Rus­sian man wanted by US al­leged to be pro­lific spam mas­ter

The Sentinel-Record - - HOT SPRINGS/FYI - RAPHAEL SATTER AND HOWARD AMOS

MOSCOW — From the early days of on­line stock scams to the in­creas­ingly so­phis­ti­cated world of bot­nets, pseudony­mous hacker Peter Sev­era spent nearly two decades at the fore­front of Rus­sian cy­ber­crime.

Now that a man al­leged to be the pi­o­neer­ing spam lord, Py­tor Levashov, is in Span­ish cus­tody await­ing ex­tra­di­tion to the U.S., friends and foes alike are de­scrib­ing the 36-year-old as an am­bi­tious op­er­a­tor who helped make the in­ter­net un­der­ground what it is to­day.

“Levashov is a pi­o­neer who started his ca­reer when cy­ber­crime as we know it to­day did not even ex­ist,” said Till­mann Werner, the head of tech­ni­cal anal­y­sis at U.S. cy­ber­se­cu­rity com­pany CrowdStrike.

“He has sig­nif­i­cantly con­trib­uted to the pro­fes­sion­al­iza­tion of cy­ber­crime,” said Werner, who has tracked the al­leged hacker for years. “There are only very few known crim­i­nals that had a sim­i­lar level of in­flu­ence and rep­u­ta­tion.”

Born in 1980, Levashov stud­ied at High School No. 30 , one of the first schools in the Soviet Union to spe­cial­ize in com­puter pro­gram­ming. Even at a com­pet­i­tive in­sti­tu­tion whose alumni went on to univer­si­ties and Sil­i­con Val­ley firms, Levashov stood out.

“He did have an en­tre­pre­neur­ial streak for sure,” for­mer class­mate Artem Gavrilov said. “He was a leader in school, tried to prove to ev­ery­one that he was the best.”

Levashov grad­u­ated in 1997, ac­cord­ing to an en­try pub­lished to an alumni web­site, list­ing his pro­fes­sion as “web­smith” and “pro­gram­mer.” Within a cou­ple of years he had grav­i­tated to­ward the bur­geon­ing field of email spam, ac­cord­ing to an ad at­trib­uted to him in U.S. court doc­u­ments.

With much of the world still just dis­cov­er­ing the in­ter­net and few re­stric­tions on the mass dis­tri­bu­tion of email, spam­mers more or less op­er­ated openly, blast­ing in­boxes with pitches for Vi­a­gra knock-offs, on­line gam­bling and pornog­ra­phy in re­turn for a flat fee or a cut of the pro­ceeds.

In­ter­net reg­istry records pre­served by Do­mainTools sug­gest Levashov launched a bulk mail­ing web­site called e-mail­promo.com in Au­gust 2002 un­der his real name. Early mar­ket­ing ma­te­rial for the site boasts of “Bul­let Proof Web Host­ing,” a term used to de­scribe providers that shrug off law en­force­ment re­quests.

The ser­vice would come in handy as the spam busi­ness be­came in­creas­ingly crim­i­nal­ized. With laws tight­en­ing and dig­i­tal black­lists get­ting bet­ter, spam­mers re­sorted to hack­ing to get their mail across, us­ing ma­li­cious soft­ware to turn strangers’ per­sonal com­put­ers into “prox­ies” — a eu­phemism for re­mote-con­trolled con­duits for junk mail. Hack­ers herded the prox­ies into vast bot­nets, armies of com­pro­mised ma­chines that silently churned out spam day and night.

Court doc­u­ments sug­gest that Levashov teamed up in 2005 with Alan Ral­sky, a leg­endary bulk email baron once dubbed the “King of Spam.” More than a decade later, Ral­sky still raved about the hacker’s skills.

“No doubt he was the best there ever was,” Ral­sky said in a tele­phone in­ter­view.

It was with Ral­sky that Levashov is al­leged to have plunged into the world of the “pump-and-dump,” a scheme that worked by send­ing mil­lions of emails talk­ing up the value of thinly traded se­cu­ri­ties be­fore sell­ing them at a profit and leav­ing gullible in­vestors to soak up the loss.

Ral­sky, Levashov and sev­eral as­so­ciates were in­dicted for fraud in 2007; Ral­sky went to prison while Levashov — safe in Rus­sia — avoided ar­rest.

By that point, Levashov was cy­ber­crime no­bil­ity in his own right. He pro­moted the idea of team­ing hack­ers up with Rus­sian au­thor­i­ties, spear­head­ing ef­forts to knock out anti-govern­ment web­sites, ac­cord­ing to An­drei Solda­tov, an ex­pert on Rus­sia’s in­tel­li­gence ser­vices.

At the same time, he was al­legedly run­ning a fo­rum for spam­mers as well as the mas­sive Storm bot­net, whose so­phis­ti­ca­tion drew global at­ten­tion.

“There were spam bot­nets, cer­tainly, be­fore Storm, but it took things to a next level,” Joe Ste­wart, a se­cu­rity re­searcher with cy­berde­fense startup Cym­me­tria who grap­pled with Storm at its height, said.

Clever use of peer-to-peer tech­nol­ogy and a fast-shift­ing dig­i­tal in­fra­struc­ture meant Storm could be re­gen­er­ated quickly if part of its net­work was blocked. Re­spected se­cu­rity ex­pert Bruce Sch­neier mar­veled at its en­gi­neer­ing, writ­ing in 2007 that Storm was “the fu­ture of mal­ware.”

Storm didn’t go on for­ever, but two suc­ces­sor bot­nets — Waledec and Keli­hos — have since been tied to Levashov. In­dict­ments un­sealed this year ac­cuse the Rus­sian of rent­ing out Keli­hos at $500 per mil­lion emails to send spam or to seed com­put­ers with ran­som soft­ware or money-drain­ing bank­ing pro­grams.

One of the in­dict­ments, which cited a Jan­uary ad posted to a Rus­sian cy­ber­crime fo­rum, ap­peared to catch Levashov boast­ing of his dis­tin­guished record.

“I have been serv­ing you since the dis­tant year 1999,” the ad said. “Dur­ing these years there has not been a sin­gle day that I keep still.”

That’s likely to change. Levashov’s Span­ish lawyer, Mar­garita Repina, re­cently told The As­so­ci­ated Press that her client’s ex­tra­di­tion to the United States was all but cer­tain.

Levashov’s wife, Maria, was more hope­ful. She has force­fully pro­claimed her hus­band’s in­no­cence, say­ing he was more of a busi­ness­man than a pro­gram­mer and that when­ever she caught him at the com­puter he was play­ing video games.

“I be­lieve it will be found that this is all a mis­take,” she said.

Then again, in re­sponse to a ques­tion about Levashov’s links to the Rus­sian govern­ment, she said: “I’m not a wife who knows every­thing about her hus­band.”

The As­so­ci­ated Press

HACKER: This July 24 pho­to­graph shows an archived ver­sion of two Rus­sian anti-ter­ror­ism web­sites. The now-de­funct web­sites were the brain­child of al­leged hacker Py­otr Levashov ac­cord­ing to An­drei Solda­tov, an ex­pert on the Rus­sian se­cu­rity ser­vices. The U.S. has or­ches­trated the ar­rest of five al­leged Rus­sian cy­ber­crim­i­nals across Europe in the past nine months. The op­er­a­tions come at a fraught mo­ment in re­la­tions be­tween Rus­sia and the U.S., where politi­cians are grap­pling with the al­le­ga­tion that Krem­lin hack­ers in­ter­vened in the 2016 elec­tion.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.