SpyEye Masterminds Begin 24 Year Sentence

US law enforcers are patting themselves on the back recently after the sentencing of the two men behind the notorious SpyEye banking malware, for a total of 24 years.

Russian Aleksandr Andreevich Panin, aka ‘Gribodemon,’ was handed down nine and a half years for his part as the primary developer and distributor of the malware, which caused losses of nearly $1 billion and infected over 50 million computers across the globe between 2010-2012, the DoJ said.

Algerian Hamza Bendelladj, aka ‘BX1,’ was given 15 years for sending over a million malware-laden spam emails, as well as selling malicious plug-ins for botnets, causing millions in losses to individuals and financial institutions, and running a carding forum: VCC.sc.

Panin was arrested on 1 July 2013, when he flew through Hartsfield-Jackson Atlanta airport, while Bendelladj was cuffed in Bangkok’s Suvarnabhumi airport on 5 January 2013 and subsequently deported.

Law enforcers are particularly pleased because they say Panin was just months away from releasing a new strain of SpyEye which could have caused “immeasurable losses” to the banking industry.

“It is difficult to overstate the significance of this case, not only in terms of bringing two prolific computer hackers to justice, but also in disrupting and preventing immeasurable financial losses to individuals and the financial industry around the world,” said Georgia DA, John Horn, in a statement. 

“The outstanding work by our law enforcement partners, both domestically and internationally, as well as terrific cooperation from the private sector, serves as a blueprint on how to combat complex cyber-crime syndicates around the world.”

Trend Micro was one of those private sector partners, providing vital information such as the online “handles” and accounts used by the duo, it revealed in a blog post.

As for law enforcement partners, the FBI were helped by the UK’s National Crime Agency, which arrested a British hacker, James Bayliss, in 2014 for his part in helping to code the ccgrabber plugin for SpyEye, according to Trend Micro.

“Taking down infrastructures and servers is but a short-term solution to the problem of cybercrime; to truly address cybercrime, the perpetrators themselves must be stopped,” the firm wrote.

It should be noted that other co-conspirators of the duo are likely still at large, as is the FBI’s most wanted cybercriminal – Evginy Bogachev, aka ‘Slavik’ – who originally passed the source code and rights for Zeus to Pavin.
Infosecurity: http://bit.ly/1ZEaimd

« Cyber "Best Practices" Are About To Change
Tracking Islamic State Impeded By Encryption »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Arista Networks

Arista Networks

Arista Networks is an industry leader in data-driven, client to cloud networking for large data center, campus and routing environments.

Lloyd's

Lloyd's

As an insurance market, Lloyd’s can provide access to more than 65 expert cyber risk insurers in one place.

A-SIT Secure Information Technology Center

A-SIT Secure Information Technology Center

A-SIT was founded in 1999 as a registered nonprofit association and is established as a competence center for IT-Security.

Concordium

Concordium

Concordium aims to build the world’s leading open-source, permissionless, and decentralized blockchain with built-in user identity at the protocol level.

Google for Startups

Google for Startups

Google for Startups is Google’s initiative to help startups thrive across every corner of the world.

Incopro

Incopro

Incopro is an online IP and brand protection software provider that arms brand owners with actionable intelligence to combat online and offline intellectual property and copyright infringements.

Human Security

Human Security

Human (formerly White Ops) Bot Mitigation Platform enables complete protection from sophisticated bot attacks across advertising, marketing and cybersecurity.

Netragard

Netragard

Netragard has an established reputation for providing high-quality offensive and defensive security services.

NSR

NSR

NSR provide trusted solutions that deliver positive business outcomes for our clients in cybersecurity and data protection challenges.

Trace3

Trace3

Trace3 is a pioneer in business transformation solutions, empowering organizations to keep pace with the rapid changes in IT innovations and maximize organizational health.

Cloud4C

Cloud4C

Cloud4C is a leading automation-driven, application focused cloud Managed Services Provider.

ThreatNG Security

ThreatNG Security

ThreatNG is redefining external attack surface management (EASM) and digital risk protection with a platform of unmatched breadth, depth, and capabilities in thwarting technical and business threats.

Cyber Industrial Networks

Cyber Industrial Networks

Cyber Industrial Networks objective is to service the needs of industry in achieving reliable, robust and secure infrastructure that supports productivity.

Thero6

Thero6

Thero6 develop dynamic financial analysis algorithms that help prevent coin collapses and theft of cryptocurrency funds by identifying the transaction absolutely throughout the chain.

FatPipe Networks

FatPipe Networks

FatPipe’s network optimization solutions along with robust native security and SASE-based protection provides organizations all they need for super network performance and security.

DuploCloud

DuploCloud

DuploCloud offers an end-to-end DevOps software platform for dev teams that don’t have dedicated DevOps engineers and augments those that do.