Russia’s King of Spam Unmasked
Pyotr Levashov has flooded inboxes with emails in the service of fraud schemes. And the U.S. elections? Unclear. But his botnet days may now be over.
The Russian computer programmer detained in Barcelona last week was the king of spam, according to a civil complaint released by the Department of Justice on Monday. The complaint is part of the DOJ’s plan to “dismantle” the botnet network, and alleges that Pyotr Levashov has spent at least the last seven years as a Russian botnet kingpin.
The complaint makes no link to the Big Question that has dominated American politics—who and what, precisely, was involved with Russian hacking of the U.S. elections that aimed to help Donald Trump win them. But, oddly, the state-funded propaganda organ RT (formerly Russia Today) raised the issue in an interview with Levashov's wife, who called the arrest "a nightmare."
The Spanish police "broke down our door at night, and put us on the floor in front of our 4-year-old son,” Maria Levashova told reporters. “They talked of some virus that my husband created, that helped Trump win.” She was allegedly informed by local police that he was suspected of various cyber crimes, including hacking related to the U.S. election. But those allegations have not been confirmed by the U.S. government. The Kremlin is portraying all this as nothing more or less than a witch hunt for Russians.
If so, by any standards Levashov is something of a warlock. He operated a software known as Kelihos under his alias Peter Severa, the complaint alleges. It infected computers and turned them into bots run by Severa, who could then use them to drum up spam emails for various fraud schemes. Emails drummed up by Levashov could be sold to anyone looking for lists to target with false advertisements, job offers, and other traps.
“Kelihos is also used to generate phishing emails, harvest user credentials, and to download additional malware onto victim computers, including ransomware and banking Trojans,” according to the complaint.
Levashov was previously charged in a D.C. federal court in 2009 for operating another botnet, according to documents released by the Justice Department on Monday. But that complaint was dismissed in 2014 because the U.S. couldn’t catch Levashov.
This time, Levashov’s case is playing out in Alaska, because his software has affected thousands of people there, according to an FBI affidavit. At any given time, as many as 100,000 computers can be affected by the botnet.
Levashov has operated Kelihos since 2010, according to the complaint, and used it to “harvest user credentials from victim computers.” The program searched infected computers for files containing usernames and passwords, which Levashov then sells.
Levashov paid affiliates higher rates for U.S. victims, FBI special agent Elliott Peterson wrote in an application for a search warrant. “I believe U.S. infections are prized by Levashov because many of his schemes are directed against an English speaking audience, and U.S. IP addresses tend to be trusted by many firewalls and spam detection systems.”
A million spam messages with “adult” advertisements go for just $200, according to the complaint, while spam attempting to recruit job-seekers goes for $300 per million.
“I have been serving you since the distant year 1999, and during these years there has not been a single day that I keep still, by constantly improving quality of spamming,” Levashov allegedly posted in an advertisement bragging about his abilities. “Now at your service there is the only one in the world unique technology of spamming via electronic mail, which provides maximum possible probability of delivering your message to the final recipient.”
According to The New York Times, those emails weren’t just used as an annoyance. The Kelihos botnet was allegedly used to interfere in the 2012 Russian election, where emails linked to the program sent out fake news stories about Mikhail Prokhorov, a Kremlin-tolerated Putin opponent in the election, coming out as gay.
The civil complaint asks for an injunction and restraining order to stop Levashov and associates from their online proclivities. A request for comment to the Department of Justice about possible criminal charges was not immediately returned.
“The operation announced today targeted an ongoing international scheme that was distributing hundreds of millions of fraudulent emails per year, intercepting the credentials to online and financial accounts belonging to thousands of Americans, and spreading ransomware throughout our networks,” said acting Assistant Attorney General Kenneth Blanco. “The ability of botnets like Kelihos to be weaponized quickly for vast and varied types of harms is a dangerous and deep threat to all Americans, driving at the core of how we communicate, network, earn a living, and live our everyday lives.”
—Anna Nemtsova also contributed to this article