World-Class Computer Hacker Arrested At Airport

[turbobox]

An expert Algerian computer hacker accused of stealing more than $10 million dollars from banks worldwide was arrested by Immigration police at Suvarnabhumi Airport. The elusive hacker had been on the U.S. list of 10 Most Wanted criminals for several years.

BANGKOK – January 7, 2013 [PDN]; at 11 a.m., the arrest of an internationally-wanted computer criminal was announced at the Office of Immigration by Pol. Lt. Gen. Phanu Kerdlarpphol, Commissioner of the Office of Immigration; Pol. Maj. Gen. Preecha Thimamontri, Deputy Commissioner; Pol. Maj. Prot Setthakorn, Inspector police of detecting and subduing, immigration 2; with the detective police team.

The suspect was identified as Mr. Hamza Bendillardge, age 24, nationality Algerian. He was arrested at Suvarnabhumi airport, and is charged with crossing national borders to commit crimes, according to the arrest warrant 7/2556, dated January 4, 2013.

Police seized the evidence of a Samsung notebook computer, a Mac Air notebook, a Microsoft tablet, a phone satellite and many external hard disks.

Before his arrest, Mr. Hamza had been vacationing with his family in Malaysia, and was on his way to Cairo, Egypt. But he was arrested during a layover at Suvarnabhumi airport to transfer planes on his Egyptian Airlines flight.

During a background check, officials discovered that Mr. Hamza began his criminal activity in 2008. He was on America’s Ten Most Wanted list and was hunted by U.S. authorities for three years.

Pol. Lt. Gen. Phanu revealed that Mr. Hamza is an expert in computer skills, after graduating from colleges with a major in the computer field. After college, Mr. Hamza used his skills to hack into commercial banks in the U.S.A. to steal information from account holders, which he used to steal funds.

After his arrest, Mr. Hamza confessed to becoming an illegal computer hacker immediately after graduating from college. He said he was not affiliated with any criminal group. He worked alone and committed his crimes from locations around the world.

The money he made from computer hacking was spent on traveling and personal expenses, he said. It is estimated that Mr. Hamza has stolen the equivalent of more than $10 million U.S. dollars from various bank accounts.

Officials estimated that more than 217 computers worldwide have been attacked by viruses sent by Mr. Hamza, with total losses from theft and damages in many millions of dollars.

Initially, the police will send Mr. Hamza to the U.S.A. to prosecute on charges of cheating banks through electronic means, according to the arrest warrant of the district court of the state of Georgia in the U.S.A.

Source: http://www.pattayadailynews.com/en/2013/01/08/world-class-computer-hacker-arrested-at-airport/

 

[Ninja]

transit are are the place which didnt belongs to ANY country!
wtf happend there?

 

[marocx]

I don't know if this is true, my friend had a transit in Spain and was wanted there and they held him for 2days

 

[Antiyou001]

Why is he smiling on the picture ?

 

[wuatmz]

He smiles because he is 24 and has 10 million dollars. I would smile too.

 

[mannersman]

AMERICA CAN EMPLOY HIM ANYWAY... SOME BANKS NEED A GREAT HACKER LIKE HIM ANYWAY.

 

[bravo1]

He smiles because he is 24 and has 10 million dollars. I would smile too.

won't do him much good while he's in jail for a couple of years

 

[generalguich]

he smile because where he get caught they probably considerate him like a star. they are happy to get pics with.(lollllllllll) but when he gonna face some us jail its not gonna be the samething

 

[Doozer]

He smiles because he is 24 and has 10 million dollars. I would smile too.

 

[Xehanort]

Simple mistakes bx1, simple.

He never really had a grip on tightening his security, even back in the good ol days of opensc he flaunted too much and attempted to do to much at one, often times disclosing various info mistakenly

 

[Shippuden]

transit are are the place which didnt belongs to ANY country!
wtf happend there?

Europool and their big blacklisted database

 

[Rome0]

transit are are the place which didnt belongs to ANY country!
wtf happend there?

