Connect with us

Hi, what are you looking for?



Russian Hacker Levashov Sentenced to Time Already Served

A Russian hacker known internationally as the “bot master” was sentenced Tuesday to the 33 months he has already served in custody on federal charges he operated a network of devices used to steal computer credentials, distribute spam and install malicious software.

A Russian hacker known internationally as the “bot master” was sentenced Tuesday to the 33 months he has already served in custody on federal charges he operated a network of devices used to steal computer credentials, distribute spam and install malicious software.

Peter Levashov, 40, pleaded guilty in 2018 to causing intentional damage to a protected computer, conspiracy, wire fraud and aggravated identity theft. Prosecutors said he operated several networks of hijacked computers, known as botnets, that were capable of pumping out billions of spam emails.

U.S. District Judge Robert Chatigny said he believes the financial harm caused by what began as a spamming scheme was overstated in a pre-sentencing report that recommended a sentence of at least 12 years. But the judge acknowledged that the crimes evolved into something serious and sophisticated.

“It goes without saying that somebody that builds and operates botnets, as you did, and profits from making them available for use by cybercriminals, should expect to be prosecuted and punished,” he said. “Because indeed this is significant criminal conduct that is harmful to the public.”

Prosecutors had asked for a sentence that was called for in the pre-sentencing report of between 12 and 14 1/2 years in prison.

The judge also ordered Levashov to serve three years of supervised release, during which his computer activity will me monitored. He deferred imposing a fine or restitution for 90 days until he could receive more information about Levashov’s financial situation.

In their written presentencing arguments, prosecutors said Levashov spent more than a decade controlling the botnets — including one that may have infected 200,000 computers — to harvest email addresses, logins and passwords from infected computers and also distributed malware and other malicious software.

“Levashov used those botnets to send billions of spam messages, messages which ranged in destructive potential from relatively harmless advertisements, to email messages used to conduct ‘pump and dump’ schemes, to email messages containing malicious links that spread malware such as viruses or ransomware,” Assistant U.S. Attorney Edward Chang wrote in his sentencing memoradum.

Advertisement. Scroll to continue reading.

Chang said Levashov, also known as “Peter Severa,” operated three of the most notorious botnets known to authorities — Storm Worm, Waledac, and Kelihos.

At its peak, Storm Worm reportedly sent 57 million email messages in a single day, prosecutors said. Waledac could send 1.5 billion spam messages per day and Kelihos was reportedly capable of sending 4 billion spam messages per day, he said.

Prosecutors said Levashov had also moderated online forums used to sell and trade stolen identities and credit card numbers.

Levashov was arrested in April 2017 while vacationing in Spain. His arrest was one of a series that targeted Russian cybercriminals outside their homeland, which has no extradition agreement with the United States.

Russian authorities fought his extradition, but Levashov was eventually transferred to the U.S. He was prosecuted in Connecticut because the FBI’s New Haven office investigated the case through its Connecticut Cyber Task Force and some of the hijacked computers were located in this state, authorities said.

Levashov has been out of prison on electronic monitoring since January 2020. Chatigny said his isolation away from his wife and young child during the pandemic was also a factor in the sentencing.

Levashov’s lawyer, Vadim Glozman, in arguing for the sentence of time served, said his client’s hacking was not complex enough to warrant a harsher sentence. He also referenced Levashov’s harsh life in Russia, which involved standing in bread lines, which he said led to a desire to take care of his family. He is humbled, apologetic and has suffered enormously already from his crimes in the years since his arrest, Glozman argued.

“Aside from the general weight of being under federal indictment, they have been spent locked up in two foreign countries, away from his family, where he does not know anyone, and spent in the midst of an unprecedented worldwide pandemic,” defense attorney Vadim Glozman wrote. “Put simply, these four-and-a-half years have felt like an eternity.”

Levashov, in a brief statement to the court, thanked his wife and his attorney, who he said nearly brought him to tears with the story of his life.

“I apologize if my activities hurt someone,” he said.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...