Botnet faces shutdown after spam lord's arrest

Russian's network behind huge theft of data and phishing attacks

WASHINGTON • The US authorities have moved to take down a global computer botnet behind the massive theft of personal data and spam e-mails, as Spain arrested the notorious Russian hacker who operated it.

They say Piotr (or Peter) Levashov had operated the Kelihos network of tens of thousands of infected computers, stealing personal data and renting the network out to others to send milllions of spam e-mails and extort ransom from computer owners.

Levashov, also known in the hacking world as Peter Severa, was arrested at Barcelona airport last Friday at the request of the United States.

A Spanish judge on Monday ordered him to be remanded in custody as Washington is expected to seek his extradition.

A US indictment unsealed on Monday said Levashov, 36, had operated the Kelihos botnet since around 2010.

The Kelihos network is made up of private computers around the world that have been infected with malware that gave Levashov the ability to control them remotely, with the owners unaware.

The Spamhaus Project, which documents spam, botnets, malware and other abuses, listed Levashov as seventh on its "10 Worst Spammers" list and "one of the longest-operating criminal spam lords on the Internet".

US officials said Levashov's arrest was unrelated to investigations into Russian interference in last year's US presidential election, despite a claim by his wife that it was.

According to the Justice Department, the number of computers in the network has topped 100,000 at times, with between 5 per cent and 10 per cent of them in the US.

Kelihos is alleged to have sold the network's services to others, who would use them to send out spam e-mails advertising counterfeit drugs, work-at-home scams and other fraud schemes, the indictment said.

They were also used for illegal "pump-and-dump" stock market manipulation schemes, and to spread other malware through which hackers could steal a user's banking account information, including passwords, and lock up a computer's information to demand huge ransoms.

Levashov was apparently very proud of his work.

According to US Justice Department filings, earlier this year he posted an ad for his work noting that he had been in the spam business "since the distant year 1999" .

His prices rose with the illegality of the operation. For legal ads, he charged US$200 (S$280) per million spam e-mails. For scams and phishing attacks, it was US$500 per million.

To help someone with a stock manipulation, he wanted a deposit of US$5,000 to US$10,000 to share his list of 25 million traders, and demanded 5 per cent of gains made.

The US authorities also announced moves to bring down the Kelihos network, obtaining warrants that allow them to take control of the computers in the botnet by changing the malware to intercept its operation.

That will direct the Kelihos traffic to "sinkhole" servers, over time eliminating traffic through Levashov's server network.


Join ST's Telegram channel and get the latest breaking news delivered to you.

A version of this article appeared in the print edition of The Straits Times on April 12, 2017, with the headline Botnet faces shutdown after spam lord's arrest. Subscribe