Kelhios, one of the longest-running, most malicious botnets in the world, has reportedly been taken down by United States Department of Justice, following the arrest of its alleged operator, Russian programmer Pyotr Levashov. The botnet has been in operation since 2010, helping to deliver spam, steal login information and distribute ransomware, though will now be dismantled as part of a concerted effort of federal operatives and volunteer organizations.
Levashov has been under investigation since as early as 2009 for running various botnets, though due to a lack of an extradition treaty between the United States and Russia — where he was suspected to reside — getting hold of him proved difficult. However, when he was found to be flying into Spain, where an extradition treaty does exist, he was picked up by local law enforcement and will likely now be shipped to the U.S. to face charges.
In a joint investigation with security firm CrowdStrike and The Shadowserver Foundation volunteer group, DOJ officials discovered the same IP address was used to operate the Kelihos botnet and to access Levashov’s personal email account. Several other of Levashov’s online accounts were also linked to the email.
He is now set to face charges of wire fraud and unauthorized interception of electronic communications, having spent years sending out hundreds of millions of spam emails. The botnet was also said to be used as a malware distributor and to harvest passwords and financial account information from thousands of victims.
With Levashov now in the hands of the authorities, attention has turned to dismantling the botnet. Kelihos infected computers have been redirected to benign servers, so no further commands can be issued to them. The DOJ has also received court permission to block all future of attempts to regain control of the botnet and now the mammoth task of disinfecting the network can begin.
While this is no doubt a coup for law enforcement, because Levashov has been one of the world’s most prolific spammers for years (thanks Ars Technica), computer based botnets are not the biggest concern out there right now. IoT devices are being co-opted in their millions by hackers and are considered the next battleground for security professionals.