Thailand Police Lieutenant General Pharnu said: "We were tipped off to his arrival by the FBI, who have been following his case for the past three years.

http://www.humanipo.com/news/3139/M...-Hacker-wanted-by-the-FBI-arrested-in-Bangkok

 

[Shippuden]

http://www.humanipo.com/news/3139/M...-Hacker-wanted-by-the-FBI-arrested-in-Bangkok

the work of the FBI via Europol , there is not FBI on Thailand , the only place where the FBI feds are living at the moment is Romania

FBI -----> Interpol/Europol ------> Local Police ( this is the same process around the world ) and this is why when you have certain Status , you have to change your Identity ( surgically i think $10 Million can do that for your security )

 

[bravo1]

the work of the FBI via Europol , there is not FBI on Thailand , the only place where the FBI feds are living at the moment is Romania

FBI -----> Interpol/Europol ------> Local Police ( this is the same process around the world ) and this is why when you have certain Status , you have to change your Identity ( surgically i think $10 Million can do that for your security )

yes, too bad he didn't do this

 

[turbobox]

Anybody here knows this guy? was he member of this forum?

 

[Xehanort]

Anybody here knows this guy? was he member of this forum?

look at my post on the first page, the last one

 

[Doozer]

Shit man, that was bx1 ???
I know him for a long time.
Fer years now from opensc.ws.
Good guy.

 

[Xehanort]

Shit man, that was bx1 ???
I know him for a long time.
Fer years now from opensc.ws.
Good guy.

Yea it was him, good guy my ass. He use to be such a prick, always flaunting stuff around. Why do you think his stuff got leaked? cause he was always saying how hes better then everyone loool.

he had strong connections to some really good coders, but other then that bx1 was a strong figure head. Never really cared for securing himself much

 

[Doozer]

I talked with him many times, not about carding, coding, hacking and that shit.
We talked about many other things in life.

 

[SaizKan224]

UPDATED news on his arrest and further information

http://www.kashifali.ca/2013/01/10/police-arrest-alleged-zeus-botmaster-bx1/

A man arrested in Thailand this week on charges of stealing millions from online bank accounts fits the profile of a miscreant nicknamed “bx1,” a hacker fingered by Microsoft as a major operator of botnets powered by the ZeuS banking trojan.


As reported by The Bangkok Post, 24-year-old Hamza Bendelladj, an Algerian national, was detained this weekend at Bangkok’s Suvarnnabhumi airport, as he was in transit from Malaysia to Egypt. This young man captured news media attention when he was brought out in front of Thai television cameras handcuffed but smiling broadly, despite being blamed by the FBI for hacking into customer accounts at 217 financial institutions worldwide.

Thai investigators told reporters that Bendelladj had amassed “huge amounts” in illicit earnings, and that “with just one transaction he could earn 10 to 20 million dollars. He’s been travelling the world flying first class and living a life of luxury.”

I didn’t fully appreciate why I found this case so interesting until I started searching the Internet and my own servers for his email address. Turns out that in 2011, I was contacted via instant message by a hacker who said he was operating botnets using the Zeus and SpyEye Trojans. This individual reached out to me repeatedly over the next year, for no apparent reason except to brag about his exploits. He contacted me via Microsoft’s MSN instant message platform, using the email address [email protected]. That account used the alias “Daniel.” I later found out that Daniel also used the nickname bx1.

According to several forums on which bx1 hung out until very recently, the man arrested in Thailand and bx1 were one and the same. A review of the email addresses and other contact information bx1 shared on these forums suggests that bx1 was the 19th and 20th John Doe named in Microsoft’s 2012 legal suit seeking to discover the identities of 39 alleged ZeuS botmasters. From the complaint Microsoft submitted to the U.S. District Court for the Eastern District of Virginia, and posted at Zeuslegalnotice.com:

msjohndoes“Plaintiffs are informed and believe and thereupon allege that John Doe 19/20 goes by the aliases “Daniel,” “bx1,” “Daniel Hamza” and “Danielbx1” and may be contacted at messaging email and messaging addresses “565359703,” [email protected], [email protected], [email protected], daniel.h.b@universityof sutton.com, [email protected], [email protected], [email protected], and [email protected]. Upon information and belief, John Doe 19/20 has purchased and used the Zeus/SpyEye code.”

