WASHINGTON >> U.S. authorities announced today they are working to dismantle a global computer network that sent hundreds of millions of spam emails worldwide each year. The Russian man alleged to be at the head of the scheme was arrested Friday in Spain.
The U.S. Justice Department said it was working to take down the sprawling Kelihos botnet, which at times was made up of more than 100,000 compromised computers that sent phony emails advertising counterfeit drugs and work-at-home scams, harvested users’ logins and installed malware that intercepted their bank account passwords.
Controlling the vast network since 2010 was Pyotr Levashov, a 36-year-old described in U.S. court documents made public today as “one of the world’s most notorious criminal spammers.”
Levashov’s arrest in Barcelona on Friday, following a joint U.S.-Spanish operation, set cybersecurity circles abuzz after his wife told Russia’s RT broadcaster that he was being linked to America’s 2016 election hacking. Justice Department officials said today there was no such connection but declined to elaborate. Details of a pending criminal case against Levashov in the United States remain sealed.
Authorities and cybercrime watchers say Levashov also went by the name Peter Severa, who had long been mentioned in relation to the Kelihos botnet. Court documents filed today paint Levashov as a longtime spam kingpin who has been indicted more than once stemming from his sending of unwanted emails to promote various scams. In 2009, he was charged in the U.S. with operating the “Storm” botnet that was Kelihos’ predecessor, the documents say.
He is a fixture on the World’s Ten Worst Spammers list, currently coming in at No. 6, according to Spamhaus, an anti-spam organization.
With the Kelihos botnet, authorities say Levashov’s cluster of infected computers targeted Microsoft Windows users and operated undetected. The malware would search files known to contain usernames and passwords and send those back to the network’s mastermind, and would intercept real-time communications.
Authorities said they were able to derail the botnet in part because an infected computer secretly sends requests for further instructions back to the network’s operator. The FBI said it essentially rerouted those requests to an FBI-controlled substitute server and blocked the botnet’s efforts to regain control of the infected computers.
Investigators were able to disrupt the network because of new changes to federal rules that allow a judge to issue one warrant for computers or devices in multiple districts at once. Lawmakers late last year were concerned the rule change would make it too easy for the government to hack into computers during investigations. The Kelihos investigation was similar to past takedowns of botnets and investigators sought such a warrant as a precaution, a Justice Department official said today, speaking to reporters on condition of anonymity in order to discuss the ongoing case.
The work in the Kelihos case was a “disruption technique” and not a way for investigators to search the hard drives of personal computers, the official said, adding that investigators’ efforts are showing early signs of success in disrupting the botnet.
Levashov himself couldn’t immediately be reached for comment, and officials did not say whether he had a lawyer.
Vasily Nioradze, a spokesman for the Russian Embassy in Madrid, confirmed the arrest, but wouldn’t say whether Levashov was a programmer. Nioradze wouldn’t comment on reports of a U.S. extradition order. “As it is routine in these cases, we offer consular support to our citizen,” he said.