Podcast 13: SpyEye and the Smiling Hacker

Libsyn:

https://sites.libsyn.com/488183/episode-13-i-spy-with-my-little-eye-spyeye-and-the-smiling-hacker

YouTube:

https://youtu.be/CltJQxEfxaY

Rumble

https://rumble.com/v4hic4r-episode-13-i-spy-with-my-little-eye…-spyeye-and-the-smiling-hacker.html

Transcript Begins:

Jim Brangenberg: Welcome to the Digital Desperados podcast featuring Dark Tales from the Web. Patrick McMurphy is here today to tell us our dark tales. He’s joined by Brad Hawkins, founder and CEO of SaferNetVPN. And I’m Jim Brangenberg and I’ll serve as your story guide. I’ll do the best to keep these guys under control. This podcast, of course, is brought to you by SaferNetVPN.

Any more going online can be scary every time you click on a link. Join the mission to stay secure online with SaferNet vpn, perfect for small to medium sized businesses and families. This cyber security app provides a vpn, internet controls, virus protection, and keeping your work and family life in harmony, with 84 website filters keeping distractions away. Get secured now. Sign up at SaferNet. com. That’s SaferNet. com

Patrick, which dark tale are you telling us about today?

Patrick McMurphy: Today, Jim, I want to talk about Hamza Bendelladj, also known as BX1, the Smiling Hacker, or even the Robin Hood of Hackers, which is quite a title, as you can imagine.

Jim Brangenberg: He wears tights?

Patrick McMurphy: Maybe not, but hopefully not. So with Hamza, really, there’s not a lot known about his early childhood or even his early career. He’s born in 1988 in Algeria, and what’s known about Hamza as a young child is that he’s a genius. He has a profound interest in linguistics. And so later on, this actually comes up in life quite a bit because he becomes a polygot, as in he was able to speak five different languages all fluently, which is incredible.

And yeah it’s incredible. And we really see this later on in the story, how it affects his career. So Hamza growing up, he studied computer science in the University of Science and Technology in Algeria. And this was really his first formal brush with the whole world of cyber security and cyber crime.

And really just, it goes without saying that Hamza is great with computers. He’s great with technology, and he begins browsing hacking forums like a lot of these guys do. And so he gains the name BX1, that’s his first hacking name. And it was on these forums that Hamza became very close friends with a Russian guy by the name of Aleksandr Andreevich Panin, also known as, and wait for this for a hack in title, Gribodemon. So I don’t know why you’re gonna call yourself Gribodemon, but this is what Aleksandr’s going with.

Jim Brangenberg: I’m gonna go with Gribodemon, just cause it sounds better. Gribodemon. Have to say with a little bit of a Russian accent. Gribodemon!

(laughter)

Patrick McMurphy: Even better. I love that. Hamza and Gribodemon, they start off on what we would consider small scale stuff. They’re mostly doing minor phishing and wire fraud. However, what Hamza is doing is that

Brad Hawkins: Patrick, run through, just so that everybody gets caught up, minor phishing and wire fraud. What are they doing?

Patrick McMurphy: They’re really sending out emails to people in a number of languages, and this is the big one, they’re sending it all around the globe because Hamza can speak everything fluently. And so he’s sending out these emails saying, oh, this is your bank called, I know, X, Y, or Z.

Brad Hawkins: And that fluently is important because you can tell some of those phishing emails come in. This is somebody from Algeria or some crazy, some place that does not speak any English.

Jim Brangenberg: He was from Algeria. But he was from Algeria, Brad.

Brad Hawkins: But if he’s fluent, he knows English and you can’t get by that. So that’s, yeah, because I know a lot of people that say I can tell phishing emails because yeah, they’re just not clear.

Patrick McMurphy: But yeah, exactly. Maybe 70 percent of phishing emails are, have been translated with AI badly. But this guy is speaking in the targets exact language. And so he’s getting them to sign up to these services as a bank and commence wire fraud, basically wire transfers that they shouldn’t be committing, etc.

I know I said that small scale, but on how far this goes, you can see where this starts off on the small scale of things. So when they’re doing this Gribodemon and Hamza, they create their own malware called SpyeEye. And SpyEye at the time was created to compete with the Zeus malware.

Excuse me, so Zeus malware, you guys might remember, this was the biggest malware in the world at the time. Sorry guys, one second there, okay?

Jim Brangenberg: Alright, no problem. As as Brad takes, no Brad’s not taking a drink, how about Patrick’s taking a drink, we want to just talk about SaferNet.

You wouldn’t want to live in a metropolitan area without a house security system.

