The Algerian hacker linked with the SpyEye computer virus, designed to steal financial and personal information was extradited by Thailand to the United States to face charges that he hijacked customer accounts at more than 200 banks and financial institutions and have been used to steal more than $100 million in the last five years.
A SpyEye allowed cybercriminals to alter the display of Web pages in the victims' browsers as a way to trick them into turning over personal financial information. The virus only impacts PCs and not Macintosh operating systems.
A report issued last year by security firms McAfee said that about a dozen cybercrime groups have been using variants of Zeus and SpyEye, which automate the process of transferring money from bank accounts. The stolen funds are transferred to prepaid debit cards or into accounts controlled by money mules, allowing the mules to withdraw the money and wire it to the attackers.
Hamza Bendelladj, also known as Bx1, faces 23 charges in an indictment (PDF) returned in December 2011 and unsealed Friday. U.S. Attorney Sally Yates said the man was extradited to Atlanta from Thailand on Thursday and was arraigned in federal court Friday afternoon. Wearing a dress shirt and black athletic pants, he smiled frequently and chatted in the courtroom. He said he didn't need an interpreter because he spoke fluent English.
A second person is also charged in the indictment but has not been identified. Investigators could not disclose whether the person was in the U.S. or abroad. Officials also could not disclose what information led them to Bendelladj.
According to court documents, from 2009 to 2011, Bendelladj and others allegedly developed, marketed and sold various versions and components of the SpyEye Trojan. Bendelladj allegedly advertised the malware on cybercrime forums, and operated command and control servers, including one in Atlanta, Georgia.
If convicted, Bendelladj faces up to 30 years in prison for conspiracy to commit wire and bank fraud, and up to five years for conspiracy to commit computer fraud. The 21 counts of wire and computer fraud carry maximum sentences of between five and 20 years each. The man may also be fined up to $14 million.
Also now Hackers have developed a mobile version of SpyEye called Spitmo, which targets victims' smartphones. Cyber Criminals can steal personal information through victims' computers and forward themselves text messages from the victims' cell phones to fraudulently verify the person's identity and lock them out of bank accounts and other personal accounts.