Irish research key to bringing down SpyEye creator
Cork-based experts help FBI track major online fraudster
Robert McArdle of Trend Micro in Cork: “[The FBI] had a case in place already but it was the intelligence we provided that helped get it over the line.” photograph: daragh mcsweeney/provision
“It’s similar to how you dismantle drug operations,” says Trend Micro’s Robert McArdle. “It’s best to start from the top.”
The Cork-based senior threat researcher is trying to explain just how he and his colleagues helped the FBI, as well as a number of international police forces, track down one of the most wanted online criminals in the world, Aleksandr Panin.
Creator of the SpyEye banking malware programme which has helped siphon tens of millions of euro from accounts since 2009, Panin pleaded guilty to a number of fraud charges in an Atlanta federal courtroom two weeks ago.
After several years of undercover operations, infiltration of underground marketplaces and tracking online trails across continents, Panin and a key ally, Hamza Bendelladj, both now face 30 years in prison.
“The level of SpyEye was huge,” McArdle tells The Irish Times , noting it was the actions of Bendelladj under an online alias of ‘BX1’ which first came up on his radar.
“When we got some leads into it we said ‘okay let’s find out who is in charge of this case’ – which turned out to the FBI in Atlanta – and then we started actively working back and forth with them,” he says.
“They had a case in place already but it was the intelligence we provided that helped get it over the line.”
Dr Ray Genoe of the UCD Centre for Cybersecurity and Cybercrime Investigation told The Irish Times : “It’s great to see Irish fingerprints all over the case,” adding the “open-source intelligence” provided by companies such as Trend Micro is now key to fighting cybercrime.
Panin – or ‘Gribodemon’ to give him his online identity – developed software to automate the theft of confidential personal and financial information, including user names, passwords, credit card details and online banking credentials in 2009. He then began selling it through invite-only criminal forums for anything between $1,000 and $8,500 a time.
Since then, 150 ‘clients’ of Panin have infected 1.4 million computers with variants of SpyEye, with reports from the financial services industry claiming that more than 10,000 bank accounts were compromised by SpyEye in 2013 alone.
For McArdle and the various law enforcement agencies involved, as well as other companies on board with the investigation such as Microsoft’s Digital Crimes Unit and Dell SecureWorks, the path to finding Panin lay in tracking what was becoming a growing IT infrastructure.