Why would you explore the internet without internet protection? Discover SaferNet VPN, your ultimate cybersecurity solution. Defend your work and home with ease. SaferNet offers a VPN, internet controls, virus protection for businesses and families. And I especially like the blocking of certain websites and the allowing of certain websites.

Take control with 84 website. filters, get secured now, control your internet access, control your internet usage, sign up at SaferNet. com. It’s reasonable, affordable, and it’s extraordinarily powerful. SaferNet. com. That’s SaferNet. com.

All right. So you’re saying that spy eye is the same powerful, Patrick, as Zeus.

Patrick McMurphy: Exactly. It’s on the same thing. Now, the thing is that the FBI we’re already looking at Zeus at this point. And by 2011 Zeus collapsed in itself and they re-released their, so their source code into the world. And so when this happens, it became huge for Hamza and Gribodemon. ’cause what happens, they can now disassemble Zeus code and augment it into SpyEye.

Jim Brangenberg: So they didn’t wanna have to do something all on their own. They just went and took somebody else’s software and modified it for themselves. Patrick, that’s what you’re saying?

Patrick McMurphy: Yeah, that’s exactly it. So they assume this way with phishing again, so they’re back in phishing, trying to spread SpyEye through phishing, using this mastery of languages that Hamza has. And yeah, this was incredible because once it was installed, it operated completely silently. The geo had engineered it so well that the antivirus of the day could not catch it at all.

Jim Brangenberg: Wow.

Brad Hawkins: Roughly, what year was this when they got this new software out?

Patrick McMurphy: This would have been after 2011. So probably close to 2012 once it was engineered with Zeus. And there was really two functions that SpyEye had. The first was it Keystroke log. Now if you’re not familiar with that, if malware is resting on your computer, it just examines what you’re typing. It’s called keystroke logging. It’s a very subtle way, but it’s actually quite hard to get down well.

The other thing was something called web injects, and this is where we get serious. So let’s say you have SpyEye on your computer. You log on to your bank. Let’s say you log on to chase. com. What happens is instead of seeing a normal chase, you actually get a fake chase page and you enter all your login details.

It never goes to chase. It goes back to the hackers then relays to chase, and you’re put forward as normal, but the whole time your entire page is overtaken by this web inject, basically.

Brad Hawkins: Wow, so basically it gives them the ability to be able to see and do anything they want to on your account.

Patrick McMurphy: Exactly. And so this information can be used to authorize bank transactions, steal money, or even sell off that information to other criminals.

Jim Brangenberg: Isn’t that called spoofing today? Don’t they call it spoofing, or is that not spoofing?

Patrick McMurphy: It is, but this was a time when web injections weren’t that well off as they are now. This was early time in what we see now. Okay. Now this was massively successful and massively, it infected millions of computers across the U. S. and across Europe. It infected more than 200 financial institutes in both regions also.

Brad Hawkins: It comes in just by somebody either in your business or somebody in your family, but usually your business, even any kind of an employee that just clicks on a link on a phishing email that it, that might not even go any further than that, but the software gets uploaded into their system and then they have access. Is that right?

Patrick McMurphy: That’s exactly it. It gets in through phishing and you cannot detect it. Even with a good anti virus, you can’t detect it.

Jim Brangenberg: You’re still clicking on a link though in order to activate it?

Patrick McMurphy: That’s exactly it. Yeah. Yeah. And it’s doing that drive by like download, or it could be another link, but it’s getting into your system that way.

Jim Brangenberg: That’s why I say that’s so powerful, Brad, because you keep people like me from clicking links like that to go to places that they say they’re going, but they’re really not.

Brad Hawkins: Yeah those phishing emails are so creative in the way that, that they send it. As a matter of fact, I got one. The electricity went out in our home yesterday and I got an apology email from my electric company that said, everything’s up and running.

And I looked at where it was coming from. It was not coming from my electric company. And it’s absolutely amazing how easy and clear, and they’re up on the fact that we just lost electricity. So these people are very creative. It would have been really easy to be able to click on that and see what else they had to say.

You might even think they’re going to give you a little discount for next month or something like that. But no, they’re, they just want to snag your information. So Patrick that’s amazing.

Jim Brangenberg: Patrick, how much money do these guys steal?

Patrick McMurphy: This is the thing. It’s actually unclear, but we’re, we are from anywhere from hundreds of millions to several billion.

And not only are these guys using SpyEye, they’re actually selling it to other hackers. So there’s multiple people using SpyEye during this one time. Now, the thing is, with Hamza, this ends up giving him a list in the, sorry guys, can I just take a break there for one second?

