Russian National Who Operated Kelihos Botnet Pleads Guilty to Fraud, Conspiracy, Computer Crime and Identity Theft Offenses

Peter Yuryevich Levashov, aka “Petr Levashov,” “Peter Severa,” “Petr Severa” and “Sergey Astakhov,” 38, of St. Petersburg, Russia, pleaded guilty today in U.S. District Court in Hartford, Connecticut, to offenses stemming from his operation of the Kelihos botnet, which he used to facilitate malicious activities including harvesting login credentials, distributing bulk spam e-mails, and installing ransomware and other malicious software.

Assistant Attorney General Brian A. Benczkowski of the Justice Department’s Criminal Division, U.S. Attorney John H. Durham of the District of Connecticut and Special Agent in Charge Brain C. Turner of the FBI’s New Haven Division made the announcement.

“For over two decades, Peter Levashov operated botnets which enabled him to harvest personal information from infected computers, disseminate spam, and distribute malware used to facilitate multiple scams,” said Assistant Attorney General Benczkowski. “We are grateful to Spanish authorities for his previous arrest and extradition.  Today’s guilty plea demonstrates that the Department will collaborate with our international law enforcement partners to bring cybercriminals to justice, wherever they may be.”

“Mr. Levashov used the Kelihos botnet to distribute thousands of spam e-mails, harvest login credentials, and install malicious software on computers around the world,” said U.S. Attorney Durham.  “He also participated in online forums on which stolen identities, credit card information and cybercrime tools were traded and sold.  For years, Mr. Levashov lived quite comfortably while his criminal behavior disrupted the lives of thousands of computer users.  Thanks to the collaborative work of the FBI and our partners in law enforcement, private industry and academia, a prolific cybercriminal has been neutralized, and has now admitted his guilt in a U.S. courtroom.”

“Today justice has finally arrived for Peter Levashov, who is perhaps better known in the cyber community by his online identity, Peter Severa,” said FBI Special Agent in Charge Turner.  “The FBI’s New Haven Division has been engaged in a multiyear investigation of Levashov, with evidence gathered from a number of countries around the world.   Today’s guilty plea should serve as an unequivocal reminder to all those who use the internet for illicit purposes:  The FBI will pursue you regardless of what country you live in and the length of time it might take to secure your eventual arrest.  As we move forward, no cyber criminal should rest easy.  The men and women of the FBI’s New Haven Division, along with the members of our Cyber Task Force and our many other federal, state, local, and tribal partners across the state, will continue to employ the same dedication and hard work, which made this effort such a success, to the continued protection of the citizens of Connecticut and the nation as a whole.”

According to court documents and statements made in court, a botnet is a network of computers infected with malicious software that allows a third party to control the entire computer network without the knowledge or consent of the computer owners.  Since the late 1990s until his arrest in April 2017, Levashov controlled and operated multiple botnets, including the Storm, Waledac and Kelihos botnets, to harvest personal information and means of identification (including email addresses, usernames and logins, and passwords) from infected computers.  To further the scheme, Levashov disseminated spam and distributed other malware, such as banking Trojans and ransomware, and advertised the Kelihos botnet spam and malware services to others for purchase in order to enrich himself.  Over the course of his criminal career, Levashov participated in and moderated various online criminal forums on which stolen identities and credit cards, malware and other criminal tools of cybercrime were traded and sold.

Spanish authorities arrested Levashov in Barcelona on April 7, 2017, based upon a criminal complaint and arrest warrant issued in the District of Connecticut.  At the time of Levashov’s arrest, Kelihos infected at least 50,000 computers.

On April 10, 2017, the Justice Department announced that it had taken action to dismantle the Kelihos botnet.

On April 20, 2017, a grand jury in the District of Connecticut returned an indictment charging Levashov with multiple offenses related to this scheme.  Levashov was extradited to the United States in February.

Levashov pleaded guilty before U.S. District Judge Robert N. Chatigny to one count of causing intentional damage to a protected computer, one count of conspiracy, one count of wire fraud and one count of aggravated identity theft.

Judge Chatigny scheduled sentencing for Sept. 6, 2019.  Levashov is detained pending sentencing.

The FBI’s New Haven Division and Anchorage Division are investigating the case, with the assistance from the Spanish National Police.  Assistant U.S. Attorneys Vanessa Richards and David Huang of the District of Connecticut and Senior Trial Attorney Anthony Teelucksingh of the Criminal Division’s Computer Crime and Intellectual Property Section are prosecuting the case.  The Criminal Division’s Office of International Affairs handled the extradition in this matter, with assistance from the U.S. Marshals Service.  The University of Alabama at Birmingham, ThreatStop, SpamHaus, Cisco, Cambridge University, and Cloudmark also provided invaluable assistance in the investigation and prosecution of Mr. Levashov.