Russian Developer Admits Malware Conspiracy in US Court

Aleksandr Andreevich Panin, a Russian national pleaded guilty yesterday in an Atlanta federal courtroom to a conspiracy charge associated with his role as the primary developer and distributor of malware—called SpyEye—created specifically to facilitate online theft from financial institutions, many of them in the U.S.

SpyEye infected more than 1.4 million computers—many located in the U.S.— obtaining victims’ financial and personally identifiable information stored on those computers and using it to transfer money out of victims’ bank accounts and into accounts controlled by criminals.

Ultimately, though, Panin sold his malware online to the wrong customer — an undercover FBI employee. And after an investigation involving international law enforcement partners as well as private sector partners, a dangerous cyber threat was neutralized, according to the FBI.

From 2009 to 2011 Panin was an active member in online criminal forums, where he collaborated with others, among them Hamza Bendelladj (charged and extradited to the U.S. in 2013), to advertise and develop various versions of SpyEye malware, a bank Trojan developed with “form grabbing” functionality, enabling perpetrators to steal bank information from a web browser, while a user was conducting online banking. It also included a “cc grabber,” which scans stolen victim data for credit card information.

Panin sold his malware to more than 150 “clients” charging anywhere from $1,000 to $8,500 for various versions. Once in their hands, these cyber criminals used the malware for their own nefarious purposes—infecting victim computers and creating botnets (armies of hijacked computers) that collected large amounts of financial and personal information and sent it back to servers under the control of the criminals. They were then able to hack into bank accounts, withdraw stolen funds, create bogus credit cards, etc.

In February 2011, a search warrant allowed the FBI to seize a key SpyEye server located in Georgia. It was several months after that when the FBI bought SpyEye online from Panin — which turned out to be very incriminating because that particular version contained the full suite of features designed to steal confidential financial information, make fraudulent online banking transactions, install keystroke loggers, and, in addition, initiate distributed denial of service (or DDoS) attacks from computers infected with malware.

Panin was arrested in July 2013 while he was flying through Hartsfield-Jackson Atlanta International Airport.

The investigation into the SpyEye malware is just one initiative worked under Operation Clean Slate, a broad public/private effort recently undertaken to eliminate the most significant botnets affecting U.S. interests by targeting the criminal coders who create them and other key individuals who provide their criminal services to anyone who’ll pay for them. Much like the FBI’s other investigative priorities where we focus on taking down the leaders of a criminal enterprise or terrorist organization, under Clean Slate we’re going after the major cyber players who make botnets possible.

And FBI Executive Assistant Director Rick McFeely warns potential hackers: “The next person you peddle your malware to could be an FBI undercover employee…so regardless of where you live, we will use all the tools in our toolbox—including undercover operations and extraditions—to hold cyber criminals accountable for profiting illicitly from U.S. computer users.”

Leave a Reply

Your email address will not be published. Required fields are marked *


Google Analytics Alternative