SpyEye bank account hack 'mastermind' pleads guilty

SpyEye Image copyright Trend Micro
Image caption The SpyEye toolkit automated the theft of credit card and bank account details

A Russian programmer accused of being the mastermind behind one of the most commonly used bank account hacking kits has pleaded guilty to a related charge in the US.

It is alleged that Aleksandr Panin developed SpyEye, Trojan malware that uses a variety of techniques to siphon off victims' savings.

Prosecutors said the code, which is still in use, had infected more than 1.4 million PCs since its 2009 release.

Panin's arrest had caused controversy.

The US authorities were only able to arrest him last July after he had been detained by police in the Dominican Republic while on holiday.

Image copyright Trend Micro
Image caption SpyEye displayed a fake log-on page that asked for the Pin code, which would not normally be requested

His lawyer said that although the island never launched extradition proceedings, it put him on a plane to Atlanta where he was taken into custody.

The Russian Foreign Ministry has declared the action part of an "unacceptable" trend, saying that the US should instead submit requests for the arrest of Russian citizens to Moscow. There is no formal extradition treaty between the two countries.

Panin has pleaded guilty to a single count of conspiracy to commit bank fraud and wire fraud.

A second man indicted in the case, Hamza Bendelladj, pleaded not guilty in May. The case against him is still pending.

'Polished code'

Prosecutors said that SpyEye was sold for between $1,000 to $8,000 (£605 to £4,830) on underground forums.

The toolkit could be customised to:

  • monitor which keys were being typed
  • bring up fake account log-in pages from which bank and credit card details were stolen and automatically transmitted to a separate computer server
  • hijack computers to create botnets that could be used to send spam

The FBI said one client, known as Soldier, had claimed to have made $3.2m using the software over a six-month period, and that 10,000 bank accounts had been compromised by it last year.

Image copyright Trend Micro
Image caption Part of the SpyEye user interface urged its users to "hack the planet"

Panin was "one of the pre-eminent cybercriminals that we've been able to apprehend and prosecute so far," said federal prosecutor John Horn.

"[He] wrote and polished the code for SpyEye until he had a product that experts described as professional grade."

Panin is due to be sentenced on 29 April.

Others have already been jailed for using the software and laundering the proceeds.

More on this story

Related Internet links

The BBC is not responsible for the content of external Internet sites