Three-Year Hunt Nabs Hacker Who Popularized Cybercrime

An Algerian national who is allegedly part of the cybercrime consortium behind a powerful hacking software known as SpyEye appeared in an Atlanta courtroom after a three-year manhunt ended with his arrest in a Bangkok airport.

Hamza Bendelladj, known for years in underground computer forums simply as Bx1, was accused in a 23-count indictment of crimes including computer and bank fraud. The charges, unsealed yesterday, stem from his role in selling and supporting SpyEye, which allows hackers to hijack victims’ bank accounts through their own computers.

“Bendelladj’s alleged criminal reach extended across international borders, directly into victims’ homes,” U.S. Attorney Sally Quillian Yates in Atlanta said in a statement before his arraignment.

SpyEye, which can be purchased for as little as $2,000, helped turn hacking into an easy and lucrative occupation and drove a cybercrime boom that has drained tens of millions of dollars from bank accounts in the U.S. and Europe, according to Brett Stone-Gross, a security expert at Dell SecureWorks in Atlanta.

The use of SpyEye has fallen off in the past year as law enforcement operations against the group have intensified, Stone-Gross said in an e-mail.

Thailand Arrest

Bendelladj, 24, was extradited from Thailand at the request of U.S. authorities after his arrest there on Jan. 5. Wearing a dress shirt and black athletic pants, he smiled frequently and chatted in the courtroom. He said he didn’t need an interpreter because he spoke fluent English.

Bendelladj was unable to enter a plea because his attorney, Damian Martinez, hasn’t been approved yet to practice in Georgia. Martinez said after the hearing that his client would plead not guilty when he returns to court next week.

Prosecutors said Bendelladj is a flight risk and requested that he be held without bail.

Bendelladj, who according to the indictment also helped support hacking operations by providing servers to control the hijacked computers, is a close associate of SpyEye’s creator, a shadowy hacker known by the nickname ‘gribodemon,’ according to security experts who helped track the group.

One expert who aided in the investigation said that Bendelladj’s real identity was uncovered through a series of mistakes made by the hacker, including the use of two e-mail addresses that led to his Facebook account. The researcher recorded a 2011 conversation with Bendelladj in Asia, which helped the FBI confirm his identity. The security expert asked not to be named because Bendelladj’s associates are still at large.

Enhanced Effectiveness

Prosecutors allege that Bendelladj sold the SpyEye hacking software as well as designed modules that enhanced its effectiveness.

The software can be customized to get around the security of specific banks’ websites. Once a computer is infected with SpyEye, hackers can use it to take over online banking sessions and transfer money to accounts they control. It can also be programmed to automatically steal passwords to e-commerce sites and scrape credit card numbers and expiration dates.

The case is U.S. v. Bendelladj, 1:11-cr-0557, U.S. District Court, Northern District of Georgia (Atlanta).

Before it's here, it's on the Bloomberg Terminal.