SAN FRANCISCO — For years Pyotr Levashov, aka Peter Severa, was known to authorities as one of the world’s most prolific spam kingpins.
Levashov, who lived in St. Petersburg, traveled freely under a lifestyle so lavish that one fellow Russian hacker told BuzzFeed News it “would have embarrassed an oligarch.” Last week, he was arrested in Barcelona while vacationing with his family under an international warrant at the request of the US.
Normally, the arrest of a spammer wouldn’t elicit international headlines, no matter how prolific. But over the weekend Levashov’s wife told the Russian state-owned broadcaster Russia Today that her husband’s arrest was due to his involvement in a “computer virus” that was “linked to Trump’s win.” Immediately, online forums were abuzz that one of the Fancy Bears — a group of Russian, government-linked hackers — had been caught.
Yet the arrest of Levashov, a well-known figure in cybercriminal circles, has less to do with the US government hunting down elusive members of the Russian government’s elite squad of hackers and more to do with authorities finally cracking down on the murky underworld of Russian cybercriminals who have aided Russia’s ever-growing cyberwar in pursuit of their geopolitical goals. For years, cybersecurity researchers and US authorities have tracked the murky ties between cybercriminals and the Russian state, including how malware first developed for criminal enterprises has made its way into state-sponsored cyberattacks on Russia’s neighbors. Over the last six months, US authorities have appeared to be stepping up their efforts to arrest the cybercriminals who work with the Russian state.
“We’ve reached a boiling point with Russia. They are the closest competitor to the US when it comes to cyberespionage and cyberattacks,” said Milan Patel, managing director at the K2 Intelligence cybersecurity firm and former chief technology officer of the FBI’s cyber division. “With Russia now, a lot is coming to the forefront and being made public about how they run their cyber activities.”
Last month, the US announced charges against two Russian intelligence officers and two hackers over a massive Yahoo breach. US authorities said the group hacked into Yahoo, compromising more than 500 million email accounts, in order to target the emails of just a handful of Russian journalists, opposition politicians, and government officials for cyberespionage.
On Monday, the Justice Department announced that Levashov's arrest had been part of an effort to "disrupt and dismantle the Kelihos botnet – a global network of tens of thousands of infected computers under the control of a cybercriminal that was used to facilitate malicious activities."
"The ability of botnets like Kelihos to be weaponized quickly for vast and varied types of harms is a dangerous and deep threat to all Americans, driving at the core of how we communicate, network, earn a living, and live our everyday lives,” said Acting Assistant Attorney General Blanco.
The announcement made no mention of the hacks on the DNC, or any other activity Levashov may have been involved in.
For years Levashov has been listed as among the top 10 perpetrators of spam in the world by Spamhaus, a group that tracks spammers. Cybersecurity researcher Brian Krebs has also documented how Levashov appeared to be a moderator for online communities that profited from spam, and how he served as a linchpin between virus writers with spam networks.
In 2012, Russian investigative journalists Andrei Soldatov and Irina Borogan reported that Russian hacker forums believed that Peter Severa (believed to be Levashov’s online alias) had been recruited by Russia’s national security service, the FSB. The researchers wrote that Peter Severa had been attempting to recruit hackers on online forums.
The alias of Peter Severa was also named in a 2012 court filing by Microsoft, which outlined how the extensive spam network had been used to spread a host of computer viruses. One of those, the Kelihos virus, was used to spread spam during the 2012 Russian elections that pushed fake news stories about the candidate running against Russian President Vladimir Putin. Those emails included unsubstantiated allegations that Putin’s opponent, Mikhail D. Prokhorov, had come out as gay.
It is unclear how, or if, Levashov is tied to the hacks on the DNC, as his wife told Russia Today. One Russian hacker, reached by BuzzFeed News Monday, said he was doubtful Levashov had any direct connection to the hacks, but that it was possible that malware developed by him had been repurposed in some form.
“They commin for everyon[e] man,” wrote the hacker, via a secure messaging app. His communication with BuzzFeed News was done so on condition of anonymity. “People need keep their head down.”
In previous conversations, the hacker, who says he has no ties to the Russian state, has said that Russian cybercriminals are alarmed by the recent arrests among their group and believe the US is on a vendetta. He said that while Russian cybercriminals still enjoy freedom of movement and protection within Russia — as long as their actions don’t target the Russian state — they have become increasingly paranoid about travel and communication outside Russia.
Outside Your Bubble is a BuzzFeed News effort to bring you a diversity of thought and opinion from around the internet. If you don’t see your viewpoint represented, contact the curator at firstname.lastname@example.org. Click here for more on Outside Your Bubble.
Sheera Frenkel is a cybersecurity correspondent for BuzzFeed News based in San Francisco. She has reported from Israel, Egypt, Jordan and across the Middle East. Her secure PGP fingerprint is 4A53 A35C 06BE 5339 E9B6 D54E 73A6 0F6A E252 A50F
Got a confidential tip? Submit it here.