The Daniel I chatted with was proud of his work, and seemed to enjoy describing successful attacks. In one such conversation, dated January 2012, bx1 bragged about breaking into the systems of a hacker who used the nickname “Symlink” and was renowned in the underground for writing complex, custom Web injects for ZeuS and SpyEye users. Specifically, Symlink’s code was designed to automate money transfers out of victim banks to accounts that ZeuS and SpyEye botmasters controlled. Here’s an excerpt from that chat:

(12:31:22 AM) Daniel: if you wanna write up a story

(12:31:34 AM) Daniel: a very perfect

(12:31:34 AM) Daniel: even Interpol will get to you

(12:31:35 AM) Brian Krebs: ?

(12:31:42 AM) Daniel: i hacked the guy who fucked most banks

(12:31:48 AM) Daniel: symlink the guy who made ATS

(12:31:49 AM) Daniel:

(12:32:02 AM) Daniel: ATS = Auto Transfer System

(12:32:15 AM) Daniel: and get his Backups + Pictures and all his details

(12:32:37 AM) Daniel: Recent Job etc etc

(12:33:06 AM) Brian Krebs: what’s his name?

(12:33:17 AM) Daniel: full name ?

(12:34:03 AM) Brian Krebs: yeah

(12:34:10 AM) Daniel: hmmmm

(12:34:50 AM) Daniel: besliu vasile

(12:35:01 AM) Brian Krebs: what kind of name is that?

(12:35:11 AM) Brian Krebs: romanian?

(12:35:13 AM) Daniel: Moldovian name

(12:35:53 AM) Daniel: he is ugly motherufcka.

(12:36:18 AM) Daniel: after i hacked him he said that i destroyed his life (

(12:36:27 AM) Brian Krebs: aww

(12:36:55 AM) Daniel: yea because i spoke to him

(12:37:10 AM) Daniel: i said how much u pay for ur info to stay private

(12:37:19 AM) Daniel: then he said he destroyed his [hard drive]

(12:37:28 AM) Daniel: i said i dont care i got Backup

(12:37:32 AM) Daniel: it tooks me months to download all

(12:37:48 AM) Daniel: his Previous job..ats..proof video

(12:37:55 AM) Daniel: his picture with Zeus botnet showing up money

(12:38:12 AM) Daniel: his car Plate number

(12:38:17 AM) Daniel: Girls Friends

(12:38:23 AM) Daniel: his workshop. he is mechanic

(12:40:49 AM) Brian Krebs: huh. how come it took you months to [download]?

(12:41:43 AM) Daniel: i waiting for him

(12:41:46 AM) Daniel: if he don’t [pay] then i share just his personel info

(12:41:57 AM) Daniel: and videos that proof abt his jobs etc etc

—

It’s not clear whether bx1 had anything to do with it, but according to a lengthy thread on Mazafaka, one of the Underweb’s most exclusive cybercrime forums, Symlink was arrested late last year in Moldova. In a post on Oct. 11, 2012, forum regulars said Symlink had been arrested the day before, and that he got caught because he flaunted his ill-gotten wealth with fancy cars (a fully loaded Land Cruiser 200, valued at more than $100,000) and ostentatious lifestyle choices that were apparently considered far beyond the means of a local auto mechanic. As they do anytime a forum member gets arrested, the forum administrators banned Symlink’s account to distance themselves from the former member.

“Economic police came to symlink yesterday. All computers were seized, one was encrypted and two not, all jabbers at the moment of seizure were online. Ban him temporarily, but better permanently. He was received adultly [meaning, arrested seriously]. Idiot overplayed.”

It’s safe to say that bx1 had his share of enemies, and its possible that Symlink and/or his buddies got the last laugh. According to information obtained by KrebsOnSecurity, attackers recently targeted bx1 in a successful hack to break into his computer, making off with many files, email messages, screenshots and images from his machine.

img068Among them were scanned copies of two identity cards, both bearing the name and likeness of Hamza “Daniel” Bendelladj; one from a “University of Sutton,” and another that appears to be some kind of international ID card. It’s not clear whether these documents are legitimate or manufactured, but probably the latter: the domain attached to bx1′s MSN email address — universityofsutton.com — is registered with the following contact data:

domain: universityofsutton.com
owner: Daniel Delcore
organization: VIRUS & Malware Scanner
email: [email protected]
address: 522 8th street
city: Columbus
state: IN
postal-code: 47201
country: US
phone: +1.7573011758
admin-c: CCOM-1611324 [email protected]
tech-c: CCOM-1611324 [email protected]
billing-c: CCOM-1611324 [email protected]