Spain Arrests Russian Thought to Be Kingpin of Computer Spam

Image result for Computer Spam

MOSCOW — He refused to meet business associates in person and never talked on the phone, preferring instead to communicate via encrypted messaging services. But the elaborate precautions taken by the Russian computer spam kingpin known as Peter Severa appear to have failed him.

Acting on an F.B.I. request, the police in Spain arrested a man this weekend named Peter Levashov, according to Russian news media reports and Reuters, citing a Russian Embassy spokesman in Madrid. Western cybersecurity researchers have identified Mr. Levashov as Peter Severa, though some doubt he is the same person.

The initial reports in Russian news media of Mr. Levashov’s arrest did not say if he was suspected by United States intelligence agencies of being involved in attempts by Russian government hackers to meddle in the 2016 American presidential election. The American intelligence agencies have said Russian hackers broke into the servers of the Democratic National Committee and the email of Hillary Clinton’s campaign chairman and released documents in an effort to sway the election toward Donald J. Trump.

But computer researchers who have linked the long-running computer spam business of the man known as Peter Severa to malware used in 2012 to influence a domestic election in Russia say his arrest could give other investigations important information.

Mr. Levashov was arrested in Barcelona, where he had been vacationing with his family, according to a report on RT, a state-owned Russian television network. The report cited his wife, who said the Spanish police had detained Mr. Levashov at the request of the American authorities.

A Justice Department spokesman, Peter Carr, said Sunday that “the U.S. case remains under seal, so we have no information to provide at this time.”

If law enforcement officials confirm Mr. Levashov is Peter Severa, his arrest could mark a significant break in prosecuting Russian spam and computer crime.

The Russian corner of the internet has a reputation as a repository of pornography and pirated content, and as a birthplace for global fraud schemes.

Spamhaus, a group that tracks spammers, has for years listed Peter Severa as among the top 10 perpetrators in the world, and has identified him as Mr. Levashov.

Brian Krebs, an American cybersecurity researcher, wrote in 2012 that Peter Severa could be another Russian man, Viktor Ivashov, and not Mr. Levashov.

The Russian name Peter Severa, which translates roughly as Peter of the North, could refer to Mr. Levashov’s hometown, St. Petersburg, or Peter North, an actor in pornographic films, in a reference to the online pornography businesses. Along with sending spam advertising, according to Spamhaus, Peter Severa worked with Alan Ralsky, an American spam operator who was convicted in the United States of fraud.

The Russian cybersecurity researchers Andrei Soldatov and Irina Borogan wrote in 2012 that participants in online Russian hacker forums were discussing whether Peter Severa had been recruited by the F.S.B., the successor to the K.G.B. The researchers said Peter Severa had been on closed chat sites trying to recruit underground hackers for a later abandoned effort by the Russian security services to crash Islamic extremist websites.

Peter Severa’s spam operation ran a sophisticated, evolving family of computer viruses called Waledac and later Kelihos, developed in part by a former military engineer also living in St. Petersburg named Andrei N. Sabelnikov, according to a 2012 American court filing by Microsoft.

The court filing and related forensic work on the Kelihos virus illustrated how criminal hacker tools are repurposed for political ends. The filing identified Mr. Sabelnikov as the designer of the Kelihos virus.

“People in this business don’t care where their money comes from,” Mr. Sabelnikov said last December in a telephone interview about the operators of the Kelihos virus, adding that he did not know who was behind it. He said code he had written for an antivirus company had been used without his knowledge. Mr. Sabelnikov settled with Microsoft and now lives in Bali.

The Kelihos virus, which had been devised to spread spam, was used during the Russian election in 2012 to send political messages to email accounts on computers with Russian I.P. addresses. The emails linked to fake news stories saying that Mikhail D. Prokhorov, the businessman running for president against Vladimir V. Putin, had come out as gay.

[“Source-nytimes”]