Back to court. The Algerian hacker Hamza Bendelladj is again prosecuted in court, this time French justice, noted Zdnet.fr. His trial, which is due to take place this Friday, May 19, could however be postponed at the request of the defense. Unusual detail, the one who is known on the web under the pseudonym of BX1 must attend this hearing remotely, by videoconference, from his American prison.
Sentenced for SpyEye
Hamza Bendelladj is indeed serving a fifteen-year prison sentence imposed in 2016 by the American justice system. He was being sued in the SpyEye malware case. Developed with the Russian Aleksandr Panin, this banking trojan, active for about three years, had succeeded in infecting more than 50 million computers. The innovative malware, a kind of successor to the botnet pest Zeus, which Hamza Bendelladj had promoted, for example on the Darkcode forum, made it possible to automate the theft of money from its victims. It would have caused nearly a billion dollars in damage.
After a hunt for several years, the FBI, the American Federal Bureau of Investigation, had identified several hackers behind the malware, including Hamza Bendelladj. Considered the most active cybercriminal with SpyEye, he had also worked on the development of the malware. BX1 was finally arrested in Thailand in January 2013. He then inherited the nickname “smiling hacker” because of his hilarious look during his arrest.
PyLocky, a ransomware discovered in 2018
In the shade, Hamza Bendelladj may not have drawn a line under his illicit activities. According to the new French judicial investigation conducted by the BL2C (Brigade for the fight against cybercrime), he was indeed behind the PyLocky ransomware. According to our information, the investigators suspect him because of a compromising IP address which taken to his prison.
Spotted since mid-2018, PyLocky encrypted the data of its victims before demanding a ransom in bitcoin against the decryption key. Distributed via spam campaigns, the ransomware targeted French organizations in particular, given the usurped “.fr” domain names. “It is very active in Europe and there are many victims in France both in a professional context (companies, communities, associations, liberal professions) and individuals”, summed up the Cybermalveillance public interest group at the time.
The ransomware could however be countered with the publication, in June 2019, of a decryption tool. The latter had been developed by the internal security technologies and information systems department (STSI2) of the Ministry of the Interior on the basis of information transmitted by the judicial services of the Paris police headquarters and by volunteer computer security researchers.