Crime Files Network


Hamza Bendelladj of Algeria, centre, a suspect on the US Federal Bureau of Investigation’s top 10 wanted list for allegedly hacking private accounts in 217 banks and financial companies worldwide, is escorted by Thai police officers in Bangkok on January 7, 2013. Photo: Bloomberg
An Algerian national who is allegedly part of the cybercrime consortium behind a powerful hacking software known as SpyEye appeared in an Atlanta courtroom in the US after a three-year manhunt ended with his extradition from Thailand.

Hamza Bendelladj, known for years in underground computer forums simply as Bx1, was accused in a 23-count indictment of crimes including computer and bank fraud. The charges, unsealed yesterday, stem from his role in selling and supporting customised components for SpyEye, a banking Trojan that allows hackers to hijack victims’ bank accounts as they logged on from their own computers.

“Bendelladj’s alleged criminal reach extended across international borders, directly into victims’ homes,” US Attorney Sally Quillian Yates in Atlanta said in a statement before his arraignment.

SpyEye, which can be purchased for as little as $US2000 in the underground, helped turn hacking into an easy and lucrative occupation and drove a cybercrime boom that has drained tens of millions of dollars from bank accounts in the US and Europe, according to Brett Stone-Gross, a security expert at Dell SecureWorks in Atlanta.

The use of SpyEye has fallen off in the past year as law enforcement operations against the group have intensified, Stone-Gross said in an e-mail.


Thailand arrest

Bendelladj, 24, was extradited from Thailand at the request of US authorities after his arrest there on January 5. Wearing a dress shirt and black athletic pants, he smiled frequently and chatted in the courtroom. He said he didn’t need an interpreter because he spoke fluent English.

Bendelladj was unable to enter a plea because his attorney, Damian Martinez, hasn’t been approved yet to practice in Georgia. Martinez said after the hearing that his client would plead not guilty when he returns to court next week.

Prosecutors said Bendelladj is a flight risk and requested that he be held without bail.

Bendelladj, who according to the indictment also helped support hacking operations by providing servers to control the hijacked computers, is a close associate of SpyEye’s creator, a shadowy hacker known by the nickname ‘gribodemon,’ according to security experts who helped track the group.

One expert who aided in the investigation said that Bendelladj’s real identity was uncovered through a series of mistakes made by the hacker, including the use of two email addresses that led to his Facebook account. The researcher recorded a 2011 conversation with Bendelladj in Asia, which helped the FBI confirm his identity. The security expert asked not to be named because Bendelladj’s associates are still at large.


Enhanced effectiveness

Prosecutors allege that Bendelladj sold the SpyEye hacking software as well as designed modules that enhanced its effectiveness

The software can be customised to get around the security of specific banks’ websites. Once a computer is infected with SpyEye, hackers can use it to take over online banking sessions and transfer money to accounts they control. It can also be programmed to automatically steal passwords to e-commerce sites and scrape credit card numbers and expiration dates.

Add A Comment


Subscribe to Crime Files Network