Creator of malware given 9 ½ years in banking case
ATLANTA — The Russian creator of a computer program that enabled cybercriminals to infect millions of computers and drain bank accounts in multiple countries was sentenced Wednesday to serve 9½ years in federal prison.
Aleksandr Andreevich Panin, 27, who went by aliases “Gribodemon” and “Harderman” online, pleaded guilty to a count of conspiracy to commit bank and wire fraud in January 2014 after reaching a deal with prosecutors.
He created SpyEye, which prosecutor Steven Grimberg said was a preeminent malware from 2010 to 2012 and was used to infect more than 50 million computers and cause nearly $1 billion in damage to individuals and financial institutions around the world.
A second man, Hamza Bendelladj, a 27-year-old Algerian known online as “Bx1,” was sentenced to 15 years Wednesday. Both he and Panin will likely be deported after serving their sentences.
SpyEye was a type of Trojan virus that secretly implanted itself on victims’ computers to steal sensitive information, including bank account credentials, credit card information, passwords and PIN numbers. Once it took over a computer, it allowed hackers to trick victims into surrendering personal information — including data grabbing and fake bank account pages. The information was relayed to a command and control server to be used to access victim accounts.
Panin conspired with others to advertise SpyEye in online cybercrime forums and sold versions of the software for prices ranging from $500 to $10,000, FBI Special Agent Mark Ray testified.
SpyEye was more userfriendly than its predecessors, functioning like “a Swiss army knife of hacking” and allowing users to customize it to choose specific methods of gathering personal information, Ray said. Panin is believed to have sold it to at least 150 clients.
Bendelladj had pleaded guilty but didn’t have a deal with prosecutors. His attorney, Jay Strongwater, said he plans to appeal.
While Panin developed and sold the malware and knew what it would be used for, Bendelladj also used it himself to steal financial information.