US TAKES DOWN HUGE BOTNET AS SPAIN ARRESTS NOTORIOUS RUSSIAN HACKER
US
TAKES DOWN HUGE BOTNET AS SPAIN ARRESTS NOTORIOUS RUSSIAN HACKER
Piotr or Peter Levashov, had operated the Kelihos network of tens
of thousands of infected computers, stealing personal data and renting the
network out to others to send spam emails by the millions and extort ransom
from computer owners.
US authorities moved
Monday to take down a global computer botnet behind the massive theft of
personal data and unwanted spam emails, as Spain arrested the notorious Russian
hacker who operated it.
US authorities say the Russian, Piotr or Peter Levashov, had
operated the Kelihos network of tens of thousands of infected computers,
stealing personal data and renting the network out to others to send spam
emails by the millions and extort ransom from computer owners.
Levashov, also
known in the hacking world as Peter Severa, was arrested at Barcelona airport
on Friday at the US request.
A Spanish judge on
Monday ordered him to be remanded in custody as Washington is expected to seek
his extradition. The US has 40 days to present evidence.
A US indictment unsealed Monday said Levashov, 36 and a native of
St. Petersburg, had operated the Kelihos botnet since around 2010.
Two years earlier
he was already in the sights of US investigators running another botnet and
managing the spam operations of a major US spammer, Alan Ralsky. Ralsky and
others were jailed in that case but Levashov was never caught.
– 100,000
computers infected –
The Kelihos network is made up of private computers around the
world running on the Microsoft Window operating system. The computers are
infected with malware that gives Levashov the ability to control them remotely,
with the owners completely unaware.
According to the
Justice Department, at times the number of computers in the network has topped
100,000, with between five and 10 percent of them in the United States.
Through underground networks, Kelihos sold the network’s services
to others, who would use it to send out spam emails advertising counterfeit
drugs, work-at-home scams, and other fraud schemes, the indictment said.
They were also
used for illegal “pump-and-dump” stock market manipulation schemes, and to
spread other malware through which hackers could steal a user’s banking account
information including passwords, and lock up a computer’s information to demand
huge ransoms.
Levashov was proud
of his work. According to Justice Department filings, earlier this year he
posted an ad for his work noting he had been in the spam business “since the
distant year 1999.”
“During these
years there has not been a single day that I keep still, by constantly improving
quality of spamming,” he said.
His prices rose
with the illegality of the operation. For legal ads, he charged $200 per
million spam emails. For scams and phishing attacks, it was $500 per million.
To help someone
with a stock manipulation, he wanted a deposit of $5,000-$10,000 to share his
list of 25 million traders. He also demanded 5 percent of the gains made on the
stock.
The Spamhaus Project, which documents spam, botnets, malware and
other abuse, listed Levashov as seventh on its “10 Worst Spammers” list and
“one of the longest operating criminal spam-lords on the internet.”
“The ability of
botnets like Kelihos to be weaponized quickly for vast and varied types of
harms is a dangerous and deep threat to all Americans, driving at the core of
how we communicate, network, earn a living, and live our everyday lives,” said
Acting US Assistant Attorney General Kenneth Blanco in a statement.
– Taking over the
network –
Levashov’s arrest
was unrelated to investigations into Russian interference in last year’s US
presidential election, US officials said.
Earlier, the
suspect’s wife had earlier told Russia Today that his arrest was connected to
the election hacking case.
In parallel with the arrest, US justice authorities announced an
extraordinary move to bring down the Kelihos network, obtaining warrants that
allows it to take control of the computers in the botnet by changing the
malware to intercept its operation.
That will direct
the Kelihos traffic to “sinkhole” servers set up by authorities, overtime
eliminating traffic through Levashov’s server network.
Such a move
appeared to be the first ever application of controversial new investigative
powers for US authorities which took effect late last year.
While the move
will give them access to private computers, investigators pledged to guard the
privacy of computer owners.
“This operation
will not capture content from the target computers or modify them in any other
capacity except limiting the target computers’ ability to interact with the
Kelihos botnet,” the warrant said.