Spam Czar Nabbed in Spain May Have Link to Election Tampering

An alleged spam kingpin with possible ties to election meddling in the United States was arrested in Spain last week under a U.S. international warrant.

The alleged spam czar, Pyotr Levashov, was taken into custody in Barcelona while vacationing with his family, according to news reports.

Levashov was arrested for interfering with the 2016 U.S. presidential elections, the Russian news outlet RT reported, but a U.S. Justice Department official told Reuters the arrest was a criminal matter without any national security connections.

On its list of the world's top 10 worst spammers, Spamhaus, a spam-fighting group, ranks Levashov No. 7.

He allegedly partnered with convicted "pump and dump" stock scam specialist Alan Ralsky to carry out a wave of fake antivirus software scams. The two reportedly also ran the Waledac botnet that infected 70,000 to 90,000 PCs over several years and was capable of pushing out 1.5 billion spam messages a day.

"Levashov has been able to evade prosecution for at least 20 years," said Vitali Kremez, threat intelligence director at Flashpoint.

"From an email spam perspective, his arrest means we'll be seeing less incoming malicious email," he told TechNewsWorld.

Kelihos Clobbered

Meanwhile, the day after Levishov's arrest, the U.S. Justice Department announced it had taken down the Kelihos botnet, which is believed to be part of the Russian's spam empire.

"The operation announced today targeted an ongoing international scheme that was distributing hundreds of millions of fraudulent emails per year, intercepting the credentials to online and financial accounts belonging to thousands of Americans, and spreading ransomware throughout our networks," said Acting Assistant Attorney General Kenneth A. Blanco of the DoJ's Criminal Division.

"The ability of botnets like Kelihos to be weaponized quickly for vast and varied types of harms is a dangerous and deep threat to all Americans, driving at the core of how we communicate, network, earn a living, and live our everyday lives," he continued.

"Our success in disrupting the Kelihos botnet was the result of strong cooperation between private industry experts and law enforcement, and the use of innovative legal and technical tactics," Blanco said.

Among the new legal tactics used by the bot busters was a new kind of warrant authorized by recent amendments to the Rules of Federal Criminal Procedure that allows law enforcement to redirect Kelihos-infected computers to a substitute server, and to record the Internet Protocol addresses of those computers as they connect to the server.

Those IP addresses can be used to provide assistance to people whose computers have been infected with the malware.

Rent a Botnet

Taking down Kelihos should disrupt the spam ecosystem, noted Keith Jarvis, a senior security researcher at Dell's SecureWorks.

"It was one of the larger, more active botnets out there," he told TechNewsWorld, "and it was one for rent."

Levashov made more money renting out his botnets than he did spewing spam from them, according to investigative journalist Brian Krebs.

For US$200, vetted users could hire one of Levashov's botnets to send 1 million pieces of spam, Krebs noted. Auction and employment scams cost $300 per million, and phishing emails designed to capture usernames and passwords cost $500 per million.

"That's why we saw a wide variety of spam over Kelihos over the years, but we should see smaller volumes of spam in in-boxes for the foreseeable future," SecureWorks' Jarvis said.

Election Meddling

Though a connection to the U.S. elections has not been established, Kelihos does have a known election connection.

The botnet was used in the 2012 Russian elections to send spam containing links to fake news stories saying Mikhail Prokhorov, a businessman who was running for president against Vladimir Putin, had come out as gay, according to The New York Times.

"There isn't much public source information on the technical aspects of the Russian attacks on the DNC, so it's hard to tell if spamming, one of Levashov's specialties, was a technique used by the hackers," observed Leo Taddeo, chief security officer for Cryptzone and a former FBI special agent.

"What we do know from the indictments issued last month against the Yahoo hackers is that Russian intelligence officers protected, directed, facilitated and paid criminal hackers to collect information through computer intrusions in the U.S. and elsewhere," he told TechNewsWorld. "This means we can't rule it out."

It's more than a possibility -- it's very likely to be true, maintained Avivah Litan, a security analyst with Gartner.

"The guys conducting cybercrime are the same guys that meddled in the elections," she told TechNewsWorld. "They're using the same infrastructure."