One of Worlds Most Wanted and Prolific Alleged Spammers Arrested

  /     /     /  
Publicated : 22/11/2024   Category : security


One of Worlds Most Wanted and Prolific Alleged Spammers Arrested


Suspected mastermind behind massive Kelihos botnet Petyr Levashov nabbed in botnet takedown operation.



The cybercrime underground is abuzz with the news that the infamous alleged spammer and Kelihos botnet operator Pyotr Levashov was arrested this weekend in Barcelona while on holiday there.
Levashov, a Russian citizen, was arrested by Spanish authorities via US cybercrime charges, and as part of a US Department of Justice takedown effort of the Kelihos botnet made up of tens of thousands of infected bots that distributed spam, stole login credentials, and installed ransomware and other malware. DoJ said it began blocking malicious domains tied to Kelihos on April 8.
The DoJ announced his arrest today as part of
an effort to disrupt and take down Kelihos
. The operation announced today targeted an ongoing international scheme that was distributing hundreds of millions of fraudulent e-mails per year, intercepting the credentials to online and financial accounts belonging to thousands of Americans, and spreading ransomware throughout our networks, said Acting Assistant Attorney General Kenneth Blanco.
Levashovs arrest sparked alarm and chatter online among other big players in the Russian cyber underground concerned about their own unmasking and possible indictment or arrest. Vitali Kremez, director of research at Flashpoint, says his firm has witnessed some underground players planning to tighten up their own operations, and that their chatter also confirmed that Levashov is also known by the alias Peter Severa. Levashov/Severa is listed by Spamhaus as one of the
10 Worst Spammers
in the world.
Weve been looking into him for quite some time, Kremez says. Hes one of the most wanted and prolific spammers whos ever operated in the Russian underground.
A source close to the case said Levashovs indictment will be unsealed tomorrow.
Not only is he behind spam and malware-rigged email campaigns, but Levashov also is tied to click-fraud and distributed denial-of-service operations. Hes considered a spam service provider to various underground attackers. Hes been operating underground the past 20 years successfully evading prosecution, Kremez says.
Levashov was indicted in 2009 but not extradited to the US for operating the Storm botnet, a predecessor to Kelihos that was then the worlds largest spamming botnet. He faced charges for spam to promote pump-and-dump penny stock schemes.
Adding to the intrigue surrounding his apprehension this weekend after nearly two decades of allegedly operating as one of the worlds most prolific spammers and botnet operators, the 
AP reports
that Levashov also may have ties to Russias hacking and leaking of information in an attempt to interfere with the outcome of the 2016 US presidential election.
His wife was quoted by Russian state media outlet RT that her husband later told her by phone that he was arrested in connection with malware linked to Trumps election win.
Given the notoriously grey area between cybercriminals and the Russian government, security experts say its not a big stretch that Levashov could have had a hand in the hacking activities by Russia last year to influence the US presidential election. But theres no indication thus far of his involvement.
Flashpoints Kremez says Levashov indeed has ties to the Russian government, but cant conclude that he was involved in the US election hacking operation. Levashov previously has been linked to pro-Russian government groups distributing spam including hacktivist group CyberBerkut. He would be the perfect cybercriminal for hire with his email filters and other tradecraft to deliver email spam campaigns, Kremez says.
Both Kelihos and CyberBerkut have operated pro-Russian government online campaigns spreading anti-Ukraine and pro-Russian rhetoric. CyberBerkut recruited pro-Russian government cyberwarriors to target Ukrainian websites in a distributed denial-of-service effort called Help Your Homeland, Kremez notes, and also is known for strategic leaks of information aimed at shaping public perception.
And its likely his botnet was also involved in the distribution of email spam linked to Russias interference in the US presidential campaign, he says.
If Levashov ultimately were to be investigated for any ties to the US election, it wouldnt be the first time hes dabbled in election-influence hacking. In 2012, his Kelihos botnet was used to send spam emails to Russian citizens with political messages and links to phony news stories about the then-presidential opponent to Vladmir Putin, Mikhail Prokhorov.
The lines between criminals and nation-state in Russia are more blurred than places elsewhere. Levashov has been known to play on both sides of the line. In 2012, he used his spamming capabilities to slander Putins opponents in the presidential election, says John Bambenek, manager of threat intelligence systems at Fidelis Cybersecurity.
But Bambenek isnt sold on Levashovs involvement in the US presidential campaign hacks. The hacking of DNC and John Podestas email wouldnt be terribly heavy lifts for him, but theyre not really in his wheelhouse of operations since those were more social media-centric campaigns, he says.
Headless Botnet
The good news is that the Kelihos takedown could result in less spam and malware-laden email in the short-term. We may see less spam emails being distributed, Kremez predicts.
Levashovs arrest may not kill Kelihos in the long run - botnet disruptions often are temporary as botnets get reinvented - but it does have a chilling effect on cybercriminals, at least in the short-term. Every arrest has people thinking, taking a step back, Fidelis Bambenek says. In some cases, they make improvements, in some cases, they make different decisions to evade authorities, he says.
The fact that one of the most wanted cybercriminals in the world dared to venture outside of Russia and risk arrest and extradition in Spain suggests he may have become overly confident and complacent about his immunity to law enforcement.
Weve known about this guy for a long time. He has operated fairly openly since 1999. I know the Russian authorities had been informed about his operations, Kremez notes. Levashov may have even wrongly assumed the Russian government would protect him outside of Russia, he says.
Levashov faces wire fraud charges.
Related Content:
Trump Extends Obamas EO for Sanctioning Hackers
Botnet Takedowns Spur Debate Over Effectiveness, Ethics
DoJ Indicts Russian FSB Officers and Cybercriminals in Yahoo Breach
[Check out the two-day
Dark Reading Cybersecurity Crash Course
at Interop ITX, May 15 & 16, where Dark Reading editors and some of the industrys top cybersecurity experts will share the latest data security trends and best practices.]

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
One of Worlds Most Wanted and Prolific Alleged Spammers Arrested