Feds in Alaska take down global cybercriminal operation run by notorious Russian spammer

Published: Apr. 11, 2017 at 9:20 PM AKDT
Email This Link
Share on Pinterest
Share on LinkedIn

A cyber criminal operation on a global scale was disrupted, in part, by the work of federal agents in Alaska.

Working at the FBI Office and the U.S. Attorney’s Office in downtown Anchorage, multiple federal employees investigated and helped take down a cyber criminal botnet run by notorious Russian spammer Peter Yuryevich Levashov, who infected hundreds of thousands of computers, including victims right here in Alaska.

A botnet is defined as a network of private computers infected by a malicious virus without the owner’s knowledge, giving a spammer the ability to secretly control aspects of a PC’s operation remotely.

This botnet in particular was known as the Kelihos Botnet. The FBI said it dates back to 2010, with the investigation in Anchorage beginning last year.

“Kelihos has been described accurately as one of the largest botnets responsible for spam and other cyber fraud schemes,” said Anchorage FBI supervisory special agent William Walton.

Walton said the Anchorage office partnered with the FBI office in New Haven as well as the U.S. Attorney’s Office in Anchorage, with assistance from foreign partners and cyber crime experts at CrowdStrike and the Shadowserver Foundation.

According the U.S. Attorney’s Office, the virus connecting Kelihos distributed spam emails, stole login credentials, installed ransom-ware, advertised counterfeit drugs and “deceptively promot[ed] stocks in order to fraudulently increase their price.”

“Cybercrime is becoming more complex and more global in scope, so it's definitely an area the FBI is focusing on in an attempt to mitigate the threat posed by these international criminal enterprises,” said Walton.

On Saturday, the FBI said it began the task of blocking malicious domains to prevent further computers becoming infected.

To cut off Levashov’s ability to communicate with the computers currently infected, the US District Attorney’s Office implemented a number of measures to disrupt the Kelihos botnet.

“In this case, we ended up seeking not only a search warrant, but also a pen registered trap-and-trace order, and finally a file to a civil complaint seeking injunctive relief, and ultimately obtained a temporary restraining order issued by the court here in Alaska to disrupt and dismantle the Kelihos botnet,” said assistant US Attorney Yvonne Lamoureux.

Lamoureux said, the botnet no longer has control over infected computers, even if the virus is currently installed on a PC.

This is a first-of-its-kind case for the Anchorage staff, said Lamoureux, with the methods used to disrupt Kelihos expected to serve as a guideline to fighting future cyber crimes affecting Alaskans in the future.

But as always, Lamoureux said, the best cyber criminal safeguards start at home.

“This case is a good reminder for all of us that there are steps that we can take to protect and safeguard our personal information,” said Lamoureux. “We need to make sure that we are operating current operating systems, that we are installing and updating our antivirus software, that we are careful of what we download, what links we click on, and we are turning our computers off when we are not using them.”

The feds said, they will be sharing their information on the Kelihos botnet bust with service providers and antivirus software programs to help those who have had their computers infected, delete the virus.

According to CNBC, Levashov was detained in Spain on Monday at request of U.S authorities.

To learn more on the operation,