Alleged Operator of Kelihos Botnet Extradited from Spain
New Haven, Conn. – A Russian national has been extradited from Spain and will be arraigned later today in Connecticut on charges stemming from his alleged operation of the Kelihos botnet – a global network of tens of thousands of infected computers, which he allegedly used to facilitate malicious activities including harvesting login credentials, distributing bulk spam e-mails, and installing ransomware and other malicious software, the Department of Justice announced today.
Acting Assistant Attorney General John P. Cronan of the Justice Department’s Criminal Division, U.S. Attorney John H. Durham of the District of Connecticut and Special Agent in Charge Patricia M. Ferrick of the FBI’s New Haven Division made the announcement.
Peter Yuryevich Levashov, 37, also known as Petr Levashov, Peter Severa, Petr Severa and Sergey Astakhov, of St. Petersburg, Russia, has been detained since April 7, 2017, in Spain when he was arrested by Spanish authorities based upon a criminal complaint and arrest warrant issued in the District of Connecticut.
Levashov is scheduled to be arraigned today at approximately 6:00 p.m. before U.S. Magistrate Judge Holly B. Fitzsimmons in Bridgeport.
“Levashov is alleged to have controlled and operated the Kelihos botnet which was used to distribute hundreds of millions of fraudulent e-mails per year, intercept credentials to online and financial accounts belonging to thousands of Americans, and spread ransomware throughout our networks,” said Acting Assistant Attorney General Cronan. “Today’s action, as well as the disruption of the Kelihos botnet in April 2017, demonstrates the Department’s steadfast commitment to working with our international law enforcement partners to identify cybercriminals and hold them accountable for their conduct.”
“It is alleged that, for years, Mr. Levashov profited handsomely by controlling a botnet that infected computers and affected computer users all over the world,” said U.S. Attorney Durham. “Thanks to the excellent work of the FBI, with the assistance of our law enforcement partners in Spain, he was identified and apprehended, and will now face justice.”
“As a result of a sophisticated and complex computer intrusion investigation, the FBI, working with national and international law enforcement partners, have now brought to justice an individual who, we allege, has been responsible for the theft of personal information and distribution of SPAM and malware through his operation of the Kelihos botnet,” said FBI Special Agent in Charge Ferrick.
As alleged in an eight count-indictment, a “botnet” is a network of computers infected with a malicious software that allows a third party to control the entire computer network without the knowledge or consent of the computer owners. Levashov allegedly controlled and operated the Kelihos botnet to, among other things, harvest personal information and means of identification (including email addresses, usernames and logins, and passwords) from infected computers. To further the scheme, Levashov allegedly disseminated spam and distributed other malware – such as banking Trojans and ransomware, and advertised the Kelihos botnet spam and malware services to others for purchase in order to enrich himself.
The indictment further alleges that during any 24-hour period, the Kelihos botnet was used to generate and distribute more than 2,500 unsolicited spam e-mails that advertised various criminal schemes, including deceptively promoting stocks in order to fraudulently increase their price (so-called “pump-and-dump” stock fraud schemes).
On April 10, 2017, the Justice Department announced that it had taken action to dismantle the Kelihos botnet.
On April 20, 2017, a grand jury in Bridgeport returned an indictment charging Levashov with one count of causing intentional damage to a protected computer, one count of conspiracy, one count of accessing protected computers in furtherance of fraud, one count of wire fraud, one count of threatening to damage a protected computer, two counts of fraud in connection with email and one count of aggravated identity theft.
An indictment is merely an allegation, and a defendant is presumed innocent unless and until proven guilty beyond a reasonable doubt in a court of law.
This matter is assigned to U.S. District Judge Robert N. Chatigny in Hartford.
The FBI’s New Haven Division and Anchorage Division are investigating the case, with the assistance of the Spanish National Police. Assistant U.S. Attorneys Vanessa Richards and David Huang of the District of Connecticut, with the assistance of Senior Trial Attorney Anthony Teelucksingh of the Criminal Division’s Computer Crime and Intellectual Property Section, are prosecuting the case. The Criminal Division’s Office of International Affairs handled the extradition in this matter, and the U.S. Marshals Service coordinated he defendant’s safe transport from Spain to the U.S.