A Russian hacker known internationally as the “bot master” was sentenced Tuesday to the 33 months he has already served in custody on federal charges he operated a network of devices used to steal computer credentials, distribute spam and install malicious software.
Peter Levashov, 40, pleaded guilty in 2018 to causing intentional damage to a protected computer, conspiracy, wire fraud and aggravated identity theft. Prosecutors said he operated several networks of hijacked computers, known as botnets, that were capable of pumping out billions of spam emails.
U.S. District Judge Robert Chatigny said he believes the financial harm caused by what began as a spamming scheme was overstated in a pre-sentencing report that recommended a sentence of at least 12 years. But the judge acknowledged that the crimes evolved into something serious and sophisticated.
“It goes without saying that somebody that builds and operates botnets, as you did, and profits from making them available for use by cybercriminals, should expect to be prosecuted and punished,” he said. “Because indeed this is significant criminal conduct that is harmful to the public.”
Prosecutors had asked for a sentence that was called for in the pre-sentencing report of between 12 and 14 1/2 years in prison.
The judge also ordered Levashov to serve three years of supervised release, during which his computer activity will me monitored. He deferred imposing a fine or restitution for 90 days until he could receive more information about Levashov’s financial situation.
In their written presentencing arguments, prosecutors said Levashov spent more than a decade controlling the botnets — including one that may have infected 200,000 computers — to harvest email addresses, logins and passwords from infected computers and also distributed malware and other malicious software.
“Levashov used those botnets to send billions of spam messages, messages which ranged in destructive potential from relatively harmless advertisements, to email messages used to conduct ‘pump and dump’ schemes, to email messages containing malicious links that spread malware such as viruses or ransomware,” Assistant U.S. Attorney Edward Chang wrote in his sentencing memoradum.
Chang said Levashov, also known as “Peter Severa,” operated three of the most notorious botnets known to authorities — Storm Worm, Waledac, and Kelihos.
At its peak, Storm Worm reportedly sent 57 million email messages in a single day, prosecutors said. Waledac could send 1.5 billion spam messages per day and Kelihos was reportedly capable of sending 4 billion spam messages per day, he said.
Prosecutors said Levashov had also moderated online forums used to sell and trade stolen identities and credit card numbers.
Levashov was arrested in April 2017 while vacationing in Spain. His arrest was one of a series that targeted Russian cybercriminals outside their homeland, which has no extradition agreement with the United States.
Russian authorities fought his extradition, but Levashov was eventually transferred to the U.S. He was prosecuted in Connecticut because the FBI’s New Haven office investigated the case through its Connecticut Cyber Task Force and some of the hijacked computers were located in this state, authorities said.
Levashov has been out of prison on electronic monitoring since January 2020. Chatigny said his isolation away from his wife and young child during the pandemic was also a factor in the sentencing.
Levashov’s lawyer, Vadim Glozman, in arguing for the sentence of time served, said his client’s hacking was not complex enough to warrant a harsher sentence. He also referenced Levashov’s harsh life in Russia, which involved standing in bread lines, which he said led to a desire to take care of his family. He is humbled, apologetic and has suffered enormously already from his crimes in the years since his arrest, Glozman argued.
“Aside from the general weight of being under federal indictment, they have been spent locked up in two foreign countries, away from his family, where he does not know anyone, and spent in the midst of an unprecedented worldwide pandemic,” defense attorney Vadim Glozman wrote. “Put simply, these four-and-a-half years have felt like an eternity.”
Levashov, in a brief statement to the court, thanked his wife and his attorney, who he said nearly brought him to tears with the story of his life.
“I apologize if my activities hurt someone,” he said.
