U.S. crackdown on Russian hackers ensnares notorious spammer

(Bloomberg) -- U.S. efforts to disrupt Russian hacking rings took another step as a 10-year pursuit of a Russian man whom U.S. prosecutors called one of the world’s most notorious email spammers ended with his arrest in Spain last week.

Peter Levashov, of St. Petersburg, Russia, hacked into email and bank accounts of thousands of Americans, federal prosecutors said Monday in a statement. They said he also operated under the name Peter Severa, who is among the top 10 of the world’s worst spammers, according to a list maintained by the antispam organization Spamhaus.

The arrest is part of a crackdown on Russian hackers accused of targeting everything from financial institutions to the U.S. presidential election. U.S. intelligence agencies believe that Russia orchestrated computer attacks to meddle with the election last fall, including a break-in to systems operated by the Democratic National Committee. That investigation is underway, and no charges have been filed.

Beyond the election hacking, the U.S. government has accused Russia of directing some of the world’s most notorious cyber criminals to break into computer systems in a broad scheme that married illicit profits and intelligence gathering.

'Embedded’ Agents

Last month, four Russians, including two Russian intelligence agents, were indicted in the U.S. over a computer breach affecting a half-billion Yahoo Inc. email accounts. One of them, prosecutors said, was “embedded” at a Russian financial firm identified as Renaissance Capital, controlled by the billionaire Mikhail Prokhorov, who also owns the Brooklyn Nets.

In December, after months of negotiation, Joshua Aaron, an American living in Russia, returned to the U.S. to face charges related to the largest known cyber attack on Wall Street. The U.S. said that Aaron and two Israelis stole data on 100 million customers of companies including JPMorgan Chase & Co. and Fidelity Investments.

U.S. prosecutors said Levashov distributed malicious computer software, or malware, generating huge volumes of spam emails to advertise fake drugs, pump-and-dump penny stock schemes, work-at-home scams and other frauds. He linked as many as 100,000 computers around the world into a botnet using malware known as Kelihos, they said.

"The ability of botnets like Kelihos to be weaponized quickly for vast and varied types of harms is a dangerous and deep threat to all Americans, driving at the core of how we communicate, network, earn a living and live our everyday lives,” Acting Assistant Attorney General Kenneth Blanco said in the statement.

Severed Link

Federal officials said the malware has been in use in various forms since 2010, and that investigators were able to sever the link between the infected botnets and the criminals who were controlling them. A federal judge in Alaska issued a temporary restraining order against Levashov in the case, the officials said.

Prosecutors said Levashov was first indicted in Michigan for email and wire fraud more than a decade ago. In 2009, he was again charged in federal court in Washington, D.C., with computer fraud related to his "Storm" botnet, a predecessor of Kelihos, according to the complaint.

Alexander Ionov, a human-rights lawyer who is helping Levashov, said his client was arrested in Spain at the reqeust of the U.S., and that the Justice Department hadn’t followed international norms or consulted with Russia on the case.

"By arresting Russians abroad, the U.S. is circumventing all international procedures," Ionov said. "Levashov wasn’t included in Interpol or FBI wanted lists."

Prosecutors said the case isn’t related to the alleged hacking of the U.S. election by Russia, contradicting published reports that quote Levashov’s wife.

For example, Levashov would offer to send one million spam messages for "legal" products, such as adult material, mortgages, pills and counterfeit goods for $200, according to the complaint. The price would go up from there, the U.S. said, with spam costing $300 per million messages for recuiting job seekers into fraudulent positions, such as "mules" to launder money.

Levashov’s most expensive offerings, at $500 per million, were email phishing attacks and messages that spread so-called ransomare -- spam that holds data hostage until victims pay to have it released, the U.S. said. Spam promoting pump-and-dump penny stocks had an additional cost -- a commission "based on the movement in the stock’s price that occurred as a result of the spam campaign," according to the complaint.

For reprint and licensing requests for this article, click here.