Cybercriminal escapes more prison time for massive, global computer crimes
Federal judge in Hartford sentences Levashov to 33 months
For more than a decade, notorious Russian cybercriminal Peter Levashov eluded U.S. authorities and got rich by compromising tens of thousands of computers worldwide and harnessing them together to stuff inboxes with as many as 4 billion spam messages a day, while stealing secret data and spewing malicious programming.
His reign as one of the internet’s most pernicious spammers crashed in 2017 when the FBI captured him on an exceedingly rare trip outside Russia. On Tuesday, he was sentenced to 33 months — the time he was held after his arrest — in U.S. District Court in Hartford for a variety of cybercrimes in Connecticut and almost everywhere else in the country.
Over about 15 years, federal authorities and others said Levashov developed a succession of three, massive “botnets,” networks of tens of thousands — at times even hundreds of thousands — of compromised computers that, unknown to the computer owners, he loaded with malware that gave him control.
He used the networks to deliver spam, materials such as counterfeit pharmaceuticals, or he rented the networks to other criminals who used them to launch billions of spam messages ranging in destructive potential from identity theft to stock manipulation conspiracies to the delivery of email with malicious links that spread malware such as viruses or ransomware.
The sentence of time served by U.S. District Judge Robert N. Chatigny was unexpected. Federal prosecutors asked in legal papers for a sentence of from 12 to 14 years, but didn’t press for a lengthy sentence in court. Levashov’s lawyer, Vadim Glozman of Chicago, argued for time served and said in one of his legal filings that the government had agreed to a 7-year sentence.
The defense and prosecution claimed it is difficult to determine how much Levashov profited by his botnets and how much his victims lost. At the time of Levashov’s arrest, the last of his three illegal networks, the Kelihos botnet, infected at least 50,000 computers. Both sides agreed it could cost as much $149 per computer to remove the Kelihos virus from each infected computer. They also agreed his profit from the Kelihos botnet was at least $3.5 million.
Levashov’s plea bargain agreement with the government requires him to forfeit whatever funds he has in a Webmoney Account, but it doesn’t reveal what is in the account.
When Chatigny asked for a statement of Levashov’s finances in order to determine a fine, or orders for forfeiture or restitution, any one of which could amount to millions of dollars, the defense and government lawyers said there had been no financial accounting and the explanation was the subject of off-the-record discussion. Chatigny deferred a decision on financial penalties for 90 days.
Negotiation of financial penalties are often the result of cooperation with federal prosecutors. Levashov has cooperated, at least to a limited degree. He testified at the trial last month of another Russian national who was accused of providing encryption services for malicious messaging delivered over the most recent botnet. Levashov’s testimony provided detailed information about development of the programming.
There have been indications that Levashov was known to and may have been protected by the Russian government during a period when critics in Washington accused the Russian leadership of allowing cybercriminals to meddle in U.S. politics and disrupt businesses. FBI cyber investigators had been following Levashov’s activities and trying to arrest him since at least 2007, but were blocked by Russian authorities.
FBI agents were not able to arrest Levashov until 2017 when he took his wife and son on a vacation to Madrid. Spain, by treaty with the U.S., approved his extradition to the U.S. and prosecution in New Haven.
Chatigny said he was imposing a relatively lenient sentence for a variety of reasons, one of which was Levashov’s prompt acceptance of responsibility for his crimes. But there was no mention of cooperation or providing information to the FBI during the two-hour sentencing hearing that was broadcast across the internet Tuesday.
The judge also said viewed Levashov as mostly a spammer and that the crimes with which he was charged exaggerated his offenses.
Assistant U.S. Attorney Edward Cheng said in court that Levashov’s networks wreaked massive havoc, mostly in the U.S. through fraud and schemes such as denial of service attacks. But he said Levashov started out as a spammer and his roll in the hierarchy of cyber crime was providing means to other criminals.
“He wasn’t actually breaking into a computer,” Cheng said. “He was buying access to computers that were already compromised. He was paying people for access to compromised computers and loading malware into them.”