Next-Generation Technologies & Secure Development

Spanish Police Arrest Russian Computer Programmer

Alleged Spam Kingpin Pyotr Levashov Faces US Extradition
Spanish Police Arrest Russian Computer Programmer

Spanish police have arrested a Russian computer programmer, apparently while he was vacationing in Spain with his wife and son.

See Also: Live Webinar | Adversary Analysis of Ransomware Trends

Pyotr Levashov, 36, was arrested April 7 by police in the Spanish city of Barcelona, on a U.S. international arrest warrant, reports Spanish newspaper El País. It says he's being detained, pending his extradition hearing.

Some initial media reports - as well as a Russian propaganda arm - suggested that his arrest ties to the alleged Russian government interference in the 2016 U.S. presidential election.

But one source, speaking on condition of anonymity, said that the arrest is a purely a civil matter, and has nothing to do with any such national security concerns.

Later in the day, related court documents were unsealed, after which the Justice Department confirmed that the arrest relates to a civil complaint aimed at disrupting the Kelihos botnet. An unsealed warrant, dated April 5, authorizes the government to redirect Kelihos-infected PCs to government-controlled servers that warn victims and instruct them on steps they can take to remove the virus.

This is the fourth time authorities have attempted to disrupt the Kelihos botnet via such a takedown.

An unsealed criminal complaint, filed April 4, accuses Peter Yuryevich Levashov - aka Petr Levashov, Peter Severa, Petr Severa and Sergey Astakhov - of running the Kelihos botnet and being "one of the world's most notorious criminal spammers." It also accuses him of violating U.S. fraud and wiretapping laws.

"The operation announced today targeted an ongoing international scheme that was distributing hundreds of millions of fraudulent emails per year, intercepting the credentials to online and financial accounts belonging to thousands of Americans, and spreading ransomware throughout our networks," said Kenneth A. Blanco, an acting assistant attorney general in the Justice Department's criminal division. "Our success in disrupting the Kelihos botnet was the result of strong cooperation between private industry experts and law enforcement, and the use of innovative legal and technical tactics."

The Russian embassy in Madrid didn't respond to a request for comment on the charges. But an embassy spokesman confirmed to multiple media outlets April 9 that computer programmer Pyotr Levashov, a Russian national who resides in St. Petersburg, was arrested April 7, and that Spanish police notified embassy authorities of the arrest on the same day.

Peter Severa: Alleged 'Spam Lord'

Levashov is also known as "Peter Severa" - Pyotr is Russian for Peter - who's a frequent contributor to underground cybercrime forums as well as a notorious "spam kingpin," according to cybersecurity blogger Brian Krebs.

Indeed, anti-spam organization Spamhaus ranks Severa as seventh on its top 10 list of "the world's worst spammers," noting that he "writes and sells virus-spamming spamware and botnet access" and that he is "one of the longest operating criminal spam-lords on the internet." It says he's also suspected of running both the Waledac and Kelihos botnets.

The Justice Department in 2008 accused "Peter Severa, age unknown, of Russia" of collaborating with Alan M. Ralsky as part of a "complicated stock spam pump and dump scheme," and a related complaint accuses Severa of violating U.S. fraud and wiretapping statutes.

Pump-and-dump schemes involve hoax emails designed to coax investors into buying inexpensive stocks, in the hope that the stock's value will be artificially inflated, allowing stock holders to sell them at a higher price. In June 2009, Ralsky pled guilty to related charges and was sentenced to serve four years in prison. He was released on September 14, 2012. But Peter Severa had remained at large, until he vacationed in Spain.

April 11: This story was updated to reference the Justice Department's statement and related criminal complaint.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.