By Dustin Volz
WASHINGTON (Reuters) – The U.S. Justice Department said on Monday it had launched an effort to take down the Kelihos botnet, a global network of tens of thousands of infected computers it claims was operated by a Russian who was arrested in Spain over the weekend.
Peter Yuryevich Levashov, a Russian citizen, operated the Kelihos botnet that infected computers running Microsoft Corp’s Windows operating system since approximately 2010, the Justice Department said.
A criminal case against Levashov by the Justice Department remains under seal but on Monday the agency announced a civil complaint intended to block spam from the botnet.
Russian-state media service RT reported Levashov was taken into custody in Spain over the weekend on a U.S. warrant.
It was not known if Levashov had an attorney. The Russian embassy in Washington was not immediately available for comment.
Levashov has long been considered the likely identity of an online persona known as Peter Severa, and he spent years listed as among the world’s 10 most prolific computer spammers by Spamhaus, a spam-tracking group.
Russia’s RT quoted Levashov’s wife as saying he was arrested on charges stemming from the U.S. government’s belief that Russia interfered in last year’s U.S. election to help President Donald Trump win. Russia denies interfering in the U.S. election.
A Justice Department official, who spoke to reporters on condition of anonymity, said on Monday the current action against the botnet was not related to the election.
The Kelihos botnet has been a source of criminal activity targeting computer users worldwide since at least 2010, the official said. The botnet at times grew larger than 100,000 simultaneously infected devices to carry out various spam attacks, including pump-and-dump schemes, password thefts and injecting various forms of malware, including ransomware, into target devices, the official said.
In order to liberate the victim computers, the United States obtained court orders to take measures to neutralize the Kelihos botnet, including establishing substitute servers and blocking commands sent from the botnet operator, the department said.
The Kelihos operation was the first to use a recent judicial rule change that allows the Federal Bureau of Investigation to obtain a sole search warrant to remotely access computers located in any jurisdiction, potentially even overseas, a Justice Department spokesman said. Previously such warrants could only be used within a judge’s jurisdiction.
Such a warrant was used out of an abundance of legal caution, the Justice Department official told reporters, adding that the Kelihos actions were similar to previous ones U.S. authorities have taken to disrupt other botnets.
Victim computers were not infiltrated by the FBI but redirected to a computer controlled by law enforcement, often called a “sinkhole,” to cut off the connection between infected devices and the botnet operator, the official said.
(Reporting by Eric Beech; editing by G Crosse and Lisa Shumaker)