Alleged “SpyEye” mastermind extradited to US

Alleged "SpyEye" mastermind extradited to US

Hamza BendelladjThe US Department of Justice (DOJ) announced on Friday that it has extradited Hamza Bendelladj, a 24-year-old Algerian national whom the FBI believes is the mastermind behind the financial botnet toolkit “SpyEye.”

Bendelladj, aka “Bx1,” was extradited from Thailand to Atlanta, in the US state of Georgia, to face a 23-count indictment that charges him with:

  • One count of conspiring to commit wire and bank fraud,
  • 10 counts of wire fraud,
  • One count of conspiracy to commit computer fraud, and
  • 11 counts of computer fraud.

SpyEye, a variant on the Zeus banking Trojan, is designed to steal unsuspecting victims’ financial and personally identifiable information.

Court papers allege that from 2009 to 2011, Bendelladj and his cronies “developed, marketed and sold various versions of the SpyEye virus and component parts on the internet and allowed cybercriminals to customize their purchases to include tailor-made methods of obtaining victims’ personal and financial information.”

Bendelladj also allegedly advertised SpyEye on internet forums devoted to cyber- and other crimes and operated Command and Control (C&C) servers.

Eye spy. Image courtesy of Shutterstock.One of the files on Bendelladj’s C&C server in the Northern District of Georgia allegedly contained information from about 253 financial institutions.

If convicted, Bendelladj faces a maximum sentence of up to 30 years in prison for conspiracy to commit wire and bank fraud; up to 20 years for each wire fraud count; up to five years for conspiracy to commit computer fraud; up to five or 10 years for each count of computer fraud; and fines of up to $14 million dollars.

The DOJ courteously reminds us that it is determined to bring cybercrooks to justice, regardless of how many borders it has to cross to do it.

As US Attorney Sally Quillian Yates says:

"Bendelladj’s alleged criminal reach extended across international borders, directly into victims’ homes. In a cyber-netherworld, he allegedly commercialized the wholesale theft of financial and personal information through this virus which he sold to other cybercriminals. Cybercriminals take note; we will find you. This arrest and extradition demonstrates our determination to bring you to justice."

The long arm of the law has been extended, in fact, by expanded international partnerships that allow for extraditions of cross-border crimes, says FBI Special Agent in Charge Mark F. Giuliano:

"The federal indictment and extradition of Bendelladj should send a very clear message to those international cyber-criminals who feel safe behind their computers in foreign lands that they are, in fact, within reach."

The UK has been particularly successful in dragging SpyEye users across borders and into its courts.

That includes a Baltic trio whom the UK sent to prison last year, along with a hacker whom the UK jailed last spring for stealing millions of banking and PayPal identities.

Would-be criminals, take heed: obviously, nabbing Bendelladj is by no means a one-off, lucky strike.

The law can find you.

Image of spying eye courtesy of Shutterstock.