Spain arrests Russian believed to be spam kingpin

Spain arrests Russian believed to be spam kingpin
© Getty Images

Law enforcement officials in Spain have arrested a Russian computer programmer who has been identified by some experts as an infamous spam kingpin. 

Pyotr Levashov was arrested in Barcelona, a spokesman for the Russian embassy in Spain confirmed over the weekend, according to Reuters.

Levashov, who authorities say is also known as Peter Severa, is accused of using malware to create a global network of hijacked computers called "Kelihos" that he used to send spam email messages. Those spam messages may have been criminal in their own right, including "pump and dump" stock market schemes. He is also accused of stealing credentials to financial accounts.

Those hijacked computer networks, called botnets, can be used in a variety of other types of attacks.

"The ability of botnets like Kelihos to be weaponized quickly for vast and varied types of harms is a dangerous and deep threat to all Americans, driving at the core of how we communicate, network, earn a living, and live our everyday lives,” said Acting Assistant Attorney General Kenneth Blanco in a statement Monday.

A Department of Justice press release said authorities had "disrupt[ed] and dismantle[d]" Kelihos.


Some cybersecurity researchers had previously identified Levashov as Peter Severa, an infamous Russian computer spam kingpin. Severa or Levashov is listed at No. 7 on a list of the “worst spammers” globally maintained by the Spamhaus Project, a threat intelligence organization. 

“Severa was the moderator for the spam subsection of multiple online communities, and in this role served as the virtual linchpin connecting virus writers with huge spam networks — including some that Severa allegedly created and sold himself,” U.S. cybersecurity reporter Brian Krebs wrote on Monday. Krebs is the author of Spam Nation, a book about the Russian cybercrime industry's one-time dependence on spam.

Severa is believed to have worked with Alan Ralsky, an American spammer who claimed to be the “godfather of spam” and who was arrested and sentenced to four years in federal prison in 2009 for his role in an email scam scheme. 

The search warrant issued to locate Kelihos-infected computers was issued under controversial recent amendments to the federal government's rules of criminal procedure. The changes, which took effect last year, allow authorities to receive bulk warrants for large networks of computers - such as Kelihos - without knowing the jurisdiction the computers are in. 

Earlier reports, based on reporting from Russian state-run television network RT, alleged Levashov may have been arrested for charges relating to U.S. election hacking. The RT story came out before the DOJ statement to the press, which makes no mention of those allegations.

Levashov had long been connected to the spam operations.

He was arrested in Barcelona reportedly while vacationing with his family.

This post was updated at 4:35 p.m.