'Happy hacker' arrest: Did police just nab a cyber crime 'botmaster'?
An Algerian arrested at an airport in Thailand this week has defrauded 217 banks worldwide of tens of millions of dollars, Thai officials charge. They also say the FBI has been hunting him for three years.
(Page 2 of 2)
Even so, emerging clues suggest that the FBI may have helped nab one of the world's top 20 bank-hacking criminal masterminds – part of an ongoing global conspiracy that has stolen more than $100 million over the past six years.Skip to next paragraph
Subscribe Today to the Monitor
Bendelladj's possible role in the fraud has been explored by Brian Krebs, a respected cybersecurity blogger in the US. He says Bendelladj "fits the profile" of a hacker nicknamed “bx1,” with whom he communicated online in 2011. Mr. Krebs was startled to discover that the hacker he knew through online messaging appears to have the same contact information as an anonymous "John Doe" identified by Microsoft, in a legal papers filed last March, as an operator of botnets powered by the ZeuS and SpyEye banking trojans.
Krebs said someone using the e-mail address firstname.lastname@example.org contacted him via Microsoft’s MSN instant message service. That account used the alias “Daniel,” as well as the nickname bx1. Krebs also has photo identification cards, leaked onto the Internet last fall, that include the name Hamza “Daniel” Bendelladj and a picture that bears a striking resemblance to the "happy hacker" arrested in Thailand.
"I didn’t fully appreciate why I found this case so interesting until I started searching the Internet and my own servers for his e-mail address," Krebs wrote on his blog Thursday. "Turns out that in 2011, I was contacted via instant message by a hacker who said he was operating botnets using the Zeus and SpyEye Trojans. This individual reached out to me repeatedly over the next year, for no apparent reason except to brag about his exploits."
Of course, Krebs's digital bread crumbs are not conclusive in tying Bendelladj to a global bank-fraud conspiracy. Still, a former federal investigator who spent years tracking bank-robbing cyber criminals says Bendelladj's Mideast connections, educational background, and travel patterns are noteworthy.
"Based on what I've seen in news reports so far, this guy fits a profile of being the kind of typical hacker being bred in that region of the world," says Jason Smolanoff, a cyber investigator with the FBI for 12 years until 2011 and now a vice president with Stroz Friedberg. a global risk management firm.
Mr. Smolanoff spent most of his years at the FBI tracking cyber fraudsters who used Zeus and other malware to drain bank accounts. The preliminary reports coming out of Bangkok about Bendelladj are reminiscent, he says, of an FBI sting in which he participated, Operation Physh Phry (because it was a phishing scam that used fake e-mail to help defraud the unwary).
In October 2009, he says, the FBI Physh Phry ended with charges against more than 50 individuals in the US and nearly 50 Egyptian citizens, with charges including computer fraud, conspiracy to commit bank fraud, money laundering, and aggravated identify theft.
"In Egypt, at the time, this type of thing was an easy way to make money with what they thought was really low risk," he says. "It's still a prevalent problem in Egypt and across northern Africa. The Thai police say he got into 217 banks. This guy could have been doing small transactions across multiple banks to avoid getting caught – and still have stolen millions."