h1

One Algerian’s financial cyber-crime spree

May 7, 2013

Bank robbery cartoon:

Hacker Hamza Bendelladj’s malware infected personal computers in order to steal the financial credentials of unsuspecting users and sell the data to third parties.  If one man with a computer and an Internet connection can operate a scheme like this, just think of what an enemy state actor could accomplish.

This press release comes to us from the U.S. Attorney’s Office and the Atlanta Division of the FBI on May 3 (h/t Douglas McNabb):

Algerian National Extradited from Thailand to Face Federal Cyber Crime Charges in Atlanta for SpyEye Virus

ATLANTA—Hamza Bendelladj, an Algerian national also known as Bx1, will be arraigned on federal cyber crime charges for his role in developing, marketing, distributing, and operating the malicious computer virus SpyEye.

“No violence or coercion was used to accomplish this scheme, just a computer and an Internet connection,” said United States Attorney Sally Quillian Yates. “Bendelladj’s alleged criminal reach extended across international borders, directly into victims’ homes. In a cyber netherworld, he allegedly commercialized the wholesale theft of financial and personal information through this virus which he sold to other cyber criminals. Cyber criminals, take note—we will find you. This arrest and extradition demonstrates our determination to bring you to justice.”

“Hamza Bendelladj has been extradited to the United States to face charges of controlling and selling a nefarious computer virus designed to pry into computers and extract personal financial information,” said Acting Assistant Attorney General Mythili Raman. “The indictment charges Bendelladj and his co-conspirators with operating servers designed to control the personal computers of unsuspecting individuals and aggressively marketing their virus to other international cybercriminals intent on stealing sensitive information. The extradition of Bendelladj to face charges in the United States demonstrates our steadfast determination to bring cyber criminals to justice, no matter where they operate.”

“The FBI has expanded its international partnerships to allow for such extraditions of criminals who know no borders,” stated Mark F. Giuliano, Special Agent in Charge, FBI Atlanta Field Office. “The federal indictment and extradition of Bendelladj should send a very clear message to those international cyber criminals who feel safe behind their computers in foreign lands that they are, in fact, within reach.”

Bendelladj, 24, was indicted by a federal grand jury in Atlanta, Georgia on December 20, 2011. The 23-count indictment charges him with one count of conspiring to commit wire and bank fraud, 10 counts of wire fraud, one count of conspiracy to commit computer fraud, and 11 counts of computer fraud. Bendelladj was apprehended at Suvarnabhumi Airport in Bangkok, Thailand, on January 5, 2013, while he was in transit from Malaysia to Egypt. The indictment was unsealed on May 1, 2013. Bendelladj was extradited from Thailand to the United States on May 2, 2013, and was arraigned in United States District Court before United States Magistrate Judge Janet F. King.

According to court documents, the SpyEye virus is malicious computer code, or malware, which is designed to automate the theft of confidential personal and financial information, such as online banking credentials, credit card information, usernames, passwords, PINs, and other personally identifying information. The SpyEye virus facilitates this theft of information by secretly infecting victims’ computers, enabling cyber criminals to remotely control the computers through command and control (C&C) servers. Once a computer is infected and under the cyber criminals’ control, a victim’s personal and financial information can be surreptitiously collected using techniques such as “web injects,” which allow cyber criminals to alter the display of webpages in the victim’s browser in order to trick them into divulging personal information related to their financial accounts. The financial data is then transmitted to the cyber criminals’ C&C servers, where criminals use it to steal money from the victims’ financial accounts.

The indictment alleges that from 2009 to 2011, Bendelladj and others developed, marketed, and sold various versions of the SpyEye virus and component parts on the Internet and allowed cyber criminals to customize their purchases to include tailor-made methods of obtaining victims’ personal and financial information. Bendelladj allegedly advertised the SpyEye virus on Internet forums devoted to cyber crime and other criminal activities. In addition, Bendelladj allegedly operated C&C servers, including a server located in the Northern District of Georgia, which controlled computers infected with the SpyEye virus. One of the files on Bendelladj’s C&C server in the Northern District of Georgia allegedly contained information from approximately 253 unique financial institutions.

If convicted, Bendelladj faces a maximum sentence of up to 30 years in prison for conspiracy to commit wire and bank fraud; up to 20 years for each wire fraud count; up to five years for conspiracy to commit computer fraud; up to five or 10 years for each count of computer fraud; and fines of up to $14 million…

About these ads

5 comments

  1. Reblogged this on .


  2. he did it for profit and kicks he did not do it to finance terrorism


    • Who said otherwise?


      • your title :) money jihad


      • My point was if one person, regardless of motive, could carry out such a financial attack, then imagine what a hacker group sponsored by an enemy country could accomplish.

        It’s more of an observation on the threat of economic warfare than an analysis of this individual’s motives, which neither of us know for certain yet.



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 5,519 other followers

%d bloggers like this: