April 11, 2017

Over the past several days, many Western news media outlets have predictably devoured thinly-sourced reporting from a Russian publication that the arrest last week of a Russian spam kingpin in Spain was related to hacking attacks linked to last year’s U.S. election. While there is scant evidence that the spammer’s arrest had anything to do with the election, the success of that narrative is a sterling example of how the Kremlin’s propaganda machine is adept at manufacturing fake news, undermining public trust in the media, and distracting attention away from the real story.

Russian President Vladimir Putin tours RT facilities. Image: DNI

Russian President Vladimir Putin tours RT facilities. Image: DNI

On Saturday, news broke from RT.com (formerly Russia Today) that authorities in Spain had arrested 36-year-old Peter “Severa” Levashov, one of the most-wanted spammers on the planet and the alleged creator of some of the nastiest cybercrime engines in history — including the Storm worm, and the Waledac and Kelihos spam botnets.

But the RT story didn’t lead with Levashov’s alleged misdeeds or his primacy among junk emailers and virus writers. Rather, the publication said it interviewed Levashov’s wife Maria, who claimed that Spanish authorities said her husband was detained because he was suspected of being involved in hacking attacks aimed at influencing the 2016 U.S. election.

The RT piece is fairly typical of one that covers the arrest of Russian hackers in that the story quickly becomes not about the criminal charges but about how the accused is being unfairly treated or maligned by overzealous or misguided Western law enforcement agencies.

The RT story about Levashov, for example, seems engineered to leave readers with the impression that some bumbling cops rudely disturbed the springtime vacation of a nice Russian family, stole their belongings, and left a dazed and confused young mother alone to fend for herself and her child.

This should not be shocking to any journalist or reader who has paid attention to U.S. intelligence agency reports on Russia’s efforts to influence the outcome of last year’s election. A 25-page dossier released in January by the Office of the Director of National Intelligence describes RT as a U.S.-based but Kremlin-financed media outlet that is little more than an engine of anti-Western propaganda controlled by Russian intelligence agencies.

Somehow, this small detail was lost on countless Western media outlets, who seemed all too willing to parrot the narrative constructed by RT regarding Levashov’s arrest. With a brief nod to RT’s “scoop,” these publications back-benched the real story (the long-sought capture of one of the world’s most wanted spammers) and led with an angle supported by the flimsiest of sourcing.

On Monday, the U.S. Justice Department released a bevy of documents detailing Levashov’s alleged history as a spammer, and many of the sordid details in the allegations laid out in the government’s case echoed those in a story I published early Monday. Investigators said they had dismantled the Kelihos botnet that Severa allegedly built and used to distribute junk email, but they also emphasized that Levashov’s arrest had nothing to do with hacking efforts tied to last year’s election.

“Despite Russian news media reports to the contrary, American officials said Mr. Levashov played no role in attempts by Russian government hackers to meddle in the 2016 presidential election and support the candidacy of Donald J. Trump,” The New York Times reported.

Nevertheless, from the Kremlin’s perspective, the RT story is almost certainly being viewed as an unqualified success: It distracted attention away from the real scoop (a major Russian spammer was apprehended); it made much of the news media appear unreliable and foolish by regurgitating fake news; and it continued to sow doubt in the minds of the Western public about the legitimacy of democratic process.

Levashov’s wife may well have been told her husband was wanted for political hacking. Likewise, Levashov could have played a part in Russian hacking efforts aimed at influencing last year’s election. As noted here and in The New York Times earlier this week, the Kelihos botnet does have a historic association with election meddling: It was used during the Russian election in 2012 to send political messages to email accounts on computers with Russian Internet addresses.

According to The Times, those emails linked to fake news stories saying that Mikhail D. Prokhorov, a businessman who was running for president against Vladimir V. Putin, had come out as gay. It’s also well established that the Kremlin has a history of recruiting successful criminal hackers for political and espionage purposes.

But the less glamorous truth in this case is that the facts as we know them so far do not support the narrative that Levashov was involved in hacking activities related to last year’s election. To insist otherwise absent any facts to support such a conclusion only encourages the spread of more fake news.

95 thoughts on “Fake News at Work in Spam Kingpin’s Arrest?

  1. exes

    Educated skilled talented russian eadtern european guys dont they have anything better to do with their skills in their life ?- ?
    Are we are in the world when educated clever people do crimes?
    Why they cant find good payed jobs with their skills? Like do they only have options left to commit crimes – ??

    1. SeymourB

      In Putin’s Russia, crime is the only job available for clever people.

      1. Deniska

        Spam is infraction in Russia, according to administrative code 14.3
        Spam is regulated by Advertising regulation law, 18.1
        Using emails (and other types of personal information, such as address, cell and so on) for unauthorized ad messages prohibited by Federal Law #152
        Spam often connected with activities, such as unauthorized usage of computers and distribution and development malware, which is prohibited by 272 and 274 parts of russian criminal code, charged for up to 3 years in prison.

        Say it again, spam is legal in Russia, say it again.

        1. Igor Artimovich

          Almost all giant spam botnets were made by Russians. This fact clearly shows that spamming is not a crime in Russia.

          1. BrianKrebs Post author

            That’s very disingenuous of you, Igor. Even if spamming is not illegal in Russia, building botnets and distributing malicious software that powers these botnets is very much illegal. So, in effect, your comment is — at best — invalid, and at worst a lie by omission.

            1. Igor Artimovich

              Don’t distribute malicious software and don’t use botnets in Russia and against Russians. It’s illegal. There’s nothing illegal to use malicious software/botnets in U.S. when you’re Russian and living in Russia. In this case be careful when travelling to countries where you may be illegally kidnapped by American authorities. I’m about it, Brian.

    2. Ninja

      I’ve seen plenty of smart people being undervalued and underpaid. As long as companies keep refusing to pay handsomely for good professionals and crime keeps paying way, way better it’s going to keep happening. So much for meritocracies.

  2. Martín Alejandro Carmona Selva

    Here, in Spain (Barcelona) the official news channel (TVE 24 HS) said that “A Russian hacker have been capture in Barcelona for connections with the hacking of American elections”

    So, if here in Spain they got it wrong, it’s like “they” have won…

  3. John

    Cool. I read your article about his arrest for spam first, and then saw it reported that he had been arrested for election hacking. I didn’t think they could both be right.

  4. Anonymous

    Talent goes where the money is, programming diesel engine emissions software, high frequency trading, US medical coding, Big Data tracking of every web page.

    1. Jeff

      Some talent draws the line according to personal ethics, regardless of the money.

  5. DeeBee2

    This sounds just like Homeland this season….better call Saul or Carrie asap. Dar is at it again.

  6. Jeff

    Thanks Brian. You should call out the worst offenders in your opinion. Thankfully most tech oriented sites I’ve seen have reported the real story (probably in part due to you).

  7. Al Manson

    Do you have a list of the news sites that parroted the RT “news”? Even a partial list?

    1. NotMe

      I heard that this called “google search” might be useful in answering these types of questions……………….

  8. art

    Damn, most of the media is so lazy. Pair lazy media with lazy readers/viewers and the amount of misinformation is overwhelming.
    Putin thought getting Trump meant easy crimes, and now that he sees that’s not the case, he will try to demonstrate the meddling of Russia in the US election to undermine him.
    This prick on prick battle is just begging. Lets hope it is nothing more than hilarious.

  9. JustMe

    Idiocracy. And the way it’s going we won’t have to wait until 2505.

  10. shax

    one thing is funny here,no matter how much cyber crimes we have or how much crooks stealing… the rich and wealthy people are still wealthy…so question is who’s pay that price ?? Is the people who are in poverty ?

  11. Frank Word

    Nice article. Too bad the media does not prove out fake news and is soooo bias.

  12. Don G.

    Thanks for writing this Brian. I had a similar reaction. I saw all kinds of publications linking this to election hacking but could find no solid source of that assertion.

  13. Evan

    Seems like the US news media is far more guilty of spreading propaganda than RT. I wonder if their choice to parrot the RT story is an example of them being innocent victim to The Big Bad Kremlin’s evil propaganda campaign or them happily reporting ‘fake news’ to support their own agenda of delegitimizing Trump’s electoral victory?

    1. Hampton DeJarnette

      I frequently criticize US media for being biased: for cherry-picking facts while ignoring others that contradict their story line, for insinuating something without actually saying it, for quoting out of context, for distorting the claims made by opponents, for …well, how much time do you have?

      But – at least in my definition – propaganda has the element of “How many lies can I get away with this time?”

      So as bad as US newspapers and TV are sometimes, I prefer them to state-sponsored propaganda.

      And writing letters to editors of US papers doesn’t get me jail time.

    2. A.T.

      It’s not exactly media, Evan… it’s pals like you and other pseudo-media blog-engine-driven carriers of alternative truth and other information poison. We don’t know whether you’re dictated by Olgino HQs or just yet another typical naive idiot, it does not matter after all. What does matter, however, that jail for life without access to internet seem to be the fairest measure for your clout, and you naturally.

      1. Chip Douglas

        Spoken like a true “useful idiot”.
        Inside every liberal is a totalitarian screaming to get out…

      2. Evan

        You sound like a mentally insane fascist. Which is pretty much where the Democrats are headed at this point so no surprise there. Who’s to say the RT story isn’t 100% factual? It might be trying to tell a misleading narrative but that doesn’t make the actual facts presented any less factual.

        When RT does a piece on US Military spending it doesn’t matter what their agenda is, a fact is a fact. And if you want to be well informed you need to look at what they’re saying because CNN and MSNBC expend 95% of their efforts on making ad hominem attacks based on their retarded and logically tenable Social Justice outlook.

    3. The Phisher King

      “…describes RT as a U.S.-based but Kremlin-financed media outlet that is little more than an engine of anti-Western propaganda controlled by Russian intelligence agencies”.
      Yeah, that’s definitely much worse than the ratings-driven BS that spews forth from most media enterprises.

  14. IRS iTunes Card

    File this story under “snopes.com”

  15. Pizde4

    My software never has bugs. It just develops random features.

  16. Pizde4

    Without Spam, we wouldn’t have been able to feed our army.

  17. B_Brodie

    given that no concrete evidence of ‘hacking’ (whatever that means) by Russia has been presented anywhere (only rumor, innuendo and conjecture), I agree with Evan above (US news media reporting ‘fake news’ to support their own agenda of delegitimizing Trump’s electoral victory)

    1. Donald Ti

      C1A: We do have full evidence, but cannot show it to you people. Trust us. And forget about us lying in the past…

  18. Pizde4

    If brute force doesn’t solve your problems, then you aren’t using enough.

  19. Pizde4

    The Internet: where men are men, women are men, and children are FBI agents.

  20. Drinside

    This screenshot is SEVERAl years old. I don’t use that theme anymore. Or Thunderbird.

  21. JCitizen

    I find utterly hilarious the whole idea that a foreign country could ever effectively influence a US election by spreading fake news, or even hacking the DNC. I have confidence that most voters know the news has about as much influence as the lies politicians tell us every election. Nobody even believes them, and other factors decide who they vote on. Most of the people gullible to listen to such clap-trap; probably don’t even vote.

    1. Ryan

      Quite the contrary in my experience – I’ve been shocked by the number of people I know who bought at least one big fake news story during the 2016 election, if not many more. I’ve had to have multiple conversations with family and friends who I know to be well educated (on both sides of the political aisle!) to help debunk some of “what they saw on Facebook” or “read on the Internet.” So much of it came from people THEY trusted and many times I came away thinking I hadn’t changed their minds at all.

      Even if people spot 90% of fake news stories, or 99 out of 100, they’re still buying a small percentage of them.

  22. William Smith

    “On Friday, Google said in an official blog post that the company had launched the [fact-checking] feature, to be available worldwide, in which news and results of searches would be evaluated by the third parties including, among others, The Associated Press, the BBC, the CNN and The Washington Post.”


    “This effort wouldn’t be possible without the help of other organizations and the fact check community, which has grown to 115 organizations.”

    Biggest manufacturers of fake news on the planet will now do the fact checking job on behalf of Google and present them as facts to Google search engine users.

  23. William Smith

    Democratic journalists are liars: they look the other way, they omit facts that do not support their statements and so on. So, there is no surprise here:

    “A national survey by Pew Research Center reveals how distrustful the American public feels about the media; 65 percent say the national news media impacts the country negatively.”

  24. David

    The reason that the RT narrative appeals to the Western outlets is obviously the sexiness of the “Russian interference in the elections” trope. Nobody cares about some viagra spam but everybody wants to cover Russian Hackers Hacking (the elections).

  25. BS

    Given the propensity which the US media have for running with anything that supports their current narrative, I wonder why Putin would be wasting money on supporting RT.

  26. Wladimir Palant

    At least Heise.de based their story on yours – as a tech news site they are following your website more closely than RT.com (they also tend to be pretty thorough verifying claims that they repeat). Sadly, the AFP news agency is parroting RT’s story and so does most of the German-language media then. A notable exception is Süddeutsche which “enhances” RT’s story with info from your post – only towards the end of the article, so whoever stopped reading earlier is left with the wrong impression.

  27. william

    In fact russia and usa is controlled by same hand from jerusalem.
    its also interestong putin abramovits and d.trump are very good friends its like same one big business club. i see russia is like bad guy usa is like good guy but where the unitied kingdom stands?
    i guess right now they milking usa now…as we see how much they steal from usa. Billions…so the money goes?? To build army ? But do the army need even that much money ??

  28. Anton

    Brian, sorry to say that, but you are wrong.
    It’s not related to RT. It is how journalism works.

    Remember when Yevgeniy Nikulin got arrested in Czech Repulic?

    Now, read this New York Time article:

    Or this CNN article:

    Or this Washington Post article:

    Or you can check your favorite media news site. Reporting would be pretty much same everywhere: Russian hacker arrested in Prague … bla-bla-bla … DNC Hack

    So based on your thoughts should be CNN, Washington post, and NY Times considered as Fake News?

    1. Ninja

      Why not? Do you mean to say they have never done it wrong and released false news?

    2. BrianKrebs Post author

      Your comment is hilarious because none of those stories you link say that the accused was thought to be connected to hacking activities tied to the US election last year. In fact, two of the three explicitly say high up in the story that they were not, and the other just mentions the arrest comes on the heels of reports from U.S. intelligence about election meddling, etc.

      But thank you for highlighting the other major problem with news, is that people tend to read whatever they want into the story, regardless of what the story actually says. You get a reading comprehension grade of “F” Anton.

    3. Russian shill

      Just as we should be critical of RT, we should also be critical of the fake news / anti-Russia narrative. RT’s coverage of the arrest is certainly from a different angle from how you would report about it, but that doesn’t make it fake. It also doesn’t show that there was a hidden Kremlin agenda to it. Of course the Kremlin has an overall agenda, but so does everyone else. The anti-Trump agenda is very well served by Trump + fake news / Russia stories, which is why extreme skepticism is warranted. Judging by myself, I see the dossier you mentioned as demonizing RT, and the whole hacking affair is clouded (e.g. g-2.space).

  29. krebsonsecurity = yellow press

    This days KrebsOs is nothing more then a Fake news generator .He is still buttheart about the love of his life losing the elections – cry like a baby .
    Krebs was moaning about the election ever since the Trump won .Putin did this ,Russia did that .. Over and over and over .Non stop for the last 90 days . every other post is about Putin and Russia ..

    Yellow press

    1. BrianKrebs Post author

      Fake comments, too, it seems. Interesting too see how many patterns are emerging in comments on this post, same IPs, same RDNS, etc.

        1. Evan

          Yeah, he can’t talk about anything related to American politics without letting his emotions get in the way of his rational thinking, sadly.

          1. BrianKrebs Post author

            You’re still here? You do realize this story had nothing to do with 45? Perhaps you should go sell crazy somewhere else. We’re apparently all stocked up here, thanks.

            1. Evan

              Accusing you of being less than impartial on these topics is sufficient to designate me as crazy now eh?

              I’d like to debate the matter. Since I’m just a crazy idiot and you’re one of the worlds leading security professionals should be an easy win for you, right?

              Here’s a simple and accurate real world analogy to what’s happened with Russia regarding election tampering. Can refute it? I already know the answer is no but go ahead and explain to us how you’re not being dishonest about the topic… Here goes;

              A bank is robbed in a small town. Surveillance cameras record the make, model, year and color of the vehicle. Local authorities take that information and search vehicles of the like registered there and in neighboring counties. The search returns 10 registrars. Of those 10, one has a criminal record. Police arrest the man, he is charged and imprisoned without trial. No further evidence is presented. Brian Krebs writes a story on his blog saying how the man is guilty and omits the details about how it could of been any one of the 10 registrars until about 1000 words into the story. He condemns the criminals and makes no criticism towards the bank which ignored federal policies and left it’s safe door open at all times.

              1. BrianKrebs Post author

                The story is about a spammer. One who has been spamming most of his adult life. Countless people have been working hard for many years to disrupt this criminal’s activities. Through some sheer break of luck or complete hubris, the accused decides to vacation in Spain.

                The first to report on his arrest happens to be a deeply flawed “news” outlet based in Russia. Their spin is that this guy is just some dude that Western law enforcement people happened to have picked on for no reason at all, other than the fact that he forgot he wasn’t in Mother Russia anymore. The story from said publication says this is all about election hacking.

                Lots of media publications that should know otherwise bite on this dubious version of events. I write that they’re wrong to do so. You say otherwise. And now you come on this site ranting and raving about “Democratic bias” and Trump? Seriously? There must be 100 other sites that you could rant about this on that would be more relevant.

              2. Mahhn

                you’re kinda forgetting that he was known as the spammer, the only news is that he was caught because he went to a country that would arrest him.

          2. Chase

            He has every right to dispel people spreading lies in his comments.

      1. art

        Apparently one of the requirements of any fake comments-application is for me message to be a complete spelling disaster.

        1. art

          I meant “the message” not “me message”.
          Ugh now I feel like a fake-comments application.

          1. art

            Also I meant “fake-comments application” not “fake comments-application” UUUUUUUGH

        2. Grammar Nazi

          Spelling mistakes are very import part of the cover up !!! Without them you cant just say Russians did it . With them , sure the did !!!

Comments are closed.