A Russian hacker known as the “bot master” was sentenced Tuesday to the 33 months he had already served in prison on federal charges of managing a network of devices meant to steal computer passwords, disseminate spam, and install dangerous software. Peter Levashov, 40, pleaded guilty in 2018 to conspiracy, wire fraud, aggravated identity theft, and causing malicious damage to a protected computer.
Judge Robert Chatigny of the United States District Court for the District of Columbia feels the financial harm inflicted by what started as a spamming scam was exaggerated in a pre-sentencing report that suggested a sentence of at least 12 years. However, the judge noted that the offenses had progressed to a more serious and sophisticated level.
“It goes without saying that somebody that builds and operates botnets, as you did, and profits from making them available for use by cybercriminals, should expect to be prosecuted and punished,” he said. “Because indeed this is significant criminal conduct that is harmful to the public.”
As suggested in the pre-sentencing report, prosecutors proposed a sentence of 12 to 14 1/2 years in prison. Levashov will also be placed on supervised release for three years, during which his online activities will be monitored. He agreed to delay imposing a punishment or reparation for 90 days while awaiting additional information about Levashov’s financial situation.
“Levashov used those botnets to send billions of spam messages, messages which ranged in destructive potential from relatively harmless advertisements to email messages used to conduct ‘pump and dump’ schemes, to email messages containing malicious links that spread malware such as viruses or ransomware,” Assistant U.S. Attorney Edward Chang wrote in his sentencing memorandum.
Levashov, also known as “Peter Severa,” is accused of running three of the most prominent botnets known to authorities: Storm Worm, Waledac, and Kelihos, according to Chang. Prosecutors claimed Levashov allegedly maintained internet forums where stolen identities and credit card data were sold and traded.
In April of 2017, while on vacation in Spain, Levashov was apprehended. His arrest was part of a series aimed at Russian cybercriminals operating outside of Russia, which does not have an extradition treaty with the US.
Levashov was ultimately brought to the United States, despite Russian opposition to his extradition. According to officials, the FBI’s New Haven branch investigated the case through its Connecticut Cyber Task Force, and some of the compromised devices were located in Connecticut. Since January 2020, Levashov has been on electronic surveillance. Chatigny claimed that his separation from his wife and small kid during the epidemic influenced his sentence.
In appealing for the time served sentence, Levashov’s lawyer, Vadim Glozman, said that his client’s hacking was not complicated enough to merit a heavier punishment. He also alluded to Levashov’s difficult upbringing in Russia, which included waiting in bread lines and a desire to provide for his family, according to him. Glozman stated that he is humbled, remorseful, and has already suffered greatly as a result of his actions in the years following his incarceration.