A New Russian Ploy: Competing Extradition Requests
Posted December 20, 2017 4:12 p.m. EST
MOSCOW — The Russian spam kingpin had long been in the cross hairs of the FBI, and agents finally got their shot when the man scheduled a vacation in Spain. At the agency’s request, Spanish security officers in April arrested the man, Peter Y. Levashov, who is accused of stuffing untold millions of inboxes with ads for pornography, pills and penny stocks.
But then the Russian authorities sprang a trap of their own, filing an extradition request with the Spanish authorities for a crime they said Levashov had committed in Russia years ago. Currently, he is languishing in a Spanish jail, but soon the authorities will have to decide which extradition request to honor: the United States’ or Russia’s.
This was by no means the first time that Russia had filed a competing extradition request. Far-fetched as it may seem, the Russians’ tactic has in several instances prevented Russians suspected of being computer criminals from being deported to the United States while detained in Europe.
The tactic has raised suspicions that the Russian authorities are more interested in derailing U.S. investigations and possibly protecting criminals they find useful than they are in fighting cybercrime.
“People always ask me about this,” Timofey S. Musatov, a Moscow lawyer whose Russian client is the subject of competing extradition requests. “It’s the most common question.”
In Levashov’s case, Russian prosecutors sought his extradition after his detention in Spain when they discovered in August that he had hacked the computers of a hospital in St. Petersburg, Russia, in 2014.
Three similar cases are pending in courts in Greece, Spain and the Czech Republic. In two of the three, either the defendants’ lawyers or relatives have said that their cases have some bearing on the investigation into Russian meddling in the 2016 election in the United States. While that may be true, they have not provided any proof.
Their theory is that with the politically charged atmosphere in the U.S. over the election meddling, the accused could not possibly get a fair trial there, so they should be returned to Russia.
In accordance with extradition treaties in all three countries, Russian lawyers say, the decision about where to send the accused resides with a government minister. That opens the prospect of the United States’ being powerless to stop the return to Russia of a suspect who may be able to offer valuable information on Russian meddling in the election.
The Greek police detained Musatov’s client, Alexander V. Vinnik, on an American warrant that accuses him of running a Moscow-based Bitcoin exchange, BTC-e, that laundered as much as $4 billion in illegal funds. Russian prosecutors filed an extradition request on a fraud charge.
The Russian case, Musatov said, surfaced soon after Vinnik’s detention in Athens, possibly because the Russian police had read about his client in news reports and decided to investigate him.
“I’m a procedural lawyer who works with documents and law,” he said. “I don’t work in the category of conspiracy theories.” Vinnik has no known links to election hacking, he said.
Another of Musatov’s clients, Dmitry O. Zubakha, who at the request of the U.S. was detained in Cyprus in 2012 on suspicion of hacking Amazon, was successfully extradited to Russia.
“This norm is in effect everywhere,” said Vladimir V. Makeyev, a lawyer for another Russian cybercrime suspect, Yevgeny A. Nikulin, who was detained in Prague while on vacation with his girlfriend.
The United States accuses Nikulin of hacking the computers of LinkedIn, Dropbox and Formspring. Russia filed an extradition request after a computer intrusion and online theft that occurred in 2010 but came to light only after his detention in the Czech Republic.
Makeyev argues that the United States is seeking Nikulin’s cooperation in the election-hacking investigation and that an FBI agent from the San Francisco field office, Jeffrey Miller, traveled to Prague to offer asylum in exchange for testimony. The FBI has said the agent was there only to read Nikulin his rights, and it remains unclear how he may have been connected to election hacking. Why Russians suspected of hacking travel to countries that may detain them on U.S. extradition warrants is something of a mystery. “Once the money starts coming in, they enjoy a good lifestyle,” said John Reid, a senior researcher with Spamhaus, a spam tracking group based in London.
Perhaps impunity at home creates a false sense of security. “We’ll see pictures of them sitting around with gold and fancy Western cars and guns. That kind of gives a profile” of high-rolling Russian hackers, he said.
One theory for the travel, he said, is the “girlfriend effect”: “You are a little hacking nerd and now you have a good-looking girlfriend, and it gets cold in Russia, and she says, ‘It’s cold; I hate it here,’ and it wears him down, so he goes somewhere sunny, and that’s it.”
Levashov, too, has claimed a political motivation for his arrest in Barcelona last spring, though a federal indictment unsealed in Connecticut charges him only with eight counts of computer-related crime and fraud. Levashov’s wife, Maria, said in an interview that the Spanish police had told her the arrest was “related to the election.”
The U.S. indictment asserts that Levashov, using the nickname Peter Severa, or Peter of the North, ran a spam operation powered by a sophisticated, evolving family of computer viruses called Waledac, and later Kelihos. Levashov’s nickname may be derived from his northern hometown, St. Petersburg, or the name of a porn movie star, referring to the pornography promoted by spam email.
Levashov told a Spanish court that the case should be viewed politically because he had worked for United Russia, a political party that backs President Vladimir Putin, and he is an army officer with access to Russian classified information.
“I collected different information about opposition parties and delivered it to the necessary people at the necessary time,” Levashov told the court, referring to Russian opposition parties, according to the Russian Information Agency.
In an online chat room for hackers years earlier, using the nickname Peter Severa, Levashov had gone further, suggesting that he had enlisted in a broad recruitment effort by the Russian government, begun about four years ago, to engage students, computer professionals and criminals in government hacking teams, sometimes called science squadrons.
“Good day,” he wrote. “My name is Peter Severa. Many people know me for my service distributing email.” But “everything is in flux, everything changes, and the time has come for me to change the direction of my work.”
He said he had a new role: The Federal Security Service, known as the FSB, had appointed him to lead a group of hackers who would work for the security service, which he called a “special battalion for information security.”