Several years ago, federal agents traveled to Moscow to enlist the help of their Russian counterparts in arresting one of the world’s most pernicious email spammers. They were rebuffed, a former U.S. law enforcement official who was there said. The spammer, who used the pseudonym Peter Severa, was protected, probably by the Russian government, and could not be touched.
The agents went home and waited for their target to make a mistake.
Last week he did, traveling for vacation to Barcelona, Spain, where the agents who had been following him for years were ready. Early Friday, Spanish police burst into the hotel room where the spammer was staying with his wife and child and arrested him. Simultaneously, cybersecurity operatives from the FBI and several private companies took down his online network of tens of thousands of virus-infected computers.
Today, the Justice Department unsealed court papers accusing the spammer, whose real name is Peter Levashov, of wire fraud and unauthorized interception of electronic communications. Levashov, 36, is expected to be extradited to the United States.
His capture offers a behind-the-scenes look at a shadowy empire of online misbehavior. Officials said Levashov’s arrest and the takedown of his computer network ended a vast criminal enterprise that for more than a decade had drained bank accounts, committed stock fraud and flooded computers around the world with spam advertisements for cheap pharmaceuticals and remedies for erectile dysfunction.
Despite Russian media reports to the contrary, U.S. officials said Levashov played no role in attempts by Russian government hackers to meddle in the 2016 presidential election and, according to U.S. intelligence agencies, support the candidacy of Donald Trump.
But as the Trump administration’s early hopes of a rapprochement with the Kremlin have given way to increasing rancor, Levashov’s arrest is certain to heighten tensions. In the past, the Kremlin deplored such arrests as tantamount to kidnapping. An advisory on the website of the Foreign Ministry accused the United States of “hunting Russians around the world,” and urged citizens to take precautions. Levashov was captured three months after the arrest of Stanislav Lisov, a Russian hacking suspect, also in Barcelona.
The arrests are likely to increase discord when Secretary of State Rex Tillerson visits Moscow this week.
Government agents and cybersecurity analysts have followed Levashov since at least 2006. In that time, he has made a fortune clogging inboxes with spam using a network of computers infected with a malware known as Kelihos. He was also known to rent his huge network of virus-infected computers to other cybercriminals who would use it to tap bank accounts and distribute ransomware, viruses that encrypt all data in an infected computer or smartphone.
At times, according to cybersecurity specialists, Levashov had control of more than 100,000 computers. He has already been indicted twice in the United States on wire and computer fraud charges.
“He was a kingpin in the criminal underground,” said Brett Stone-Gross, a cybersecurity analyst who has tracked Levashov for years.
Despite such accusations, Levashov appears to have lived openly and lavishly in St. Petersburg, his hometown. He had a large home and bodyguards and traveled around town in an armored sedan, according to someone with knowledge of the investigation into his activities, who asked to remain anonymous because the information is confidential. His wife was said to be a high-end wedding planner sought by St. Petersburg’s elite.
Though he engaged primarily in criminal exploits, Levashov appears to have occasionally dabbled in politics, suggesting collusion with the Russian government.
During Russia’s 2012 presidential election, Levashov’s computer network was used to spread fake news stories about one of Vladimir Putin’s opponents, billionaire businessman and Brooklyn Nets owner Mikhail D. Prokhorov, saying he had come out as gay.
“Everybody who knows me knows I am a pervert,” a text overlaid on a picture of Prokhorov said.
Some have speculated that Levashov also helped facilitate a huge assault on Estonian government and banking computers in 2007 that is considered one of the first examples of cyberwarfare. The attack is widely believed to have been retaliation by Russia after Estonian authorities removed a World War II memorial to Soviet soldiers from its pedestal in the center of the capital, Tallinn.
Cooperation between Russian government agencies and cybercriminals is not uncommon. At any time, Russian hackers have access to the contents of millions of infected computers around the world, and there is evidence that Russian intelligence agencies piggyback on their criminal operations as a form of cheap intelligence gathering.
Last month, the Justice Department indicted two Russian intelligence agents, accusing them of working with a suspect in criminal hacking to breach Yahoo and steal account information from hundreds of millions of users.
Current and former FBI agents said they have rarely, if ever, received help from Russia to arrest cybercrime suspects. More often than not, they said, the hacker is recruited to work for the government.
Sending spam is not illegal in Russia, and cybercriminals usually avoid directing more harmful attacks against computers on Russian territory.
When arrests do occur, it is because the suspect enters a country with a more collaborative law enforcement relationship with the United States.