Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,177
- Points
- 113
Hello everyone! First, I would like to introduce the guest. Meet Petr Severá Levashov, former owner of several botnets, "King of Spam" now a law-abiding citizen, businessman, creator of severadao.ai
And so, on to the questions!
Q. Please tell us what prompted the choice of names for your botnets Storm Worm, Waledac and Kelihos?
Thank you for the question, it's interesting, so the first botnet Storm Worm, this name was invented by journalists, it was a simple spam botnet, that is, all these botnets, Storm Worm, Waledac and Kelihos are essentially the same botnet, for me it just evolved over time. And when I made a major update, that is, refactored the code or changed it entirely, journalists and researchers called it a new name, that's why it's all like one botnet, roughly speaking, evolving over time since 2000. Storm Worm is a spam botnet, I just promoted it myself, that is, I took my bot, wrote a letter, and in this letter I took an existing news story about a storm in the USA, which was there that day, but there were no victims, and I wrote that there were 1000 victims, that is, I greatly exaggerated this event. I wrote a letter saying if you want to know more about the dead, then download my file and journalists naturally based on this letter, since the idea of the letter was about a terrible storm and called this virus Storm Worm. Waledac's name was invented by Kaspersky, Kelihos, I think, is also Kaspersky, maybe I'm wrong. Unfortunately, I can't say what the people who invented this were guided by, there is no sense in the last 2 names for me.
Q. The prosecution claimed that at its peak, the Storm Worm botnet sent 57 million emails per day, Waledac was capable of sending 1.5 billion spam messages, and Kelihos, with the help of 100,000 infected computers, sent 4 billion spam content per day. How true are these claims?
In my best years, it was 2004-2006, in that range, I was responsible for sending half of all spam, that is, of all spam letters in those days, half of all letters were sent using my botnet. At that time, it was Waledac and Kelihos, one replaced the other, since it is essentially the same technology. The capacities were about the same, well, Kelihos sent a little faster, because I improved something there in multithreading, but in fact, this was just during the transition, it was a golden time, in the first years of Kelios, half of all spam was mine, I am not very proud of this, I was punished for this and paid in full, but yes, I am guilty, the trash was mine.
Q. How were the botnets written? Who helped? Whose projects were they besides yours?
The project was always mine, I was alone, I probably wrote 90% of the code myself, of course I hired people, but there were such routine tasks, not very convenient, like for example, I collected Kelihos ftp passwords from all saved clients saved on computers, that is, now no one uses special ftp clients, because any browser can ftp. But then it was necessary to install ftp. There were dozens of different clients and in order to steal a password in this program, you essentially need to download each program, install it, figure out how it stores its data, that is, write something there, save it, find what file, if it encrypts the program somehow, and some of them try to save data from such theft, they encrypt it, write it to databases, you need to figure it all out, find it and extract it. You need to install 30 programs, then conduct research 30 times and write the same code, I outsourced such things, I bought all this in source codes, that is, someone wrote for me, according to my technical specifications, I accepted every line of code. In fact, I was the only leading developer and the only owner.
Q. How much did it cost to write your botnet at that time? How long did it take?
Since I wrote it myself, I can't say about the money. In terms of time, this process was also very drawn out, because initially I just had a socks bot that simply opened socks on the computer, well, and knocked on the server that it was alive, and the server itself was already sending out spam and connecting to these socks and sending spam, and then at some point it clicked in my head, why am I doing everything on the server when I have a bunch of clients and they only essentially open a port for me, and I need the client to come to the server himself, take the task for sending and generate all the spam letters himself and send them. As soon as I realized this, I think I rewrote everything in 3 days, it was already a socks botnet before, and now it has become a mail botnet, the sending speed has increased 100 times. Probably because I used to use only those computers that had an external API and there was no firewall, that is, you could connect to this socks from the server and send a letter, and this is essentially no more than 10% of all computers, and when I switched to this approach, that the client knocks on the server, takes the task and sends it, already 99% of all computers began to send my spam, not always an inbox of course, because some IPs are in such networks from which you can’t send an inbox, but the speed increased significantly.
Q. What was your knowledge of programming languages at the time of writing botnets?
I started learning computer language back in school, accordingly, in Turbo Pascal. In my opinion, I wrote the botnet when I already had a pretty solid knowledge of C++. Well, it's hard to say, I think it wasn't junior, but somewhere around post-junior, and then I tried to study myself, that is, I just slowly read, looked at other people's code. I think that any junior can start writing his own botnet. The thing is that as long as you don't start infecting other people's computers with your bot without permission, it's not even criminal, that is, you can develop a botnet entirely, have it on your computer, if you get caught and find it, it's still legal, that is, until you infect at least one person with this botnet and don't ask for their permission, you haven't committed a crime, so I think that any junior can take and try to write his own botnet for the purposes of study. Although, of course, a senior will do better.
