Petr Levashov, Alleged Operator of Kelihos Botnet Extradited
February 5, 2018
A Russian national has been extradited from Spain and will be
arraigned later today in Connecticut on charges stemming from
his alleged operation of the Kelihos botnet – a global network
of tens of thousands of infected computers, which he allegedly
used to facilitate malicious activities including harvesting
login credentials, distributing bulk spam e-mails, and
installing ransomware and other malicious software.
Acting Assistant Attorney General John P. Cronan of the Justice
Department’s Criminal Division, U.S. Attorney John H. Durham of
the District of Connecticut and Special Agent in Charge Patricia
M. Ferrick of the FBI’s New Haven Division made the
Peter Yuryevich Levashov, 37, also known as Petr Levashov, Peter
Severa, Petr Severa and Sergey Astakhov, of St. Petersburg,
Russia, has been detained since April 7, 2017, in Spain when he
was arrested by Spanish authorities based upon a criminal
complaint and arrest warrant issued in the District of
Levashov is scheduled to be arraigned before U.S. Magistrate
Judge Holly B. Fitzsimmons in Bridgeport, Connecticut.
“Levashov is alleged to have controlled and operated the Kelihos
botnet which was used to distribute hundreds of millions of
fraudulent e-mails per year, intercept credentials to online and
financial accounts belonging to thousands of Americans, and
spread ransomware throughout our networks,” said Acting
Assistant Attorney General Cronan. “Today’s action, as well as
the disruption of the Kelihos botnet in April 2017, demonstrates
the Department’s steadfast commitment to working with our
international law enforcement partners to identify
cybercriminals and hold them accountable for their conduct.”
“It is alleged that, for years, Mr. Levashov profited handsomely
by controlling a botnet that infected computers and affected
computer users all over the world,” said U.S. Attorney Durham.
“Thanks to the excellent work of the FBI, with the assistance of
our law enforcement partners in Spain, he was identified and
apprehended, and will now face justice.”
“As a result of a sophisticated and complex computer intrusion
investigation, the FBI, working with national and international
law enforcement partners, have now brought to justice an
individual who, we allege, has been responsible for the theft of
personal information and distribution of SPAM and malware
through his operation of the Kelihos botnet,” said FBI Special
Agent in Charge Ferrick.
As alleged in an eight count-indictment, a “botnet” is a network
of computers infected with a malicious software that allows a
third party to control the entire computer network without the
knowledge or consent of the computer owners. Levashov allegedly
controlled and operated the Kelihos botnet to, among other
things, harvest personal information and means of identification
(including email addresses, usernames and logins, and passwords)
from infected computers. To further the scheme, Levashov
allegedly disseminated spam and distributed other malware – such
as banking Trojans and ransomware, and advertised the Kelihos
botnet spam and malware services to others for purchase in order
to enrich himself.
The indictment further alleges that during any 24-hour period,
the Kelihos botnet was used to generate and distribute more than
2,500 unsolicited spam e-mails that advertised various criminal
schemes, including deceptively promoting stocks in order to
fraudulently increase their price (so-called “pump-and-dump”
stock fraud schemes).
On April 10, 2017, the Justice Department announced that it had
taken action to dismantle the Kelihos botnet.
April 20, 2017, a grand jury in Bridgeport returned an
indictment charging Levashov with one count of causing
intentional damage to a protected computer, one count of
conspiracy, one count of accessing protected computers in
furtherance of fraud, one count of wire fraud, one count of
threatening to damage a protected computer, two counts of fraud
in connection with email and one count of aggravated identity
An indictment is merely an allegation, and a defendant is
presumed innocent unless and until proven guilty beyond a
reasonable doubt in a court of law.
This matter is assigned to U.S. District Judge Robert N.
Chatigny in Hartford.
The FBI’s New Haven Division and Anchorage Division are
investigating the case, with the assistance from the Spanish
National Police and the U.S. Marshals Service. Assistant U.S.
Attorneys Vanessa Richards and David Huang of the District of
Connecticut, with the assistance from Senior Trial Attorney
Anthony Teelucksingh of the Criminal Division’s Computer Crime
and Intellectual Property Section are prosecuting the case. The
Criminal Division’s Office of International Affairs handled the
extradition in this matter. The U.S. Marshals Service assisted