Spam Czar Nabbed in Spain May Have Link to Election Tampering

An alleged spam kingpin with possible ties to election meddling in the United States was arrested in Spain last week under a U.S. international warrant.

The alleged spam czar, Pyotr Levashov, was taken into custody in Barcelona while vacationing with his family, according to news reports.

Levashov was arrested for interfering with the 2016 U.S. presidential elections, the Russian news outlet RT reported, but a U.S. Justice Department official told Reuters the arrest was a criminal matter without any national security connections.

On its list of the world’s top 10 worst spammers, Spamhaus, a spam-fighting group, ranks Levashov No. 7.

He allegedly partnered with convicted “pump and dump” stock scam specialist Alan Ralsky to carry out a wave of fake antivirus software scams. The two reportedly also ran the Waledac botnet that infected 70,000 to 90,000 PCs over several years and was capable of pushing out 1.5 billion spam messages a day.

“Levashov has been able to evade prosecution for at least 20 years,” said Vitali Kremez, threat intelligence director at Flashpoint.

“From an email spam perspective, his arrest means we’ll be seeing less incoming malicious email,” he told TechNewsWorld.

Kelihos Clobbered

Meanwhile, the day after Levishov’s arrest, the U.S. Justice Department announced it had taken down the Kelihos botnet, which is believed to be part of the Russian’s spam empire.

“The operation announced today targeted an ongoing international scheme that was distributing hundreds of millions of fraudulent emails per year, intercepting the credentials to online and financial accounts belonging to thousands of Americans, and spreading ransomware throughout our networks,” said Acting Assistant Attorney General Kenneth A. Blanco of the DoJ’s Criminal Division.

“The ability of botnets like Kelihos to be weaponized quickly for vast and varied types of harms is a dangerous and deep threat to all Americans, driving at the core of how we communicate, network, earn a living, and live our everyday lives,” he continued.

“Our success in disrupting the Kelihos botnet was the result of strong cooperation between private industry experts and law enforcement, and the use of innovative legal and technical tactics,” Blanco said.

Among the new legal tactics used by the bot busters was a new kind of warrant authorized by recent amendments to the Rules of Federal Criminal Procedure that allows law enforcement to redirect Kelihos-infected computers to a substitute server, and to record the Internet Protocol addresses of those computers as they connect to the server.

Those IP addresses can be used to provide assistance to people whose computers have been infected with the malware.

Rent a Botnet

Taking down Kelihos should disrupt the spam ecosystem, noted Keith Jarvis, a senior security researcher at Dell’sSecureWorks.

“It was one of the larger, more active botnets out there,” he told TechNewsWorld, “and it was one for rent.”

Levashov made more money renting out his botnets than he did spewing spam from them, according to investigative journalist Brian Krebs.

For US$200, vetted users could hire one of Levashov’s botnets to send 1 million pieces of spam, Krebs noted. Auction and employment scams cost $300 per million, and phishing emails designed to capture usernames and passwords cost $500 per million.

“That’s why we saw a wide variety of spam over Kelihos over the years, but we should see smaller volumes of spam in in-boxes for the foreseeable future,” SecureWorks’ Jarvis said.

Election Meddling

Though a connection to the U.S. elections has not been established, Kelihos does have a known election connection.

The botnet was used in the 2012 Russian elections to send spam containing links to fake news stories saying Mikhail Prokhorov, a businessman who was running for president against Vladimir Putin, had come out as gay, according to The New York Times.

“There isn’t much public source information on the technical aspects of the Russian attacks on the DNC, so it’s hard to tell if spamming, one of Levashov’s specialties, was a technique used by the hackers,” observed Leo Taddeo, chief security officer for Cryptzone and a former FBI special agent.

“What we do know from the indictments issued last month against the Yahoo hackers is that Russian intelligence officers protected, directed, facilitated and paid criminal hackers to collect information through computer intrusions in the U.S. and elsewhere,” he told TechNewsWorld. “This means we can’t rule it out.”

It’s more than a possibility — it’s very likely to be true, maintained Avivah Litan, a security analyst with Gartner.

“The guys conducting cybercrime are the same guys that meddled in the elections,” she told TechNewsWorld. “They’re using the same infrastructure.”

John P. Mello Jr.

John P. Mello Jr. has been an ECT News Network reportersince 2003. His areas of focus include cybersecurity, IT issues, privacy, e-commerce, social media, artificial intelligence, big data and consumer electronics. He has written and edited for numerous publications, including the Boston Business Journal, theBoston Phoenix, Megapixel.Net and GovernmentSecurity News. Email John.

1 Comment

  • What exactly is election tampering? Because I noticed mainstream media ignored many stories on Hillary Clinton and spent way more bashing Trump. Wouldn’t this be called domestic election tampering? It used to be news organizations provided mostly equal time to candidates and kept opinions to a minimum so as to not taint voters. Sorry but elections in general this last series were full of false news, overhyped stories and ignored stories. The social sites were full of the same and were never challenged as fake or fact. Of course foreign governments have just as much influence given the access they have to American voters. But no more so than Obama and the Democrat’s trying to influence the Israel elections. Sorry but this is a two way street that is happening. Its not just the Russian’s trying these tactics. Clearly Trump was able to coral voters better than Hillary and I might add regardless of all the negative press he got. My advice to the Democrat’s back when the DNC was hacked was use better passwords. Same with John Podesta who obviously never bothered to use a good password either. Its obvious influences will happen and unless we have clear proof of actual voter fraud all political parties will just have to accept that outside and inside influence have become part of the political process.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by John P. Mello Jr.
More in Cybersecurity

Technewsworld Channels