Cyber Security

U.S. Didn’t Just Arrest Election Hacker, Despite Russian Media Claims

Man arrested in Spain is only accused of being one of the world's most notorious spam kingpins

Cyber Security
Photo Illustration: R. A. Di Ieso
Apr 11, 2017 at 1:31 PM ET

A Russian man arrested in Spain, cited in Russian state media on Monday as involved in the hacks that clouded the 2016 U.S. presidential election, is actually only charged with running a massive spam operation.

Pyotr Levashov, long identified as one of the most notorious criminal spammers in the world, was vacationing in Barcelona when he was arrested. Soon after, a number of American news outlets, including ABC News and Buzzfeed, cited a bombshell claim reported by the Kremlin-funded news network Russia Today: that he’d somehow, according to his wife, created a program linked to Donald Trump winning the 2016 U.S. Presidential election.

But Levashov had nothing to do with those hacks, and his arrest is solely about his alleged spam and botnet activities, according to a U.S. official with knowledge of his case. That’s supported by the U.S. Department of Justice’s complaint against him. The temporary restraining order filed against him cites a fear that he will likely continue to commit two crimes if not arrested: wire fraud and computer fraud

If the election hacking accusation were true, it would help answer one of the most glaring questions in the history of cybercrime. The U.S. still hasn’t charged any individuals for a string of 2016 hacks that targeted the Democratic Party, including the Democratic National Committee, Democratic Congressional Campaign Committee, and the personal email account of Hillary Clinton campaign chair John Podesta.

Subsequent leaks of that hacked content, released through WikiLeaks and online personas like Guccifer 2.0 were clearly designed to hurt Clinton, though it’s unclear the extent to which it damaged her candidacy. The FBI, NSA, and CIA have all independently concluded the hacks were the result of a deliberate, sizable Kremlin operation to influence American voters to prefer Trump. Russian President Vladimir Putin and Trump himself, however, have countered the hacker could have been anybody.

The spam charges leveled against Levashov are still significant. He has long been identified as one of the world’s most notorious spam lords, specifically for his masterminding a strain of malware called Kelihos. Openly advertised on hacker forums — by Levashov himself, the U.S. said — Kelihos follows a familiar pattern. After it infects one Windows computer, it searches for the victim’s usernames and passwords, as well as friendly email addresses to contact to help spread the virus. This creates a botnet, or giant collection of compromised computers, which allows the person running Kelihos to quickly send hundreds of millions of spam emails promoting any business that pays for the service.

Levashov’s arrest hinges on two things going remarkably poorly for him. For one, it’s the first known instance of the use of so-called Rule 41, named after recent changes to the Federal Rules of Criminal Procedure, which expanded the FBI’s ability to get a warrant to hack into computers believed to be compromised by a botnet.

Second, Levashav would likely still be free had he not chosen to leave the safe space of Russia, which has no extradition treaty with the U.S., to Spain, which does. According to a DOJ memo, he’s been a target of U.S. law enforcement for more than a decade, and the FBI learned only a few weeks earlier he planned to travel to Spain, where he could be captured.