‘Big hunt’ for Russian hackers, but no obvious election link
Pyotr Levashov appeared to be just another comfortable member of Russia’s rising middle-class — an IT entrepreneur with a taste for upmarket restaurants, Thai massages and foreign travel.
Then police raided his vacation rental in Barcelona, marching him out in handcuffs to face charges of being one of the world’s most notorious spam lords.
Levashov’s April 7 arrest was one in a series of American-initiated operations over the past year to seize alleged Russian cybercriminals outside their homeland, which has no extradition agreement with the United States.
They come at a fraught moment in relations between Moscow and Washington, where politicians are grappling with the allegation that Kremlin hackers intervened in the U.S. election to help President Donald Trump. Through their lawyers, several defendants have suggested their arrests are linked to the election turmoil. Experts say that’s possible, though an Associated Press review of the cases found no firm evidence to back the claim.
“There is a big hunt underway,” said Andrei Soldatov, an expert on the Russian security services and co-author of “Red Web,” a book about Russian attempts to control the internet. He said the recent burst of arrests made it look like the United States was “trying to understand what’s going on with a very complicated world of Russian hacking and a very complicated relationship between Russian hackers and Russian secret services.”
But Soldatov didn’t rule out another possible explanation: The imprisoned Russians may be falsely tying their arrests to Trump’s election in a bid to sow confusion and politicize their cases.
“It’s a very big question,” he said.
“HE GOT TO EVERY MAILBOX THERE EVER WAS”
At least five Russians have been picked up in Europe as part of U.S. cybercrime prosecutions in the last nine months.
Evgeny Nikulin, 29, was arrested in a restaurant in Prague in October, accused of hacking into LinkedIn and Dropbox around the time that tens of millions of users there were compromised; Stanislav Lisov, 31, the alleged developer of the NeverQuest financial data-stealing software, was detained at Barcelona’s airport during his honeymoon in January; and Yury Martyshev, 35, accused of helping run a service that let cybercriminals test-drive their malicious software, was recently extradited to the U.S. after being pulled off a train at the RussiaLatvia border in April. On Tuesday, Alexander Vinnik, 38, was arrested at his hotel in Greece on charges of running a money laundering ring for hackers that processed billions of dollars in digital currency.
Levashov, who made his first court appearance in Madrid for a brief hearing Wednesday, is easily the best known of the five. The 36-year-old is charged with fraud and unauthorized interception of electronic communications, but his spamming career is said to stretch back to the turn of the millennium, when the business of stuffing email inboxes full of pitches for cut-price pills and penny stocks was still largely unregulated.
Court documents trace how Levashov, using the alias Peter Severa, teamed up in 2005 with Alan Ralsky, an American bulk email baron once dubbed the “King of Spam.”
Ralsky described the Russian as a master of his trade.
“He made me look like an amateur,” Ralsky said in a recent interview. “He got to every mailbox there ever was.”
Spammers can make a lot renting out their services to those peddling grey market pharmaceuticals or pornography. Ralsky said Levashov was pulling in “more money than you could shake a stick at” and travelled widely, saying he remembered getting vacation snaps of the Russian enjoying himself at a fishing cabin in Finland or the famously expensive Burj Al Arab hotel in Dubai.
By then, Levashov had crossed American law enforcement’s radar.
In 2007, he was indicted under his Severa alias as part of the case where Ralsky and several associates pleaded guilty to charges including wire fraud and mail fraud. Two years later, American authorities identified Levashov by name as the operator of the “Storm” botnet, a massive network of compromised, spamspewing computers.
In the Russian hacker community, Levashov’s profile was rising too. In online forums, he promoted the idea of collaborating with Russia’s spy services, according to Soldatov, the Russian intelligence expert, who said Levashov spearheaded an effort to knock out websites linked to Islamist insurgencies in southern Russia.