A Russian cyber criminal has pleaded guilty of creating and distributing the notorious SpyEye malware, which in its heyday is believed to have infected over 1.4 million computers.
The FBI confirmed in a statement that Aleksandr Andreevich Panin admitted conspiring to commit wire and bank fraud for his role as the primary developer and distributor of the malicious software.
He will be sentenced by US district judge Amy Totenberg for his involvement in the SpyEye racket on 29 April 2014. Panin, who is known in cybercrime communities as Gribodemon or Harderman, was originally arrested by US authorities on 1 July 2013 at the Hartsfield-Jackson Atlanta International Airport.
SpyEye is believed to have been one of the most successful types of malware in history. It is designed to harvest financial information and compromised at least 10,000 bank accounts in 2013.
SpyEye's success is generally attributed to the business model behind it. The malware was traded on a number of cyber black markets with prices ranging from $1,000-$8,500. Panin is believed to have run the operation and is estimated to have sold it to 150 individuals. The FBI reported that one client, known as Soldier, managed to steal $3.2m in six months using SpyEye.
The FBI originally began hunting Panin in 2011 as a part of joint operation with Trend Micro's Forward-Looking Threat Research (FTR) Team, Microsoft's Digital Crimes Unit, Mandiant, Dell SecureWorks, Trusteer, and the Underworld.no Norwegian Security Research Team.
Panin is one of many criminals arrested for involvement in the SpyEye crimewave. US authorities also arrested an Algerian man named Hamza Bendelladj earlier in January and UK authorities arrested Lithuanian Pavel Cyganok, Estonian Ilja Zakrevski and Latvian Aldis Krummins in July 2012.
Acting special agent in charge of the FBI Atlanta Field Office Ricky Maxwell highlighted the SpyEye operation as a key victory, promising that the agency will continue to go directly after cyber criminals irrespective of their location.
"This investigation highlights the importance of the FBI's focus on the top echelon of cyber criminals. The apprehension of Mr Panin means that one of the world's top developers of malicious software is no longer in a position to create computer programs that can victimise people around the world," said the agent.
"Botnets such as SpyEye represent one of the most dangerous types of malicious software on the internet today, which can steal people's identities and money from their bank accounts without their knowledge. The FBI will continue working with partners domestically and internationally to combat cybercrime."
Trend Micro security director Rik Ferguson mirrored Maxwell's sentiment, arguing that arresting the masterminds behind cybercrime campaigns is the only long term solution.
"You may more often see stories that a botnet has been 'taken down' resulting perhaps in a massive drop in the number of infected computers, but these types of activity, while laudable are only temporary. Criminals will very soon come back and often come back stronger, having learned from their previous failures, the network of compromised computers will be rebuilt and the crime spree begins anew," he said.
Panin is one of many notorious cyber criminals to be arrested in recent years. Russian police arrested a man suspected to be the author of the notorious Blackhole exploit kit in October 2013. Following his arrest use of the Blackhole exploit kit has radically dropped.
Use the same password for every website? It might be time to change them all
Applicants for parking bay suspensions put at risk of credit card fraud by Islington Council
Robert Swan appointed interim CEO after Brian Krzanich's departure
Should you link your data sets to add value, or leave them separate to reduce risk?