U.S. Crackdown on Russian Hackers Ensnares Notorious Spammer

U.S. efforts to disrupt Russian hacking rings took another step as a 10-year pursuit of a Russian man whom U.S. prosecutors called one of the world’s most notorious email spammers ended with his arrest in Spain, according to Bloomberg.

Peter Levashov, of St. Petersburg, Russia, hacked into email and bank accounts of thousands of Americans, federal prosecutors said in a statement. They said he also operated under the name Peter Severa, who is among the top 10 of the world’s worst spammers, according to a list maintained by the antispam organization Spamhaus.

The arrest is part of a crackdown on Russian hackers accused of targeting everything from financial institutions to the U.S. presidential election. U.S. intelligence agencies believe that Russia orchestrated computer attacks to meddle with the election last fall, including a break-in to systems operated by the Democratic National Committee. That investigation is underway, and no charges have been filed.

U.S. prosecutors said Levashov distributed malicious computer software, or malware, generating huge volumes of spam emails to advertise fake drugs, pump-and-dump penny stock schemes, work-at-home scams and other frauds. He linked as many as 100,000 computers around the world into a botnet using malware known as Kelihos, they said.

Federal officials said the malware has been in use in various forms since 2010, and that investigators were able to sever the link between the infected botnets and the criminals who were controlling them. A federal judge in Alaska issued a temporary restraining order against Levashov in the case, the officials said.

Alexander Ionov, a human-rights lawyer who is helping Levashov, said his client was arrested in Spain at the reqeust of the U.S., and that the Justice Department hadn’t followed international norms or consulted with Russia on the case.

Levashov used stolen passwords and co-opted internet addresses of thousands of victims’ computers to distribute spam to specified distribution lists, the U.S. said. He would also use login credentials harvested by Kelihos to gain unauthorized access to commercial email servers, which he used to send out spam messages that would appear to be sent from victims’ accounts, according to court papers.

For example, Levashov would offer to send one million spam messages for "legal" products, such as adult material, mortgages, pills and counterfeit goods for $200, according to the complaint. The price would go up from there, the U.S. said, with spam costing $300 per million messages for recuiting job seekers into fraudulent positions, such as "mules" to launder money.

Levashov’s most expensive offerings, at $500 per million, were email phishing attacks and messages that spread so-called ransomare. Spam promoting pump-and-dump penny stocks had an additional cost, a commission "based on the movement in the stock’s price that occurred as a result of the spam campaign," according to the complaint.