Q. How did you get interested in programming languages? What motivated you?
I was born in 1980, I got my first computer quite late, by today's standards, I was 11 or 12, it was an IBM 8088, and I was probably the first in my class who at least had such a computer, so the time was a little different, but even then, when it first appeared, it was interesting, I remember studying books on assembler. At school, probably, then we learned programming, this was the 6th or 7th grade, that is, it turns out, I was already 13 or 14 years old and only then did I start getting interested, but most likely thanks to the computer science teacher, that is, at home I still played on the computer more than did anything, and the computer science teacher showed that you can do more than play. Her name was Evgeniya Andreyevna, and she was not such a strong programmer, but she was able to captivate me and then Turbo Pascal seemed interesting, that is, I made some presentations and I remember some game, a parody of tanks, then all this appeared terribly late by today's standards, now, it seems to me, you need to start learning the first programming languages from about 4 or 5 years old. Python for children or something like that.
Q. How did you become a spammer?
Good question. I was 19 years old, I got my first job as a system administrator, and there they used an ICQ box for communication, there was a messenger called ICQ. And everyone in the company where I worked had this messenger and I just wanted a short number, everyone there had shorter ones. It was called a six-digit number, it was fashionable then, and I had already registered a seven-digit or eight-digit number. I realized that ICQ sends a password to restore the six-digit number to the email that was specified during registration, at first I manually went through the beautiful numbers on the ICQ website and looked at which email, because some emails are released after 3 months of inactivity of the owner, that is, I looked for emails that were released in order to register them and request a password from ICQ, restore and receive a six-digit number manually. I quickly got tired of it, I already knew how to do something and wrote a simple script, which simply went forward in the range from 100000 + 1, requested the server even in single-threaded mode, I think, there was simply no delay, requested the ICQ server for each ID and saved the email. I launched it, went to bed, and when I woke up, I got a base of 30 or 40 million email addresses, because I simply did not set the limit. In fact, I only needed it from 100000 to 1000000 numbers, and I simply launched the cycle from 100000 and went to bed, but I thought that it would not even get to a million in that time, but it went through the entire base, I got this base of emails, live ICQ users. And they noticed, a week later my script couldn't work like that, I should have added socks, but I wasn't interested in that anymore, I downloaded the entire database, and when I became the owner of such an email database, I just saw a billboard on the street that said: "Your ad could be here", it all just dawned on me, and then I just started thinking about how I could send my own ad to these emails.
Q. Why are you called the Spam King?
This is a passing title. The spammer who is currently arrested, if he is too big, becomes the king of spam for that time, so I am not the only king of spam, I think that a dozen people called me the king of spam, but maybe I deserved it, again for the volume, that is, the researchers simply saw that half of the world's spam was mine. I was the biggest player, without a doubt. Moreover, I probably outpaced the next one by 10 times, so I think I rightfully deserved the title of king of spam, but again, those were the best years, 2004-2006, because then the financial crisis began and then spam was not so profitable. Volumes were falling, and my main topic on spam did not give such profits. The so-called Pump&Dump, that is, pumping and dumping in Russian, manipulation of shares. Severadao.ai just inherits my experience gained in those years. Then we bought a share of a cheap company, I spammed it to generate interest, the price grew. At the top, we sold. The price fell and accordingly we received super profits. Hundreds of percent per day. American partners came to me with this scheme, that is, I was a spammer, and they negotiated with companies and all that sort of thing.
That's all for today, 04.04, in the second part of the interview, which will be aired on the second channel, we will talk about the first carding conference in Odessa, arrest, courts, lawyers and their cost. We will analyze the mistakes that led to imprisonment and white business, as well as much more. But for now, if you read to the end and you are interested, we will be grateful if you subscribe to the guest's social networks, and also devote at least a minute of your time to his project SeveraDAO.ai
