SpyEye Russian Creator Pleads Guilty in Software Case

A Russian man accused of creating SpyEye, a malicious software used to drain bank accounts and steal information from 253 financial institutions, pleaded guilty to U.S. fraud charges.

The plea yesterday by Aleksandr Andreevich Panin, 24, is part of a U.S. crackdown on off-the-shelf malicious software and the use of botnets -- networks of computers enslaved by viruses and phishing e-mails. The software, sold online, has helped drive a cyber-crime boom in the U.S. and Europe. Such a product was used to hack into accounts at Target Corp. and Neiman Marcus Group.

Panin entered his plea to a charge of conspiracy to commit wire and bank fraud before U.S. District Judge Amy Totenberg in Atlanta.

“Given the recent revelations of massive thefts of financial information from large retail stores across the country, Americans do not need to be reminded how devastating it is when cyber criminals surreptitiously install malicious codes on computer networks and then siphon away private information from unsuspecting consumers,” Acting Assistant Attorney General Mythili Raman said in a statement.

$8,500 Program

Panin, who is also known as “Gribodemon,” faced a 23-count indictment over his involvement in sales of SpyEye.

Prosecutors said federal investigators purchased a version of the program for $8,500. Versions were also sold for as little as $1,000, they said.

On June 29, 2010, Panin advertised on the www.darkode.com Internet forum that SpyEye “is a bank Trojan with form grabbing possibility,” meaning malware designed to steal bank information, according to the indictment.

Panin “commercialized the wholesale theft of financial and personal information,” Atlanta U.S. Attorney Sally Quillian Yates said in a statement. “Now he is being held to account for his actions. Cyber criminals be forewarned: you cannot hide in the shadows of the Internet.”

“Botnets such as SpyEye represent one of the most dangerous types of malicious software on the Internet today, which can steal people’s identities and money from their bank accounts without their knowledge,” Ricky Maxwell, acting special agent in charge with the Federal Bureau of Investigation’s Atlanta office, said in a statement.

Online Forums

A co-defendant, Hamza Bendelladj, of Algeria, also known as Bxl, pleaded not guilty in May after being extradited from Thailand.

Panin, also known as “Harderman,” was arrested by U.S. authorities on July 1 while flying through Hartsfield-Jackson Atlanta International Airport, prosecutors said in court filings.

Advertised on invitation-only online forums, the software could be tailored to meet various cyber-crime needs, such as targeting financial information, the U.S. said. Once installed on victims’ computers, the SpyEye malware was monitored and controlled from remote servers, essentially creating “a secret computer network,” according to the indictment. Data from about 1.4 million computers was stolen, prosecutors said.

One of the servers used to target financial institutions in the U.S. and elsewhere was located in Atlanta, according to prosecutors. Federal agents seized the server, allegedly operated by Bendelladj, in February 2011, according to prosecutors. The server purportedly controlled over 200 computers infected with the SpyEye virus.

Prosecutors are seeking forfeiture of any proceeds from the SpyEye scheme but didn’t state an amount in court filings.

Panin is scheduled to be sentenced April 29 and faces a maximum of 30 years in prison.

The case is U.S. v. Bendelladj, 1:11-cr-0557, U.S. District Court, Northern District of Georgia (Atlanta).

Before it's here, it's on the Bloomberg Terminal.