Alleged computer criminal used Atlanta server, prosecutors say

Pete Combs of AM 750 and 95.5FM News/Talk WSB contributed to this article. His interview with Krebs will air Monday on Atlanta’s morning news on WSB.

A virtual server in Atlanta was used to loot bank accounts worldwide with a computer virus that actually camouflaged the theft from victims, according to federal prosecutors.

Hamza Bendelladj, an Algerian national, was arraigned in U.S. District Court in Atlanta Friday after being extradited from Thailand. A 23-count indictment accuses him of defrauding institutions and individuals with the virus SpyEye, which Bendelladj allegedly helped develop and market.

“It has affected millions of computers around the world,” U.S. Attorney Sally Yates said of SpyEye. “It is designed … to hack in and drain individual bank accounts.”

Bendelladj leased a virtual command computer from an Internet company in Atlanta to invade the individual computers, Yates said. He would pilfer some accounts himself and also sell the virus to other hackers, sometimes designing a version to meet the customer’s needs, Yates said. Bendelladj’s Atlanta command-and-control server would operate “bot networks” of computers.

“Those computers were reporting back to him,” Yates said. She declined to name the Internet company that leased him the computer server.

The indictment noted Bendelladj developed components for the Trojan horse virus. The federal grand jury also indicted the principal designer, but the name was redacted because he has not yet been arrested.

Purchasers of SpyEye could have a version customized with “Web injects,” which infected a victim’s browser with a computer code that hijacked the victim’s Internet session and targeted specific financial data or institutions, according to the federal indictment.

At least 253 financial institutions were infected, Yates said.

Some Web injects would create a false online banking page to trick a victim into entering banking information, the indictment said. The virus also would create false bank account pages to hide the thefts from the victims.

Bendelladj, whom Yates said wasn’t associated with a major crime organization, advertised a version of SpyEye online and sold it to an undercover agent for $8,500, according to the indictment.

After Bendelladj’s arrest in Thailand in January, Brian Krebs reported on his website Krebsonsecurity.com that the 24-year-old hacker had contacted him as “Bx1” through Microsoft’s MSN Instant Messaging in 2011 to brag about his exploits.

Krebs was skeptical Friday that Bendelladj — who crisscrossed the world — made as much money as his customers, saying he was as much a prankster as a criminal.

“I would be surprised if he made a million dollars,” Krebs told AM 750 and 95.5FM News/Talk WSB. “Usually, that kind of income is made by more organized crime groups.

“This guy was more into it for the fun and games.”