A Russian man accused of creating SpyEye, a malicious software used to drain bank accounts and steal information from 253 financial institutions, pleaded guilty to U.S. fraud charges.
The plea yesterday by Aleksandr Andreevich Panin, 24, is part of a U.S. crackdown on off-the-shelf malicious software and the use of botnets -- networks of computers enslaved by viruses and phishing e-mails. The software, sold online, has helped drive a cyber-crime boom in the U.S. and Europe. Such a product was used to hack into accounts at Target Corp. (TGT:US) and Neiman Marcus Group.
Panin entered his plea yesterday to a charge of conspiracy to commit wire and bank fraud before U.S. District Judge Amy Totenberg in Atlanta. He is scheduled for sentencing on April 29 and faces as long as 30 years in prison.
“Given the recent revelations of massive thefts of financial information from large retail stores across the country, Americans do not need to be reminded how devastating it is when cyber criminals surreptitiously install malicious codes on computer networks and then siphon away private information from unsuspecting consumers,” Acting Assistant Attorney General Mythili Raman said in a statement.
Panin, who is also known as “Gribodemon,” faced a 23-count indictment over his involvement in sales of SpyEye. The programming tool kit, sold for as little as $1,000 to upwards of $8,000, allowed cyber-criminals to customize their attacks in order to target certain financial data or other sensitive information, according to prosecutors.
On June 29, 2010, Panin advertised on the www.darkode.com Internet forum that SpyEye “is a bank Trojan with form grabbing possibility,” meaning malware designed to steal bank information, according to the indictment.
Panin “commercialized the wholesale theft of financial and personal information,” Atlanta U.S. Attorney Sally Quillian Yates said in a statement yesterday.
The amount of money stolen by SpyEye customers is probably well into the millions of dollars, said Jason Milletary, a researcher for Dell SecureWorks, a security services unit of Dell Inc., who has been studying SpyEye.
The product was sold to at least 150 customers including one known as “Soldier” who may have used it to steal $3.2 million over a six-month period, prosecutors said.
“That kind of gives you an idea of the potential scale,” he said in a phone interview today. Still, Milletary said, “I don’t know if we have a good picture overall.”
Once installed on victims’ computers, the SpyEye malware was monitored and controlled from remote servers, creating “a secret computer network,” according to the indictment. Data from about 1.4 million computers was affected, prosecutors said.
Such programs are “one of the most dangerous types of malicious software on the Internet today, which can steal people’s identities and money from their bank accounts without their knowledge,” Ricky Maxwell, acting special agent in charge with the Federal Bureau of Investigation’s Atlanta office, said in a statement.
Milletary said SpyEye was similar to other hacker software packages such as Zeus. In March 2012, a federal judge in Brooklyn, New York, ordered more than three dozen unidentified hackers to stop using Zeus and SpyEye botnets to hijack bank accounts. The civil case against the hackers was filed by Microsoft Corp. (MSFT:US), which claimed the 39 hackers stole more than $100 million through the botnets.
Aliases for the hackers involved in that case included “Gribodemon” and “Harderman,” both names prosecutors said were used by Panin. The list of hacker names in the case also included “Bx1,” the purported alias of Panin’s alleged SpyEye associate Hamza Bendelladj.
Bendelladj, of Algeria, pleaded not guilty in May in Atlanta federal court after being extradited from Thailand. Prosecutors alleged Bendelladj operated a server in Atlanta used by SpyEye customers to target financial institutions in the U.S. and elsewhere. The server, seized by federal agents in February 2011, purportedly controlled more than 200 computers infected with the SpyEye virus.
While the use of SpyEye by appears to have dropped off in the past year, Milletary said, the type of software is “still a big threat. Criminals behind it can move from malware to malware.”
Panin was arrested by U.S. authorities on July 1 while flying through Hartsfield-Jackson Atlanta International Airport, prosecutors said in court filings.
The government is seeking forfeiture of unspecified proceeds from the SpyEye scheme.
The criminal case is U.S. v. Bendelladj, 1:11-cr-0557, U.S. District Court, Northern District of Georgia (Atlanta).
The civil case is Microsoft Corp. v. John Does 1-39, 1:12-cv-1335, U.S. District Court, Eastern District of New York (Brooklyn).
To contact the reporters on this story: Christie Smythe in Brooklyn, New York at firstname.lastname@example.org; David Beasley in Atlanta at email@example.com
To contact the editor responsible for this story: Michael Hytha at firstname.lastname@example.org