Feeds

Alleged SpyEye big fish hauled in for US trial

Suspected banking botmaster extradited from Thailand

Next gen security for virtualised datacentres

Alleged SpyEye kingpin Hamza Bendelladj now faces a 23-count computer hacking and fraud indictment following his extradition from Thailand to the US last week.

Bendelladj, a 24-year-old Algerian national, is suspected by the FBI of making millions from selling the SpyEye banking Trojan toolkit to cybercrooks through various underground online marketplaces and carding forums.

SpyEye is a customisable Trojan with varying components that is widely used to steal bank account login information from compromised PCs. The malware ranks alongside ZeuS as the two worst pathogens of their kind. The developers of SpyEye and Zeus started out as rivals, but since April 2011 evidence in the malicious code itself as well as posts on underground cybercrime forums suggest the two groups are collaborating.

Often cybercrime arrests net phishing mules, low-level crooks who are paid to run bank accounts designed to receive looted funds from compromised accounts. The Feds allege that Bendelladj operated much higher up the food chain.

Bendelladj (alleged to operate under the handle Bx1) faces 11 counts of computer fraud, 10 counts of wire fraud and two conspiracy charges. US investigators alleged that between 2009 to 2011, Bendelladj and unnamed cohorts "developed, marketed and sold various versions of the SpyEye virus and component parts on the internet and allowed cybercriminals to customise their purchases to include tailor-made methods of obtaining victims’ personal and financial information."

Bendelladj is also alleged to have operated Command and Control (C&C) servers linked to the banking botnet. One of the files on a SpyEye C&C server hosted in Georgia contained information from approximately 253 unique financial institutions, the FBI said.

If convicted on all counts, Bendelladj faces a theoretical maximum of up to 30 years in prison for conspiracy to commit wire and bank fraud along with fines of up to $14m.

It's not clear how much any leader of SpyEye would have made from its nefarious activities or how far the FBI have got in tracking down ill-gotten loot connected to sales of the Trojan and botnet herding.

Court papers contain allegations that Bendelladj's main role in the scam was two-fold: advertising sales of SpyEye licences on underground forums and running botnets of compromised hosts.

Bendelladj was apprehended at Suvarnabhumi Airport in Bangkok, Thailand, while he was in transit from Malaysia to Egypt back in January. In a DoJ statement on Bendelladj's extradition, FBI officials and prosecutors were both keen to ram home the message that they were keen to haul alleged cybercrooks in for trial wherever they operated from or travelled to across the world.

The indictment charges Bendelladj and his co-conspirators with operating servers designed to control the personal computers of unsuspecting individuals and aggressively marketing their virus to other international cybercriminals intent on stealing sensitive information," said acting assistant attorney General Raman. "The extradition of Bendelladj to face charges in the United States demonstrates our steadfast determination to bring cybercriminals to justice, no matter where they operate.

FBI Special Agent in Charge Mark Giuliano added: “The FBI has expanded its international partnerships to allow for such extraditions of criminals who know no borders.”

Additional security-related comment on the extradition can be found in a post by Lisa Vaas on Sophos' Naked Security blog here. ®

The essential guide to IT transformation

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
prev story

Whitepapers

Best practices for enterprise data
Discussing how technology providers have innovated in order to solve new challenges, creating a new framework for enterprise data.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?