Algerian national Hamza Bendelladj, aka Bx1, has been extradited from Thailand to the United States to face charges in Atlanta for allegedly playing a critical role in developing, marketing, distributing and controlling SpyEye, a computer virus designed to steal unsuspecting victims’ financial and personally identifying information.
Mr. Bendelladj, 24, has been charged in a 23-count indictment that was returned on Dec. 20, 2011, and unsealed on Friday. The indictment charges Mr. Bendelladj with one count of conspiring to commit wire and bank fraud, 10 counts of wire fraud, one count of conspiracy to commit computer fraud and 11 counts of computer fraud. Mr. Bendelladj is scheduled to be arraigned in U.S. District Court in the Northern District of Georgia before U.S. Magistrate Judge Janet F. King.
On Jan. 5, 2013, Bendelladj was apprehended at Suvarnabhumi Airport in Bangkok, Thailand, while he was in transit from Malaysia to Egypt. He was extradited from Thailand to the United States on May 2, 2013.
According to court documents, the SpyEye virus is malware designed to automate the theft of confidential personal and financial information, such as online banking credentials, credit card information, usernames, passwords, PINs and other personally identifying information. The SpyEye virus facilitates this theft of information by secretly infecting victims’ computers, enabling cyber criminals to remotely control the computers through command and control (C&C) servers.
Once a computer is infected and under the cybercriminals’ control, a victim’s personal and financial information can be surreptitiously collected using techniques such as Web injects, which allow cybercriminals to alter the display of Web pages in the victim’s browser in order to trick them into divulging personal information related to their financial accounts. The financial data is then transmitted to the cybercriminals’ C&C servers, where criminals use it to steal money from the victims’ financial accounts.
According to court documents, from 2009 to 2011, Mr. Bendelladj and others allegedly developed, marketed and sold various versions of the SpyEye virus and component parts on the Internet.
Mr. Bendelladj allegedly advertised the SpyEye virus on Internet forums devoted to cybercrime and other criminal activities. He also allegedly operated C&C servers, including a server located in the Northern District of Georgia, which controlled computers infected with the SpyEye virus. One of the files on Mr. Bendelladj’s C&C server in the Northern District of Georgia allegedly contained information from approximately 253 unique financial institutions.
If convicted, Mr. Bendelladj faces a maximum sentence of up to 30 years in prison for conspiracy to commit wire and bank fraud; up to 20 years for each wire fraud count; up to five years for conspiracy to commit computer fraud; up to five or 10 years for each count of computer fraud; and fines of up to $14 million dollars.