Russian and Algerian men guilty of creating, maintaining, and marketing the SpyEye financial botnet received a combined sentence of 24 years in prison, Department of Justice (DoJ) officials said.
Aleksandr Andreevich Panin, 27, from Russia, known online as Gribodemon and Harderman, received nine and a half years in prison, while his accomplice, Hamza Bendelladj, 27, from Algeria, known online as Bx1, got 15 years in jail.
SpyEye was a banking Trojan developed in 2010 and advertised as a “Zeus Killer.”
Zeus was a similar banking Trojan that existed prior to SpyEye’s birth and that was the most famous and wide-reaching banking botnet when the latter appeared.
Panin was the main developer behind the SpyEye Trojan, but according to the FBI, Bendelladj also helped once in a while develop new SpyEye components but more often aided Panin in advertising the botnet on underground hacking forums such as Darkode.
The FBI credits Bendelladj with creating SpyEye’s Automated Transfer System (ATS), the backend panel that helps criminals transfer money from the victim’s account, and “Web injects,” the Trojan’s component that taps into browsers and steals the victim’s banking portal login credentials.
Bendelladj also created SpyEye component that removed the competing Zeus Trojan from infected computers.
With the two collaborating, SpyEye grew in popularity, mainly due to an aggressive advertising campaign and thanks to a lower price than Zeus’.
In November 2010, Panin and Evgeniy Bogachev, Zeus’ creator, came to an agreement to merge the two botnets. Bogachev, known online as Slavik, decided to retire and handed over Zeus’ source code to Panin.
Unknown to Panin, Bendelladj had other plans and eventually leaked Zeus’ source code online, and later SpyEye’s code, investigators said. Authorities said Bendelladj didn’t always get along with Panin.
Besides playing a key role in SpyEye’s creation and distribution, Bendelladj received a longer sentence because of his role in other cyber-criminal operations.
Bendelladj used data acquired via the SpyEye botnet to create the VCC.sc website, where he sold stolen credit card information to other cybercriminals.
The first one to get caught was Bendelladj, who police arrested in Bangkok, Thailand, in January 2013 while traveling from Malaysia to Egypt. Bendelladj collaborated with authorities, and his insider information helped the FBI shut down the Darkode hacking forum last summer.
U.S. authorities arrested Panin a few months later, in July 2013, at Atlanta’s airport, while he was changing flights.