Feeds

Alleged SpyEye big fish hauled in for US trial

Suspected banking botmaster extradited from Thailand

Providing a secure and efficient Helpdesk

Alleged SpyEye kingpin Hamza Bendelladj now faces a 23-count computer hacking and fraud indictment following his extradition from Thailand to the US last week.

Bendelladj, a 24-year-old Algerian national, is suspected by the FBI of making millions from selling the SpyEye banking Trojan toolkit to cybercrooks through various underground online marketplaces and carding forums.

SpyEye is a customisable Trojan with varying components that is widely used to steal bank account login information from compromised PCs. The malware ranks alongside ZeuS as the two worst pathogens of their kind. The developers of SpyEye and Zeus started out as rivals, but since April 2011 evidence in the malicious code itself as well as posts on underground cybercrime forums suggest the two groups are collaborating.

Often cybercrime arrests net phishing mules, low-level crooks who are paid to run bank accounts designed to receive looted funds from compromised accounts. The Feds allege that Bendelladj operated much higher up the food chain.

Bendelladj (alleged to operate under the handle Bx1) faces 11 counts of computer fraud, 10 counts of wire fraud and two conspiracy charges. US investigators alleged that between 2009 to 2011, Bendelladj and unnamed cohorts "developed, marketed and sold various versions of the SpyEye virus and component parts on the internet and allowed cybercriminals to customise their purchases to include tailor-made methods of obtaining victims’ personal and financial information."

Bendelladj is also alleged to have operated Command and Control (C&C) servers linked to the banking botnet. One of the files on a SpyEye C&C server hosted in Georgia contained information from approximately 253 unique financial institutions, the FBI said.

If convicted on all counts, Bendelladj faces a theoretical maximum of up to 30 years in prison for conspiracy to commit wire and bank fraud along with fines of up to $14m.

It's not clear how much any leader of SpyEye would have made from its nefarious activities or how far the FBI have got in tracking down ill-gotten loot connected to sales of the Trojan and botnet herding.

Court papers contain allegations that Bendelladj's main role in the scam was two-fold: advertising sales of SpyEye licences on underground forums and running botnets of compromised hosts.

Bendelladj was apprehended at Suvarnabhumi Airport in Bangkok, Thailand, while he was in transit from Malaysia to Egypt back in January. In a DoJ statement on Bendelladj's extradition, FBI officials and prosecutors were both keen to ram home the message that they were keen to haul alleged cybercrooks in for trial wherever they operated from or travelled to across the world.

The indictment charges Bendelladj and his co-conspirators with operating servers designed to control the personal computers of unsuspecting individuals and aggressively marketing their virus to other international cybercriminals intent on stealing sensitive information," said acting assistant attorney General Raman. "The extradition of Bendelladj to face charges in the United States demonstrates our steadfast determination to bring cybercriminals to justice, no matter where they operate.

FBI Special Agent in Charge Mark Giuliano added: “The FBI has expanded its international partnerships to allow for such extraditions of criminals who know no borders.”

Additional security-related comment on the extradition can be found in a post by Lisa Vaas on Sophos' Naked Security blog here. ®

New hybrid storage solutions

More from The Register

next story
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
TorrentLocker unpicked: Crypto coding shocker defeats extortionists
Lousy XOR opens door into which victims can shove a foot
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.