The Truth About The SpyEye Heist

It's something we all do more or less on a daily basis: enter our information into a website that claims it will keep it safe. Digitizing our information is so easy that we largely do so without a second thought as to the risk involved, and for this reason, it can easily be exploited. News reports of data breaches, internet scams, and other issues of online security regularly pop up in the news. According to Varonis, there were 3,950 data breaches worldwide in 2020 alone. So, next time you go to sign into your online banking, just keep in mind that there are people out there who want your data and are very crafty when it comes to getting it.

Take the SpyEye heist, for example. Named for the software that cybertheives used to steal users' private information, the malware infected over 1.4 million computers after it was released in 2009, according to the BBC. The code could record keystrokes, create fake log-in pages, and hijack computers to spam other computers. Aleksandr Panin, the alleged programmer behind the malicious software, was arrested in the Dominican Republic in 2013. In a rather sneaky and probably illegal move, the coder was sent to the United States without an official extradition order. There he pleaded guilty of conspiracy to commit bank and wire fraud. The Department of Justice announced in 2016 that Panin and another hacker involved in the SpyEye heist were given a combined 24-year prison sentence.

SpyEye was programmed to steal like a human

Once SpyEye had succeeded in stealing a victim's personal information, it was free to run amok in their accounts and do things like transfer money to the account of the hacker who had used the program. But as Computerworld reported in 2011, before authorities were able to get control of the situation, the developers of the malware had to alter its code to make it mimic how a human would act on the internet. A computer program can perform tasks like bank transactions in a fraction of the time it takes us humans to do so with our stubby sausage fingers. Banks were able to create programs that caught transactions that were logically too fast for a human to have done. So the creators of SpyEye had to write the code to make the program slow everything down, performing the tasks necessary to rob people blind in sluggish human time so as not to get caught.

Luckily, authorities were able to put a stop to SpyEye's reign of terror over the millions of people it affected. (According to Trend Micro, one cybercriminal known as Soldier used SpyEye to steal more than $3.2 million in 2010 and '11.) SpyEye Tracker, a website that tracked activity of the malware online, was finally shut down after not recording any SpyEye activity online in over a year, its creator proclaiming that "the SpyEye threat appears to be mitigated."