Jim Brangenberg: Absolutely. Brad, when you look at software hackers like this and you look at how they’re always changing things up all the time, how does SaferNet stay ahead of that stuff? Because all this stuff is coming up new all the time.

Brad Hawkins: Oh, one of the beautiful things that we do and it annoys developers a little bit because what we do is we block all brand new websites and we’ve got to be able to crawl them first to be able to determine if they’re a good website or a bad website.

And if we don’t have time to crawl it first, which may take a day or two, then we have to, then we just block anything new. And that’s where a lot of these hackers are crafty is they throw up a website and it might be up for two or three days, but so they don’t get tracked and they don’t get found out, they dump that one and start up another one. And so as long as, if we have not had time to

crawl it and determine what it is, we’re gonna block it. So even off the beginning of their website search that you’re gonna be operating in a safe zone.

Jim Brangenberg: All right, Patrick you were saying Hamza started selling copies. Is he distributing them on diskettes then, or what’s he doing?

Patrick McMurphy: Yeah it’s going around, it’s going around hacking forums and things like this. All the circles they run in. But he’s given a name by the FBI as he’s in the 10 most wanted list, as they’ll be saying. And so not only is he now pursued by the FBI, but also Interpol.

But straight away, we come across guys in this kind of case and, they lie low. Didn’t happen with Hamza. The money goes straight to his head. So now Hamza is going, staying in five star hotels. He’s renting Lamborghinis. The guy is just living it up. This is a great way, by the way, to get noticed by Interpol.

Do not stay in five star hotels if you’re followed by the FBI or anyone. So in 2013 he actually gets arrested in Bangkok in Thailand in the airport. Interpol, as I said, had been tracking him for some time at this point. And so it’s here, at the airport, he actually earns the nickname the Smiling Hacker.

And this is a very funny photo if you guys ever want to check it out. The photo of him getting arrested, he’s smiling ear to ear. And the guy arresting him is laughing for some reason. Never found out why. It’s a brilliant photo, but the guy is a mass criminal. It’s a messy one.

Brad Hawkins: At least he can be happy as he goes to jail.

(laughter)

Patrick McMurphy: Gotta be optimistic.

Brad Hawkins: It’s a life lesson right there, just no matter what happens in your life. Just keep smiling.

Jim Brangenberg: Just smile. That’s right.

Patrick McMurphy: I think so. I think so. But following his arrest, Hamza is extradited to the US to face charges, which is, pretty big business at this point.

Jim Brangenberg: So he is back in, he’s back in the US. They didn’t ship him to Russia this time, so he doesn’t get to be hired by the Russian government. So in the U. S., what happens to him?

Patrick McMurphy: Yeah it’s a weird one because, we do talk about these Russian guys a lot of the time. They’re shipped off to Russia. There’s some international incident, but straight away he just starts getting charged. There’s computer fraud. There’s electronic fraud, wire fraud, conspiracy to commit fraud. Basically, if it has the word fraud in it, probably guilty of it. Now the thing is, the odd thing, that around this time Hamza gets a ton of sympathy on social media, but especially from his home nation of Algeria.

Brad Hawkins: It’s because he’s smiling. People like smiling people.

Patrick McMurphy: It’s because, I’m telling you, it’s because of the smiling photo. It’s all because of the smiling photo. Now, I plan never to get arrested in my life, but if I ever come across that position, I will smile as broadly as humanly possible because this guy does. But on this whole, this social media move, there’s claims that he’s donated millions to charities. And so along with this smile, he gets the nickname Robin Hood, because this guy apparently took from everyone, was donated to charities, all these kind of things. Now, in my own research doing this, I can verify that there is actually exactly zero evidence that there was any donations ever taking place. It’s all made up. He was in hotels and Lamborghinis. That’s all it was. That’s where the money was.

Brad Hawkins: Donating to high end hotels instead of charities, huh?

Patrick McMurphy: Yeah, maybe to the Hilton, but that’s about it. Yeah, it’s incredible. And then furthermore, across this whole social media run, there’s rumors that the U. S. will sentence him to death. Now let me tell you something. I don’t know a whole lot about how exactly how some U. S. laws work, but I can tell you, you cannot be sentenced to death in the U. S. for computer crime. It doesn’t actually work like that at all. And in fact, the U. S. ambassador in Algeria needed to go on record to clarify that it was not possible in the United States to get this done.

Brad Hawkins: Wow. So is he in jail now?

Patrick McMurphy: He’s still in jail, but I do need to mention that our good buddy Gribodemon had some, for some reason, made the great decision to travel through Atlanta, where the cops immediately arrested him, and he got nine years in prison.

