with targets, often by phone, before steering them toward what looked like a professional trading platform.

First deposits were small and appeared to turn a quick profit. The dashboards victims logged into looked convincing, but no money was ever invested.

As trust grew the sums grew with it, much of it moved in cryptocurrency, until the funds simply landed with the operators. The small-deposit, fake-profit hook has been a fixture of these frauds for years, Europol has noted in earlier cases.

For victims, the collapse was abrupt. One Dutch victim, identified only as Alex, said that when he tried to withdraw, "all contact was suddenly cut off." He described the moment he understood the savings were gone as watching the life he had planned come apart.

A Second Scam Aimed at the Same Victims

There is a sting in the tail. Police warned that victims who pull out are sometimes approached by a so-called recovery firm promising to claw back their money for an upfront fee, an outfit that in many cases belongs to the same criminal group.

That double-dip is a well-worn tactic. Spanish police last year described a gang that hit the same victims three times, posing first as investment managers, then as recovery agents, then as officials demanding tax before releasing funds.

For now, Dutch prosecutors have the alleged organizer in custody on a 14-day detention order and say more arrests may follow. The financial investigation, including efforts to trace and freeze assets, is still going on.

About the Author: Damian Chmiel
Damian Chmiel
  • 3745 Articles
  • 115 Followers
About the Author: Damian Chmiel
Damian Chmiel is a Senior Analyst & Editor at Finance Magnates with more than 15 years of experience in the CFD and online trading industry. Active as both a trader and journalist since 2010, he focuses on broker coverage, fintech innovation, and regulatory developments across Europe, the Middle East, and Asia. His work includes interviews with C-level leaders at major brokerages and fintech platforms, as well as co-authoring Finance Magnates’ quarterly industry benchmarking reports. Damian’s reporting is data-driven, market-aware, and grounded in direct industry engagement. His analysis and commentary have also been cited by external media outlets, including Investing.com, Binance, The Asset, Stockhead, and Dispatch. Education: MA in Finance and Accounting, Cracow University of Economics
  • 3745 Articles
  • 115 Followers

More from the Author

Retail FX

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}