Russian spam lord Peter Laveshov was arraigned early this week for his participation in the Kelihos botnet. An affidavit unsealed today revealed that Apple helped bring him in. What gave him away? His iCloud account (via The Verge).
Kelihos::Hlux
Using the alias “Severa” Peter allegedly ran the Kelihos botnet and rented access to spammers and cybercriminals. This botnet—also called Hlux—was first discovered around December 2010. Analysis showed that it controlled 45,000 infected computers capable of sending an estimated 4 billion spam messages per day.
In September 2011 Microsoft took the botnet down in an operation called Operation b79. Then in January 2012 a new version of the botnet was found called Kelihos.b, made up of an estimated 110,000 infected computers.
Arrest and Extradition
The affidavit shows Peter’s role in the botnet and how investigators used server records, Jabber messages, and online payments to him. Two servers linked to Kelihos were seized in Luxembourg, and an iCloud account registered in Peter’s name was found connected to an IP address linked to the servers.
On the same day authorities requested information on the account, they got a warrant and Apple was placed under a gag order. But because Peter was still in Russia, they couldn’t do anything unless he moved to another country where he could be extradited.
Eventually Peter appeared in Spain, and on February 2, 2018 the U.S. Department of Justice announced that he had been extradited, having been first detained on April 7, 2017 in Barcelona. On February 3, 2018 Peter pleaded not guilty to charges of wire and email fraud, hacking, identity theft, and conspiracy.
correctly write Levashov