128
I
n recent years, the growth
of the “hidden” part of the
internet has offered criminals
a wider arena in which to operate.
Behind the “surface web” of
indexed sites accessed via search
engines lies the “deep web”. This
is essentially all the unindexed
data behind firewalls : intranets,
archives, password-protected
sites, and so on. The deep web
also contains “the dark web”,
anonymously hosted sites that can
be accessed only by using special
software. Some of these sites are
marketplaces for guns and drugs,
or the release of computer viruses
invented by criminal coders.Data theft
Software programs designed to
facilitate online fraud are one of the
greatest risks to the security of
billions of internet users worldwide.
Among the most damaging of these
was SpyEye, a piece of malicious
software used by hackers between
2010 and 2012 to secretly infect 50
million PCs and net confidential
information from individuals and
financial institutions worldwide.
Cybercriminals could purchase
SpyEye’s ready-made malware tool
kit for between $1,000 (£675) and$8,000 (£5,400), depending on
whether they wanted a basic or
premium version. Once in their
hands, they could use it to infiltrate
computers and log the keystrokes
made by their owners. SpyEye’s
main selling point was its ability to
identify and isolate data entered
onto (supposedly) secure online
banking pages, whisking it away
before protective software could
encrypt it. Armed with passwords
and PINs of their victims’ accounts,
the hackers were able to steal funds.
The creator and administrator of
SpyEye was a young Russian man
called Aleksandr “Sasha” Panin,
who worked out of an apartment in
Moscow. Outwardly respectable
and studious, he had an entirely
different persona online, where he
went by the alias “Gribodemon”.
Panin’s partner in crime was
Hamza Bendelladj – or “Bx1” – an
Algerian computer-science grad
who marketed the tool kit online.
The pair acquired a Robin
Hood-style mystique when rumours
circulated that Panin intended to
invest his profits in technology
research that could transform
human life, and that Bendelladj
made generous donations to
Palestinian charities.IN CONTEXT
LOCATION
Moscow, RussiaTHEME
CybercrimeBEFORE
2000 RBN, a Russian internet
service provider that hosts
illegal and questionable
businesses, including malware
distribution sites, becomes a
major information highway for
organized crime worldwide.2007 Hackers steal at least
45.6 million credit card
numbers from the servers of
TJX, who own several US
discount stores, and bring
massive data breaches to
public awareness.AFTER
2010 –13 Turkish hacker Ercan
Findikoglu’s cybercrime ring
distributes debit card data to
“cashing crews” around the
world, who use it to syphon
millions from ATMs.NOT JUST NERDY KIDS
UP TO MISCHIEF IN
THEIR PARENTS’
BASEMENT
THE SPYEYE MALWARE DATA THEFT, 2009–13
128-129_Aleksander_Panin.indd 128 12/12/2016 17:13
129
Cybercriminals exploit the speed,
convenience, and anonymity of the
internet to commit a diverse range of
crimes that know no borders, either
physical or virtual.See also: Frank Abagnale 86–87WHITE COLLAR CRIMES
Finding the evidence
For law enforcement agencies in
the US, catching the cybercrooks
behind the anonymous screen
names was a challenging task.
The FBI hired the private computer
security firm Trend Micro to
identify the suspicious bytes that
signal the presence of malwareamong the billions of streaming
bits that make up computer code.
The firm put 1,200 researchers on
the case; for four years they
mapped SpyEye’s infrastructure.
They found IP addresses and one
infected computer in Atlanta,
Georgia, which was used as a main
server. It was remotely operated
from Algeria by Bendelladj.
A team of researchers then
impersonated cybercriminals to
infiltrate the online forums used to
distribute SpyEye. By June 2011,
Trend Micro had evidence in place.
The purchase of a SpyEye kit led it
to Panin’s money processor. Even
after the online Gribodemon had
been decisively linked to the real-
world Panin, the FBI had to wait
two more years for him to leave
Russia – which has no extradition
treaty with the US – before it could
act. Panin was finally arrested in
July 2013, when he incautiously
took a vacation in the Dominican
Republic. He was jailed for 9½
years. Bendelladj, captured six
months earlier in Thailand,
received a 15-year sentence. ■An anonymous hacker
writes a malicious
software programThis programme is offered
for sale on the dark webCybercriminals purchase
the program and
adapt itThe data and
identities of hundreds,
thousands, or even
millions of people
can be accessed
and stolenIt’s detective work –
good, old-fashioned
detective work.
Rik Ferguson,
Trend MicroThe rise of cybercrime
Today, cybercrime – defined as
any type of criminal activity
that uses computers or the web
as a tool to steal money, goods,
information, or other assets –
is expanding as rapidly as
legitimate online activities.
Cybercriminals can target
individuals, corporations,
institutions, and even
government departments.
As more people conduct
business online and utilize
cloud storage, firms and
individuals can be powerlesswhen faced with the innovations
used by hackers. In the case of
hacking tool kits that automate
the theft of credit card and bank
details, even after their creators
are apprehended, their software
continues to circulate online. It
can change form and name as
easily as IP addresses.
The creator of a notorious
piece of malware called Zeus,
which inspired the creation of
SpyEye, has never been caught,
and his or her original source
code has since been leaked,
adapted, and further circulated
by hackers.128-129_Aleksander_Panin.indd 129 02/12/2016 16:17