SpyEye Masterminds Begin 24 Year Sentence

Uploaded on 2016-05-11 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

US law enforcers are patting themselves on the back recently after the sentencing of the two men behind the notorious SpyEye banking malware, for a total of 24 years.

Russian Aleksandr Andreevich Panin, aka ‘Gribodemon,’ was handed down nine and a half years for his part as the primary developer and distributor of the malware, which caused losses of nearly $1 billion and infected over 50 million computers across the globe between 2010-2012, the DoJ said.

Algerian Hamza Bendelladj, aka ‘BX1,’ was given 15 years for sending over a million malware-laden spam emails, as well as selling malicious plug-ins for botnets, causing millions in losses to individuals and financial institutions, and running a carding forum: VCC.sc.

Panin was arrested on 1 July 2013, when he flew through Hartsfield-Jackson Atlanta airport, while Bendelladj was cuffed in Bangkok’s Suvarnabhumi airport on 5 January 2013 and subsequently deported.

Law enforcers are particularly pleased because they say Panin was just months away from releasing a new strain of SpyEye which could have caused “immeasurable losses” to the banking industry.

“It is difficult to overstate the significance of this case, not only in terms of bringing two prolific computer hackers to justice, but also in disrupting and preventing immeasurable financial losses to individuals and the financial industry around the world,” said Georgia DA, John Horn, in a statement. 

“The outstanding work by our law enforcement partners, both domestically and internationally, as well as terrific cooperation from the private sector, serves as a blueprint on how to combat complex cyber-crime syndicates around the world.”

Trend Micro was one of those private sector partners, providing vital information such as the online “handles” and accounts used by the duo, it revealed in a blog post.

As for law enforcement partners, the FBI were helped by the UK’s National Crime Agency, which arrested a British hacker, James Bayliss, in 2014 for his part in helping to code the ccgrabber plugin for SpyEye, according to Trend Micro.

“Taking down infrastructures and servers is but a short-term solution to the problem of cybercrime; to truly address cybercrime, the perpetrators themselves must be stopped,” the firm wrote.

It should be noted that other co-conspirators of the duo are likely still at large, as is the FBI’s most wanted cybercriminal – Evginy Bogachev, aka ‘Slavik’ – who originally passed the source code and rights for Zeus to Pavin.
Infosecurity: http://bit.ly/1ZEaimd

« Cyber "Best Practices" Are About To Change
Tracking Islamic State Impeded By Encryption »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

KFSensor

KFSensor

KFSensor is an advanced 'honeypot' intrusion and insider threat detection system for Windows networks.

Cyberwrite

Cyberwrite

Cyberwrite was founded to provide underwriters around the world a unique and innovative Cyber Underwriting platform.

Picus Security

Picus Security

Huge gaps often exists between the "perceived"​ and "actual"​ IT security level of an organization. Picus Security continuously assesses security controls and reveals deficient ones before hackers do.

Riskified

Riskified

Riskified is a leading eCommerce fraud-prevention company, trusted by hundreds of global brands – from luxury fashion houses and retail chains, to gift card and ticket marketplaces.

SecuTech Solutions

SecuTech Solutions

SecuTech is a global leader in providing strong authentication and software licensing management solutions.

Wayra UK

Wayra UK

Wayra UK, part of Telefónica Open Future, has been chosen to run a new cyber accelerator facility to help UK start-ups grow and take the lead in producing the next generation of cyber security systems

Tata Consultancy Services

Tata Consultancy Services

Tata Consultancy Services is a global leader in IT services, consulting & business solutions including cyber security.

ECOLUX

ECOLUX

ECOLUX is a professional IoT security service company committed to developing world-leading “IoT Lifecycle Security” technologies and products.

CyberCX

CyberCX

CyberCX provides services from strategic consulting, security testing and training to world-class managed services and engineering solutions.

Quantinuum

Quantinuum

Quantinuum is the combination of Cambridge Quantum with Honeywell Quantum Solutions, structured to drive the future of quantum computing.

cleverDome

cleverDome

cleverDome has created the first community built and proven model that redefines the standards for protecting the most confidential data and information of consumers in the cloud.

Netography

Netography

Netography provides a scalable and reliable platform for detection & remediation of cyber threats found on your network.

Evolution Equity Partners

Evolution Equity Partners

Evolution Equity Partners is an international venture capital investor partnering with exceptional entrepreneurs to develop market leading cyber-security and enterprise software companies.

Ceeyu

Ceeyu

Ceeyu is an all-in-one cybersecurity ratings and third party risk management platform.

AI or Not

AI or Not

AI or Not - Leverage AI to combat misinformation and elevate the landscape of compliance solutions.

AI Safety Institute (AISI)

AI Safety Institute (AISI)

The AI Safety Institute’s mission is to minimise surprise to the UK and humanity from rapid and unexpected advances in AI.