Feeds

Alleged SpyEye big fish hauled in for US trial

Suspected banking botmaster extradited from Thailand

SANS - Survey on application security programs

Alleged SpyEye kingpin Hamza Bendelladj now faces a 23-count computer hacking and fraud indictment following his extradition from Thailand to the US last week.

Bendelladj, a 24-year-old Algerian national, is suspected by the FBI of making millions from selling the SpyEye banking Trojan toolkit to cybercrooks through various underground online marketplaces and carding forums.

SpyEye is a customisable Trojan with varying components that is widely used to steal bank account login information from compromised PCs. The malware ranks alongside ZeuS as the two worst pathogens of their kind. The developers of SpyEye and Zeus started out as rivals, but since April 2011 evidence in the malicious code itself as well as posts on underground cybercrime forums suggest the two groups are collaborating.

Often cybercrime arrests net phishing mules, low-level crooks who are paid to run bank accounts designed to receive looted funds from compromised accounts. The Feds allege that Bendelladj operated much higher up the food chain.

Bendelladj (alleged to operate under the handle Bx1) faces 11 counts of computer fraud, 10 counts of wire fraud and two conspiracy charges. US investigators alleged that between 2009 to 2011, Bendelladj and unnamed cohorts "developed, marketed and sold various versions of the SpyEye virus and component parts on the internet and allowed cybercriminals to customise their purchases to include tailor-made methods of obtaining victims’ personal and financial information."

Bendelladj is also alleged to have operated Command and Control (C&C) servers linked to the banking botnet. One of the files on a SpyEye C&C server hosted in Georgia contained information from approximately 253 unique financial institutions, the FBI said.

If convicted on all counts, Bendelladj faces a theoretical maximum of up to 30 years in prison for conspiracy to commit wire and bank fraud along with fines of up to $14m.

It's not clear how much any leader of SpyEye would have made from its nefarious activities or how far the FBI have got in tracking down ill-gotten loot connected to sales of the Trojan and botnet herding.

Court papers contain allegations that Bendelladj's main role in the scam was two-fold: advertising sales of SpyEye licences on underground forums and running botnets of compromised hosts.

Bendelladj was apprehended at Suvarnabhumi Airport in Bangkok, Thailand, while he was in transit from Malaysia to Egypt back in January. In a DoJ statement on Bendelladj's extradition, FBI officials and prosecutors were both keen to ram home the message that they were keen to haul alleged cybercrooks in for trial wherever they operated from or travelled to across the world.

The indictment charges Bendelladj and his co-conspirators with operating servers designed to control the personal computers of unsuspecting individuals and aggressively marketing their virus to other international cybercriminals intent on stealing sensitive information," said acting assistant attorney General Raman. "The extradition of Bendelladj to face charges in the United States demonstrates our steadfast determination to bring cybercriminals to justice, no matter where they operate.

FBI Special Agent in Charge Mark Giuliano added: “The FBI has expanded its international partnerships to allow for such extraditions of criminals who know no borders.”

Additional security-related comment on the extradition can be found in a post by Lisa Vaas on Sophos' Naked Security blog here. ®

High performance access to file storage

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.