Two hackers were sentenced to a combined 24 years in U.S. prison for stealing hundreds of millions of dollars from financial institutions across the globe using the malware SpyEye.
The Trojan virus was disguised as legitimate software and subsequently infected more than 50 million computer systems. SpyEye was used by a cybercriminal ring to carry out a significant amount of theft, with damages estimated at nearly $1 billion globally, The Hill reported Thursday (April 21).
“Through these arrests and sentencing, the risk the public unknowingly faced from the threat posed by the imminent release of a new highly sophisticated version of SpyEye was effectively reduced to zero,” FBI special agent J. Britt Johnson told The Hill.
Last year, investigators from six different European countries, supported by Europol and Eurojust, joined together to bring down the cybercriminal group suspected of creating and distributing two banking trojans, SpyEye and Zeus.
“The cybercriminals used malware to attack online banking systems in Europe and beyond, adapting their sophisticated banking Trojans over time to defeat the security measures implemented by the banks,” Europol reported in June 2015.
The authorities’ action, which took place in Ukraine on June 18 and 19, resulted in five suspects being arrested, eight houses searched across four cities, and the confiscation of computer equipment and other devices for further investigation.
Aleksandr Andreevich Panin, a Russian national, received a sentence of nine years and six months to be followed by three years of supervised release. Panin, who is believed to be the mastermind developer of SpyEye, created a successor to the Zeus malware.
The other hacker, Hamza Bendelladj of Algeria, was sentenced to 15 years that will also be followed by three years of supervised release.