SpyEye tag team banged up for 10 years plus for bank account emptying malware
Two men who are responsible for the spread of the SpyEye malware which reportedly caused more than a billion dollars in hardships, is now about to start their extended sentences in an American prison. Aleksander Panin, 27 and from Tver, Russia was given a jail term of nine years and six months by Judge Amy Totenberg, the United States District Court Judge in Georgia. Hamza Bendelladj, who is also 27, but hails from Tizi Ouzou, Algeria got 15 years for distribution of the malware and being in control of the command and control servers.
“It is difficult to overstate the significance of this case, not only in terms of bringing two prolific computer hackers to justice but also in disrupting and preventing immeasurable financial losses to individuals and the financial industry around the world,” said local US District Attorney John Horn.
The US District Attorney goes on to say,
“The outstanding work by our law enforcement partners, both domestically and internationally, as well as terrific cooperation from the private sector, serves as a blueprint on how to combat complex cyber-crime syndicates around the world.”
Panin has admitted to creating the malware known as SpyEye. He is charged with selling the malicious malware at $1,000 and $8,500 on the dark web hacking forums. The distribution was so effective that it surpassed the Zeus banking Trojan in distribution and effect. SpyEye installed a root-kit to hide itself, after infecting a system process on Windows PC. After this, the malware would slurp up the login details for online bank accounts, and siphon out any cash. It had to be manually installed, which meant a user was fooled into thinking the program was a legit executable.
Two Forces Combine
At the beginning, the Zeus and SpyEye trojans were in conflict, that the SpyEye code had an option with which to search out and destroy the rival Zeus trojan. But after that in 2011, Zeus author made a deal with Panin, selling the Zeus Trojan to him, who integrated it into SpyEye.
Bendelladj’s job, on the other hand, was to spread the malware and make sure the infection spread. An FBI estimate shows that around half a million users were infected with the code. The FBI also claim he sold browser plugins which made emptying victims bank accounts easy. He also had a website called VCC.sc that sold credit card data.
One of his sales points was the Darkode website, which was shut down in 2015, and led to multiple arrests. The FBI said at the he had been instrumental in providing information for the arrests. Bendelladj was arrested in Bangkok at the Suvarnabhumi airport in January, on his way home to Algeria. Panin was arrested on his way to his homeland at Atlanta airport after a holiday in the Dominican Republic.
Panin got a reduced sentence because of his plea bargain and waived his right to appeal the sentence while Bendelladj did plead guilty but refused a plea deal and can also appeal his sentence, which many believe will probably be unsuccessful.
“Through these arrests and sentencing, the risk the public unknowingly faced from the threat posed by the imminent release of a new highly sophisticated version of SpyEye was effectively reduced to zero,” said Britt Johnson, special agent in charge of the FBI’s Atlanta Field Office.
“Furthermore, the arrests and sentences serve as a strong deterrent to future malware developers and their customers, regardless of where they are located.”