A Russian hacker known to the world as the “bot master” was sentenced Tuesday to the 33 months in detention he has already served on federal charges.
U.S. District Judge Robert Chatigny said he believed the financial ramifications of Levashov’s crimes were overestimated in the PSR, but admitted the crimes were serious and sophisticated.
“It goes without saying that someone who builds and operates botnets, like you did, and profits from making them available to cybercriminals, should expect to be prosecuted and punished,” he said. he declares. “Because this is indeed significant criminal behavior that is detrimental to the public. “
Prosecutors had requested a sentence which was requested in the pre-sentence report ranging from 12 to 14 1/2 years in prison.
The judge also ordered Levashov to serve three years of supervised release, during which his IT activity will be monitored. He deferred the imposition of a fine or restitution for 90 days until he could receive more information on Levashov’s financial situation.
In their written pleadings, prosecutors said Levashov spent more than a decade controlling botnets – including one that may have infected 200,000 computers – to harvest computer email addresses, logins and passwords. infected and also distributed malware and other malicious software.
“Levashov has used these botnets to send billions of spam messages, messages whose destructive potential ranged from relatively harmless advertisements to email messages used to conduct ‘pump and unload’ programs, to email messages containing malicious links. that spread malware such as viruses or ransomware, ”US Deputy Prosecutor Edward Chang wrote in his sentencing memorandum.
Chang said Levashov, also known as “Peter Severa,” operated three of the most notorious botnets known to authorities – Storm Worm, Waledac and Kelihos.
At its peak, Storm Worm reportedly sent 57 million emails in a single day, prosecutors said. Waledac could send 1.5 billion spam messages per day and Kelihos would have been able to send 4 billion spam messages per day, he said.
Prosecutors said Levashov also moderated online forums used to sell and trade stolen identities and credit card numbers.
Levashov was arrested in April 2017 while on vacation in Spain. His arrest was part of a series that targeted Russian cybercriminals outside their home country, which does not have an extradition agreement with the United States.
Russian authorities fought his extradition, but Levashov was eventually transferred to the United States.
Levashov has been released from prison under electronic surveillance since January 2020. Chatigny said his isolation away from his wife and young child during the pandemic was also a factor in the sentencing.
Levashov’s lawyer Vadim Glozman, arguing for the time served, said his client’s hack was not complex enough to warrant a harsher sentence. He also referred to Levashov’s difficult life in Russia, which involved standing in lines of bread, which he said led to a desire to take care of his family. He is humiliated, apologizes and has already suffered tremendously from his crimes in the years since his arrest, Glozman argued.
“Aside from the general weight of being under federal indictment, they have been locked up in two foreign countries, far from his family, where he knows no one, and passed in the midst of an unprecedented global pandemic,” he said. defense lawyer Vadim. Glozman wrote. “Put simply, those four and a half years seemed like an eternity. “
Levashov, in a brief statement to the court, thanked his wife and lawyer, who he said almost made him cry with the story of his life.
“I apologize if my activities hurt anyone,” he said.