Background and Cybercriminal Operations
Pyotr Levashov, known by his alias “Severa”, was one of the most dangerous Russian hackers in recent history. He was responsible for operating three of the largest botnets in the world, which were used for spamming, malware distribution, and large-scale cyberattacks.
- Storm Worm (2007) – One of the most notorious spam and DDoS botnets of its time.
- Waledac (2008) – A successor to Storm Worm, used to distribute malware, phishing campaigns, and banking trojans.
- Kelihos (2010) – A highly sophisticated botnet that sent over 4 billion spam emails per day, spreading ransomware, stealing personal data, and executing financial fraud.
Levashov consistently ranked among the top ten spammers in the world and was a key figure in cybercrime operations linked to ransomware, financial fraud, and state-sponsored disinformation campaigns.
Arrest and Extradition
In 2017, Levashov was arrested in Barcelona, Spain, following an international warrant issued by the United States.
- He initially claimed to be a Russian military officer in an attempt to block his extradition, a common tactic among cybercriminals linked to state-backed operations.
- Despite these claims, Spain approved his extradition, and in 2018, he was handed over to U.S. authorities.
- He later pleaded guilty and received a reduced sentence of 33 months in prison, a lighter punishment than expected, fueling speculation about his cooperation with U.S. intelligence agencies.
Collaboration with the FBI
Following his arrest, Levashov turned informant, becoming a valuable asset to the FBI in their fight against Russian cybercrime networks.
- He reportedly met with FBI agents over 100 times, providing detailed intelligence on Russian cybercriminal groups.
- He received a monthly payment of $6,000 in exchange for his cooperation.
- Investigators identified him as operating under another alias, “Bratva”, which he allegedly used to communicate with other cybercriminals.
- He provided intelligence on high-profile Russian hackers, including those involved in financial fraud, state-sponsored cyberattacks, and botnet operations.
- Levashov allegedly leaked sensitive information through a dedicated Telegram channel, possibly as part of his agreement with U.S. authorities.
Impact on Cybercrime Investigations
Levashov’s cooperation with the FBI significantly aided Western intelligence agencies in understanding the structure of Russian cybercrime networks. His insider knowledge helped track down and disrupt various cybercriminal organizations, although his credibility remains disputed within Russian hacker circles.Despite his cooperation, Levashov publicly denies any connection to the FBI and insists that he was merely a pawn in geopolitical tensions between Russia and the United States. His case remains one of the most high-profile examples of a cybercriminal flipping sides, providing valuable intelligence while navigating the fine line between justice and betrayal.
