Cyber Criminal Pleads Guilty in SpyEye Case

A Russian national has pleaded guilty in a conspiracy in which he developed and distributed malicious software – malware – that infected more than 1.4 million computers worldwide to steal confidential personal and financial information.

On Jan. 28, Aleksandr Andreevich Panin, a Russian national, pleaded guilty to conspiring to commit wire and bank fraud.  Sentencing for Panin is scheduled for April 29 before United States District Judge Amy Totenberg.

SpyEye is a sophisticated malicious computer code that is designed to automate the theft of confidential personal and financial information, such as online banking credentials, credit card information, usernames, passwords, PINs, and other personally identifying information.  The SpyEye virus infects victims’ computers, enabling cybercriminals to remotely control the infected computers through command and control (“C2”) servers. The victims’ stolen personal and financial data is transmitted to the C2 servers, where it is used to steal money from the victims’ financial accounts.

Panin was the primary developer and distributor of the SpyEye virus.  Operating from Russia from 2009 to 2011, Panin conspired with others, including codefendant Hamza Bendelladj, an Algerian national also known as “Bx1,” to develop, market, and sell tailor-made versions of SpyEye on the Internet for prices ranging from $1,000 to $8,500. One of Panin’s clients, “Soldier,” is reported to have made over $3.2 million in a six-month period using the SpyEye virus.

According to industry estimates, the SpyEye virus has infected over 1.4 million computers in the United States and abroad and it was the preeminent malware toolkit used from approximately 2009 to 2011.  Based on information received from the financial services industry, over 10,000 bank accounts have been compromised by SpyEye infections in 2013 alone.  Some cyber criminals continue to use SpyEye today, although its effectiveness has been limited since software makers have added SpyEye to malicious software removal programs.

In February 2011, the FBI searched and seized a SpyEye C2 server allegedly operated by Bendelladj in the Northern District of Georgia.  That C2 server controlled more than 200 computers infected with the SpyEye virus and contained information from numerous financial institutions.

In June and July 2011, FBI covert sources communicated directly with Panin and bought a version of SpyEye from him. 

On Dec. 20, 2011, a Northern District of Georgia grand jury returned a 23-count indictment against Panin, who had yet to be fully identified, and Bendelladj.

Bendelladj was apprehended at Suvarnabhumi Airport in Bangkok, Thailand, on January 5, 2013, while he was in transit from Malaysia to Algeria.  Bendelladj was extradited from Thailand to the United States on May 2, 2013.  His charges are pending in the Northern District of Georgia.

Panin was arrested by U.S. authorities on July 1, 2013, when he flew through Hartsfield-Jackson Atlanta International Airport.