Who is Pyotr Levashov, the Russian allegedly in control of a massive botnet

Pyotr Levashov seated wearing blue shirt.

US Justice Department is working to dismantle the Kelihos botnet, a global computer network of tens of thousands of infected computers that sent millions of spam emails, harvested users’ login credentials and installed various malicious software every year. The Russian computer programmer allegedly in control of the massive botnet, Pyotr Levashov, was arrested in Spain over the weekend.

Officials said the Kelihos botnet collected user credentials by intercepting network traffic and scouring infected computers for usernames and passwords. The stolen data was then used to further Levashov’s spamming operation that was advertised on multiple online criminal forums. Levashov was also known to rent out the massive network of infected computers to other online criminals.

Russian government-backed broadcaster RT reported Levashov was detained in Spain on a US warrant and quoted his wife, Maria Levashova, as saying he was being linked to the recent US election hacking attacks. Last year, Washington accused Moscow of attempting to meddle in the US election via cyberattacks. Earlier this year, US intelligence agencies accused President Vladimir Putin of orchestrating an “influence campaign” to hurt Hillary Clinton’s bid for the White House and help Donald Trump win the presidency. The Kremlin has continued to dismiss the allegations.

Pyotr Levashov seated wearing blue shirt.

The video below shows Pyotr Levashov seated wearing a blue shirt.

Levashov’s business is simple: Create a network of infected computers through malicious software included in massively sent emails, and in turn use these computers to send more emails, in a vicious circle. The detainee is now in 7th place of ROKSO, a list that combines the largest spam operations in the world.

For several years, these alleged criminal operations of Levashov, sent more than 1.500 million emails every day with more than 70,000 infected computers. Between 2010 and 2012, documents collected after the closing of one of its operations, revealed revenues of up to $ 145,000 over three years after millions of emails sent.

It is less clear whether he participated or assisted during the campaign of computer attacks against prominent members of the two dominant political parties in the United States. But, neither the FBI nor the Russian embassy in Madrid have given more data.

But if, as Russian security experts cite, it has been recruited by the F.S.B., Federal Security Service of the Russian Federation and heir to K.G.B. Where he began his career as an official Putin himself, Pedro del Norte could have been one of the main collaborators at a technical level.

FBI Director James Comey confirmed on March 20 that his agency is investigating Russia’s efforts to interfere in the 2016 presidential election, including any possible coordination between Donald Trump’s campaign partners and the Russian government. The FBI’s investigation also seeks to shed light on how stolen emails came from, among others, John Podesta, the campaign chief for Hillary Clinton and Wikileaks, who published them months before the election.

If Levashov was part of the network, it could take years to know. At the moment, more than one possible extradition to the United States by the Spanish authorities is pending.

It is less clear whether he participated or assisted during the campaign of computer attacks against prominent members of the two dominant political parties in the United States. But, neither the FBI nor the Russian embassy in Madrid have given more data.

At times the botnet swelled to more than 100,000 infected computers and was used to carry out various spam attacks including advertising counterfeit drugs, “pump-and-dump” stock fraud schemes, work-at-home scams and other fraudulent activity. It also injected various malicious software onto victims’ computers such as ransomware and malware to intercept users’ bank account details and passwords.

Cybersecurity experts say Levashov also went by the aliases Peter Severa and Peter of the North. KrebsOnSecurity reports that “there is ample evidence” that he is also the cybercriminal behind the Waledac spam botnet. In 2009, Levashov was charged with operating the notorious “Storm” botnet, Kelihos’ predecessor. According to anti-spam organisation Spamhaus, Levashov is listed as one of the World’s Ten Worst Spammers and “one of the longest operating criminal spam-lords on the internet” at No 6.

To liberate “victim computers”, US authorities obtained court orders to take measures to neutralise the botnet by establishing substitute servers to receive the automated requests from the criminal botnet operator and block any further commands attempting to regain control of these computers.

US authorities said they worked with security firm Crowdstrike and The Shadowserver Foundation to analyse the evolving malware code. The operation to take down the Kelihos botnet used a recent judicial change that allows the FBI to obtain a single search warrant to remotely access computers or devices in multiple districts at once.

Yesterday, the Daily Mail published the picture of the alleged hacker Pyotr Levashov. Source: Daily Mail

A Justice Department official said the warrant was used as a legal precaution. The official noted that Kelihos-infected computers were not infiltrated by investigators but were redirected to a substitute server, known as a “sinkhole”, to cut off the connection between the compromised devices and the botnet operator.

Russian computer programmer and alleged spam kingpin Pyotr Levashov was arrested in Barcelona over the weekend, a Russian embassy spokesman in Madrid said, Reuters reports. A Spanish police spokesman told AFP that Levashov was arrested on Friday (7 April) at Barcelona airport “by officers of the police technological investigation unit following an international complaint”. He was later transferred to Madrid, the spokesman said.

Russian government-backed television station RT reported that Levashov, who was suspected of being involved in the cyberattacks linked to the US presidential election last year, was arrested under a US international arrest warrant.

Levashov’s wife Maria told RT that her husband was being detained “at the request of the American authorities in connection with cybercrime”, AFP reports. The Russian news channel quoted her as saying that the Spanish police informed her that “a virus which appears to have been created by my husband is linked to the victory of Trump” in the November election.

Just a regular computer user. I write for regular users like me. When we grow up we are taught basic security tips like how to cross the street. But we are not taught how to take care of ourselves online.