(laughter)

Brad Hawkins: I thought we said this guy was smart.

Patrick McMurphy: You would think so. You would think so, right? But no, Atlanta, Georgia is where you go.

Jim Brangenberg: They figured it was such a big airport, there’s no way he’d get noticed.

Patrick McMurphy: Once you have a name tag saying, Hi, I’m Gribodemon, I think the police are just all over you.

Jim Brangenberg: I wonder if that could still happen today.

Brad Hawkins: They’ve got this, they’ve got this face identity software out there. Matter of fact, I got on an airplane just a little bit ago. You don’t even have to show your identification, they just took a picture of you and your name popped up on the screen. That is, it is absolutely incredible what these cameras can do nowadays.

Jim Brangenberg: Twilight Zone.

Patrick McMurphy: Now, in terms of Gribodemon, he was sentenced to nine years. However, he’s already out and he’s deported. So the next time we get on to a Russian state sponsored hacker, Grigodemon is probably working for them, just so we’re clear on that one. He probably has a great Russian job right now.

In terms of Hamza, he went through, as you can imagine, a lot of sentencing. It began in late 2013, and eventually in 2016, he was sentenced to 15 years in prison and three years of probation, and according to that, he would be out quite soon. Now, if you look at these sentences there’s 15 years and 9 years.

That’s actually quite short for a couple of guys who may have stolen a couple of hundred billion dollars. And so look, realistically, when you’re looking at this, these guys made a deal. They sold out all their hackers. They would have had to to get short sentences like this. You always see this time and time again.

Realistically, when we look at Hamza, you can call him Robin Hood, but what he did, he stole money from innocent people, and he sold out a lot of his old allies. And really just to close out with Hamza’s story, I’ll quote Sally Yates here, who’s the U. S. attorney, she spoke about him. And she said, “In a cyber netherworld, he commercialized the wholesale theft of financial and personal information through the virus, which he sold to other cybercriminals. So this guy wasn’t Robin Hood, this guy was a crook. End of story.”

Brad Hawkins: It’s amazing to me that he got 14 years, which really means in our society, that they serve maybe half that. And I know people, as a matter of fact just recently I was hearing a story about a guy that, that stole I think it was like 6 million dollars and he got 28 years, 28 years for 6 million.

And what did this guy do with billions? And he got 14, which maybe means he served seven. So it’s, yeah I’ll never understand those things, but there might be other things that, that are tied into that but it’s just amazing to me.

Jim Brangenberg: To me, the amazing thing is that cyber crime is I mean it affects everybody and so many people are unaware of what’s going on around them and the banking thing. I’m, amazed at how many people that I go to that they have their banking password saved on their computer, so all you gotta do is click on the website, goes right in, they’re logged in. Like that’s not smart! I don’t get it. I don’t why do you do that?

We all need to be careful. But thank you to Patrick McMurphy for the story today about Hamza and really the Robin Hood of cyber criminals Thanks to Brad Hawkins from SaferNet for helping to bring us these compelling stories and give them the exposure that they need. Listeners, you heard it here – the internet and everything digital can have a dark side with many dark players like Hamza and Gribodemon.

It’s why you need SaferNet by your side. VPN, antivirus, 84 web filters, and so much more. Please, for your own online security, check out SaferNet. com and get secured today. Till next time, click only on the attachments you trust from those you trust and delete the rest or you may become the next victim of a digital desperado.

Transcript Ends.

As we wrap up this episode of “Digital Desperados,” it’s clear that the world of cybercrime is not just about the dark corners of the internet; it’s also about the light we can bring into our digital lives with tools like VPNs for privacy. Hamza Bendelladj’s story isn’t just a cautionary tale—it’s a call to action for each of us to take our online safety seriously.

Remember, whether it’s the story of a hacker with a penchant for lavish lifestyles or the daily risks we navigate through every email and click, the need for robust online protection remains constant. SaferNetVPN is more than just a service; it’s a commitment to privacy, to security, and to the peace of mind that comes from knowing you’re not alone in the fight against cyber threats.

So, as you close this tab or lock your phone, take a moment to consider your digital footprint. Are you protected? Is your privacy assured? Don’t wait for the answer to come in the form of a compromised account or a stolen identity. Take the helm of your online life with SaferNetVPN—your trusted shield in an unpredictable digital world.

Join us again for the next episode, where we’ll continue to shine a light on the shadowy tales of the web, and remember, with SaferNetVPN, you’re not just surfing the net; you’re surfing safely. Until next time, navigate wisely, stay alert, and safeguard your digital journey with VPN for privacy. Visit SaferNet.com to secure your online world today.