United States v. Peter Levashov
On April 20, 2017, a federal grand jury sitting in Bridgeport, Connecticut returned an eight-count indictment charging Russian National, Peter Levashov, with multiple offenses stemming from his alleged operation of the Kelihos botnet – a global network of tens of thousands of infected computers, which he allegedly used to facilitate malicious activities including harvesting login credentials, distributing bulk spam e-mails, and installing ransomware and other malicious software. Levashov was charged with one count of causing intentional damage to a protected computer, one count of conspiracy, one count of accessing protected computers in furtherance of fraud, one count of wire fraud, one count of threatening to damage a protected computer, two counts of fraud in connection with email and one count of aggravated identity theft. The case has been assigned to Judge Robert N. Chatigny in Hartford.
As alleged in the eight count-indictment, a “botnet” is a network of computers infected with a malicious software that allows a third party to control the entire computer network without the knowledge or consent of the computer owners. Levashov allegedly controlled and operated the Kelihos botnet to, among other things, harvest personal information and means of identification (including email addresses, usernames and logins, and passwords) from infected computers. To further the scheme, Levashov allegedly disseminated spam and distributed other malware – such as banking Trojans and ransomware, and advertised the Kelihos botnet spam and malware services to others for purchase in order to enrich himself.
The indictment further alleges that during any 24-hour period, the Kelihos botnet was used to generate and distribute more than 2,500 unsolicited spam e-mails that advertised various criminal schemes, including deceptively promoting stocks in order to fraudulently increase their price (so-called “pump-and-dump” stock fraud schemes).
Spanish authorities arrested Levashov in Barcelona on April 7, 2017. The arrest was based upon a criminal complaint and arrest warrant issued in the District of Connecticut on March 24, 2017. Levashov has been detained since his arrest, and was extradited to the District of Connecticut in February 2018. On April 10, 2017 the United States Department of Justice announced that it had taken action to dismantle the Kelihos botnet. At the time of Levashov’s arrest, Kelihos had infected at least 50,000 computers.
On September 12, 2018, Levashov entered into a guilty plea, thus admitting in open court to his criminal conduct and avoiding the need for a trial. Since the late 1990s until his arrest in April 2017, Levashov controlled and operated multiple botnets, including the Storm, Waledac and Kelihos botnets, to harvest personal information and means of identification (including email addresses, usernames and logins, and passwords) from infected computers. To further the scheme, Levashov disseminated spam and distributed other malware, such as banking Trojans and ransomware, and advertised the Kelihos botnet spam and malware services to others for purchase in order to enrich himself. Over the course of his criminal career, Levashov participated in and moderated various online criminal forums on which stolen identities and credit cards, malware and other criminal tools of cybercrime were traded and sold.
Levashov pleaded guilty to one count of causing intentional damage to a protected computer, one count of conspiracy, one count of wire fraud and one count of aggravated identity theft. Levashov is currently detained. On July 20, 2021, Levashov was sentenced to time served. In addition, he was ordered to serve a three-year period of supervised release. The restitution order remains pending.