Alleged Russian spammer Peter Levashov arrested in Spain

Alleged Russian spammer Peter Levashov was arrested on Friday at the request of U.S. authorities while vacationing with his family in Barcelona.

Interested in Russia Investigation?

Add Russia Investigation as an interest to stay up to date on the latest Russia Investigation news, video, and analysis from ABC News.
Add Interest

Levashov, who officials say goes by the alias "Peter Severa," is considered one of the world's most notorious spammers, currently ranking seventh on The Spamhaus Project's list of the world's worst spammers and spam gangs.

"Last week, if you looked in your spam folder, you likely saw something from him," said John Bambenek, manager of threat system at Fidelis Cybersecurity, who has been tracking Levashov for many years. "He was a service provider to other criminals."

The criminal case remains under seal as Levashov awaits possible extradition to the U.S., so the Justice Department declined to provide any additional details to ABC News, but on Monday the Department of Justice revealed a related operation to "disrupt and dismantle" the Kelihos botnet, a vast network of malware-infected computers Levashov allegedly used to harvest login credentials, generate spam emails and defraud his victims.

According to an unsealed civil complaint, Levashov, 36, has operated the Kelihos botnet since approximately 2010, and stands accused of wire fraud and unauthorized interception of electronic communication as he used malware to enlist hundreds of thousands of computers around the world into a scheme that likely made him a millionaire.

“The operation announced today targeted an ongoing international scheme that was distributing hundreds of millions of fraudulent e-mails per year, intercepting the credentials to online and financial accounts belonging to thousands of Americans, and spreading ransomware throughout our networks," said Acting Assistant Attorney General Kenneth A. Blanco of the Justice Department’s Criminal Division on Monday. "The ability of botnets like Kelihos to be weaponized quickly for vast and varied types of harms is a dangerous and deep threat to all Americans, driving at the core of how we communicate, network, earn a living, and live our everyday lives.”

The complaint describes the Kelihos botnet as a particularly "sophisticated" form of malware. According to court documents, Levashov first searched text files and intercepted network traffic to capture large quantities of usernames and passwords, then either used that network of hacked accounts to distribute spam directly or sold the ability to do so to a third party via online marketplaces.

According to the Justice Department, the riskier the scam, the higher the price -- $200 per million spam messages hawking products (such as pornography, mortgages or pills), $300 per million spam messages advertising dirty jobs (such as "mules" to launder money or transport stolen goods), $500 per million spam messages spreading "scam/phishing attacks" (such as ransomware, which encrypts a victim's computer and demands ransom to unlock it). He was particularly adept, the complaint alleges, at so-called "pump-and-dump" schemes, sending large quantities of emails to drive up the values of penny stocks and taking a commission on their eventual sale.

Following his arrest, Levashov's wife, Maria, told Russian state media that his arrest was connected to the FBI's ongoing investigation into potential Russian interference in the 2016 presidential elections.

“I asked for a warrant or some papers, they said they showed them to my husband,” Maria told RT. “With my husband, I talked in the commissariat by phone. He said that he was shown some piece of paper in Spanish without a seal and his photo in poor quality. Something was said about the fact that the virus my husband allegedly created was related to [Donald] Trump’s victory in the elections.”

Experts told ABC News, however, that claim is a dubious one.

"In the past he has indicated in underground forums that he has done some work with the Russian government from time to time," Bambenek said. "Whether that's bluster or reality, I don't know, but his long-running persona and methods don't seem to align with attempts to influence the voting public leading up to the election last year."

Adam Meyer, vice president of intelligence at CrowdStrike, a cybersecurity firm that assisted the FBI in taking down the Kelihos botnet, agreed that Levashov’s primary motivation wasn’t politics.

"He was a criminal kingpin, with scams going back 10 years," Meyer said. "Is there potential for other elements? Sure, but from our perspective, he was about profit."