Russian Spam King's Plea May Suggest Cooperation With U.S.

(Bloomberg) -- U.S. prosecutors secured a guilty plea from a Russian who is accused of commandeering a network of 100,000 or more breached computers, the second major victory in the space of a week in their pursuit of international hacking.

The guilty plea suggests prosecutors may consider the Russian, Peter Levashov, a useful guide to a broader world of cybercrime. He isn’t scheduled to be sentenced for almost a year, the sort of delay that often suggests a detainee may be cooperating with prosecutors to gain a lighter sentence.

However, in a phone interview, Levashov’s attorney, Vadim Glozman, said his client isn’t cooperating. The distant sentencing date was set at Glozman’s request and could still be moved forward, he said.

Levashov, who was extradited earlier this year from Spain, was accused of stealing users’ personal information and passwords in an effort to remotely control computers that made up his so-called Kelihos botnet. He pleaded guilty in Hartford, Connecticut, on Wednesday to four counts, related to allegations that he distributed spam emails advertising fake drugs, pump-and-dump stock schemes and other frauds.

There are suggestions that Levashov, 38, may have more to offer beyond the crimes he’s admitted. The U.S. pursued Levashov, who’s also known as Peter Severa, for more than a decade before he was detained in Spain in April 2017. Arguing against his extradition, Levashov claimed he wouldn’t get a fair trial in the U.S. considering his history: He said he was a military officer who worked for a decade for the ruling party of Russian President Vladimir Putin, collecting information on opposition parties, RIA Novosti reported at the time. The party’s press office called Levashov’s claim “nonsense."

Thomas Carson, a spokesman for U.S. Attorney John Durham, declined to comment on any possible cooperation agreement.

Levashov made the plea deal in order to be able to return to his family as soon as possible, Glozman said. The original sentencing date was in November but Glozman requested a postponement because the defense is “still in dispute with the government regarding several aspects of the sentencing, including restitution,” he said. The defense is considering bringing family members and “some character witnesses” to the sentencing, he added.

Two Decades

Among those announcing Levashov’s plea in a news release was senior Justice Department official Brian Benczkowski, who oversees the department’s Criminal Division in Washington. Benczkowski said Levashov has operated criminal botnets for more than two decades.

“Today’s guilty plea demonstrates that the department will collaborate with our international law enforcement partners to bring cybercriminals to justice, wherever they may be,” Benczkowski said in the release.

Another breakthrough for U.S. prosecutors came last week, with the announcement that they’d gained custody of a Russian they’d chased for years, Andrei Tyurin. Federal prosecutors in Manhattan said Tyurin was the hacking brains behind attacks several years ago on U.S. financial and information firms, which included JPMorgan Chase & Co., Fidelity Investments, Dow Jones & Co., E*Trade Financial Corp. Tyurin was extradited from the republic of Georgia on Sept. 7 and pleaded not guilty in Manhattan that afternoon.

Yevgeny Nikulin, a Russian who is accused of a hack of LinkedIn and Dropbox, awaits trial in San Francisco after being extradited from the Czech Republic.

Greece’s Supreme Court is hearing arguments over competing claims to extradite another Russian, Alexander Vinnik, to the U.S., France or Russia. U.S. prosecutors allege that Vinnik oversaw a bitcoin exchange that was used to launder criminal proceeds -- and which a cybersleuthing firm says was used by Russian government hackers accused of stealing Democrats’ emails.

Spate of Extraditions

Given the spate of extraditions, some of the accused men could feel pressure to make a deal with authorities, lest they lose leverage if others emerge offering similar information.

“Every single case that’s led to indictment or extradition has occurred because of some level of cooperation from an informant who was also once indicted or extradited,” said Arkady Bukh, a leading attorney for eastern European hackers in the U.S., who declined to comment on the details the Levashov matter. Bukh represents Nikulin, who’s charged in San Francisco, and Gery Shalon, who is accused of masterminding the hack of JPMorgan Chase & Co. and other financial firms.

“Cooperation is rarely verbal, but you’ll have these detained hackers in the lab with federal agents helping them dig up and mine for data and evidence to bring down others. This happens when they see a weakness in their own case,” Bukh said.

Levashov, who is from St. Petersburg, pleaded guilty to causing intentional damage to a personal computer, conspiracy, wire fraud and aggravated identity theft, Connecticut U.S. Attorney Durham said in a statement. He’s being held in jail ahead of his sentencing on Sept. 6, 2019.

©2018 Bloomberg L.P.