Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
SpyEye Masterminds Get 15, 9 Years in Jail, Respectively
#1
[Image: spyeye-masterminds-get-15-respectively-9...3248-2.jpg]
A judge sentenced two hackers involved in the creation, maintenance, and marketing of the SpyEye financial botnet to a combined sentence of 24 years in prison, the US Department of Justice has announced today.

Aleksandr Andreevich Panin, 27, from Russia, known online as Gribodemon and Harderman, received nine and a half years in prison, while his accomplice, Hamza Bendelladj, 27, from Algeria, known online as Bx1, got 15 years in jail.
"SpyEye's birth and beginnings"

SpyEye was a banking trojan developed in 2010 and advertised as a "Zeus Killer." You should know that Zeus was a similar banking trojan that existed prior to SpyEye's birth and that was the most famous and wide-reaching banking botnet when the latter appeared.

Panin was the main developer behind the SpyEye trojan, but according to the FBI, Bendelladj also helped once in a while develop new SpyEye components but more often aided Panin in advertising the botnet on underground hacking forums such as Darkode.

The FBI credits Bendelladj with creating SpyEye's Automated Transfer System (ATS), the backend panel that helps criminals transfer money from the victim's account, and "Web injects," the trojan's component that taps into browsers and steals the victim's banking portal login credentials. Bendelladj is also credited with creating the SpyEye component that removed the competing Zeus trojan from infected computers.

With the two collaborating, SpyEye grew in popularity, mainly due to an aggressive advertising campaign and thanks to a lower price than Zeus’.
"SpyEye merges with Zeus, and Bendelladj leaks their source code"

In November 2010, Panin and Evgeniy Bogachev, Zeus' creator, came to an agreement to merge the two botnets. Bogachev, known online as Slavik, decided to retire and handed over Zeus' source code to Panin.

Unknown to Panin, Bendelladj had other plans and eventually leaked Zeus' source code online, and later SpyEye's code. Authorities say that Bendelladj didn't always get along with Panin, which may explain why he took such actions.

Besides playing a key role in SpyEye's creation and distribution, Bendelladj received a bigger sentence because of his role in other cyber-criminal operations.

Bendelladj used data acquired via the SpyEye botnet to create the VCC.sc website, where he sold stolen credit card information to other cybercriminals.
"Authorities made three arrests related to SpyEye operations"

The first one to get caught was Bendelladj, who was arrested in Bangkok, Thailand, in January 2013 while traveling from Malaysia to Egypt. It was later discovered that Bendelladj collaborated with authorities, and his insider information helped the FBI shut down the Darkode hacking forum last summer.

US authorities arrested Panin a few months later, in July 2013, at Atlanta's airport, while the criminal was changing flights.
Play Video

In May of 2014, James Bayliss, a British hacker, was also arrested and accused of collaborating with Panin on creating the ccgrabber SpyEye plugin, which was capable of searching and collecting credit card and CVV numbers from a victim's Internet (for submission) requests.

Bayliss' trial is still underway while Evgeniy Bogachev, Zeus' creator, was never caught and remains one of the FBI's most wanted cyber-criminals, with a $3 million (€2.65 million) reward for his capture.
"SpyEye botnet takedown and Bendelladj's impact on cyber-crime"

Since their arrest, authorities and cyber-security vendors such as Trend Micro, Microsoft, Dell, Flashpoint, PhishLabs, and Damballa have taken down most of the SpyEye botnets.

Authorities claim that SpyEye infected over 50 million computers and helped crooks steal over $1 billion (€885 million). At one point during the investigation, rumors surfaced that Bendelladj donated over $100 million (€88.5 million) from the SpyEye stolen money to Palestinian charities.

Bendelladj's impact in the cyber-crime world is much more than that, possibly in the realm of tens of billions of dollars. By releasing the source code of Zeus and SpyEye, Bendelladj provided other cyber-crime groups with a starter kit in creating their own banking trojans.

Nowadays, almost every month, there is a new banking trojan popping up that uses the old Zeus malware model or small bits of code. Just yesterday, Proofpoint researchers discovered the Panda Banker trojan, the most recent version based on the old Zeus code. Previosuly, they found another similar banking trojan named Thanatos.

You could say that Bendelladj has singlehandedly made banking trojans a commodity on the criminal underground while previously these types of operations were only reserved for criminal groups possessing large amounts of cash to buy, rent, and operate such infrastructures.

Before getting arrested and following the release of SpyEye's source code online by his former partner Bendelladj, Panin was planning to release SpyEye 2.0.
[Image: spyeye-masterminds-get-15-respectively-9...3248-3.jpg]
source
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Antivirus mogul John McAfee dies by suicide in a Spain jail mrtrout 0 727 06-23-2021 , 09:24 PM
Last Post: mrtrout
  Indian National Gets 20-Year Jail in United States for Running Scam Call Centers mrtrout 0 1,696 12-02-2020 , 07:04 AM
Last Post: mrtrout
  AlphaBay Shut Down After Police Raid; Alleged Founder Commits Suicide in Jail LowcyGier 0 1,997 07-14-2017 , 07:29 PM
Last Post: LowcyGier

Forum Jump:


Users browsing this thread: 1 Guest(s)