Continuation of the interview with Peter Severa Levashov
Q. Tell us about the first carding conference. Who was there and how did it happen?
By 2002, I was a moderator of the Spam section on the first carding forum carderplanet.com, which was led by the legendary Script, Dmitry Golubov. I myself did not deal with credit cards, but only carried out mass mailings by email on request, for the needs of forum participants. And I answered all the questions that the forum members had about spam. At the beginning of the year, a decision was made to meet together in Odessa, the birthplace of Script, and hold the First International Carding Conference in late May - early June 2002. Looking ahead, I will say that both that conference were the first and the last. The NY Times later wrote about it, which caused a great international resonance, and called into question the very existence of the forum. At that time, as one of the forum moderators, I had the title of Don and was also invited. I weighed all the pros and cons. For privacy, Script promised to ban any video and photo shooting by participants, except for official ones. Besides that, I was only involved in spam, and back then it wasn't that illegal in Russia. And new connections and acquaintances meant new clients. I was only 22 years old, and I decided to go. Probably in vain. Because in 2018, in the US, they gave me several photos from that event in my case materials. Photos that Script never gave me many years ago. My face was outlined several times, in different colors. The photos were leaked to the US not even once, but several times, by various would-be carders who were caught by American justice over the years. As for the event itself, everything was organized at the highest level. I flew from St. Petersburg to Odessa via Moscow. As it turned out, there were 4 more participants from different cities flying with me on the same plane from Moscow, but we didn't know each other by sight then. In Odessa, a limousine met us all at the airport, and that's where we met. We were taken to a holiday home by the sea. There were already about 15 other participants there, and we were among the last to arrive. Then we went to the event itself, to an elite restaurant/nightclub in the center of Odessa, on Deribasovskaya Street, which belonged to one of the active participants of the party with the nickname Borman. The second floor was completely closed for our party. I have never seen so much black caviar on one table in my life. The choice of drinks seemed unusual. There was only whiskey, like in gangster films, three types - Jack Daniels, Jim Beam and something else. And most of them made long drinks with Coca-Cola and ice. Deals for fabulous amounts for me - hundreds of thousands of dollars - were concluded right at the table. "With a code, without a code" - this is about the cvv code of the credit card, "by 3, by 4" for some reason I remember these price numbers, maybe wholesale prices for cards in those years? I had nothing special to do, I did not deal with cards. I walked around in circles, making sure that everyone at the table knew that I was Peter Severa and that the spam was for me. I remember looking around the table and being amazed that almost no one had touched the nearest huge dish of caviar and eggs, and there were three of them all over the table. “You carders don’t know how to snack,” I said,and to the laughter of his neighbors he moved the whole dish closer to himself. Then there was a lot of communication, I remember Borman bragging about his new anti-abuse hosting in Iran. Like, he sent a live person there, he sits at the servers with a gun, and no one will ever turn them off. As it turned out later, they turn them off for my spam. Apparently, people come with heavy weapons. Or they just turn off the uplink. I also remember two interesting guys who were just flying with me from Moscow. Also not exactly carders, like me. Their topic at that time was “virtual” cars on the Ebay auction. Both had perfect English, as well as Russian. The guys could also speak with accents from different states. They put photos of cars up for sale on Ebay, and then talked buyers into transferring an advance payment or sending a check, and managed to withdraw the money before the buyer woke up. They said that you have to constantly hang on the phone with the buyer, drag out the time, like: “yes, I’m already on my way to you, I’ll turn into your city now, wait, don’t call the police.” And in the meantime, the money is being withdrawn. As I understood, there was a lot of money, hundreds of thousands of dollars a month. The guys were good, they laughed at jokes and didn’t show off. I remember Script himself, also a young guy, younger than me. I vaguely remember Boa, I wonder if he remembers me? In a word, I had a good trip. And personal contacts allowed me to get a lot of warm reviews and regular customers for email newsletters. I just had to loudly refuse at those moments when everyone was invited to take pictures, jokingly, getting another wave of laughter and positive emotions. And, perhaps, in 2017, not end up in a prison cell in Spain, but go home. The Odessans themselves were very memorable for their warmth.And personal contacts allowed to get a lot of warm reviews and regular customers for email newsletters. It was necessary to simply refuse loudly at those moments when everyone was invited to take pictures, jokingly, to receive another wave of laughter and positive emotions.
severa and pav01
year 2001
Q. Tell us a little about the arrest.
I was arrested on 04/07/2017, I came there with my family for literally a couple of weeks to relax in Barcelona, Catalonia is not even exactly Spain, it is an independent province, but there was a request from the USA for extradition. At 5 am, machine gunners broke down my door, put me on the floor, found a knife with me and left, and then the police just took me to prison and that was it. I fought extradition for 11 months, my family flew home, and I stayed. And then, in February I was extradited to the United States as a result. There is a lot that can be said about the arrest. There was a lot that was illegal in Spain according to Spanish laws. The fact that the Spanish court extradited me to the United States is a violation of all laws, because I was connected with the political life of Russia. That is, I collected signatures for various deputies when I was still a student and then coordinated this activity not for United Russia, but for various parties. It was more of a commercial collection of signatures, but at a certain point I had up to 100 people in the team who collected these signatures. That is, this is clearly political activity, I proved it in the Spanish court, that here are all the estimates, here are my photographs, how I organize it all. That is, there was no doubt that I was participating in political activity, and therefore I cannot be extradited to America. This is the law of Spain, it did not affect it in any way. I am also a reserve officer, that is, I came to the military department at the institute. I got a military specialty at the Polytechnic and I have a secret military registration specialty, that is, I signed all sorts of notebooks there, sealed with seals and I have secret information. A missileman, albeit a reserve of the Russian Federation, and this is also point 2, why I cannot be extradited to the USA from Spain, that is, in Spain, all possible laws were violated. During the arrest, there were a bunch of violations, for which Spanish lawyers told me that mafia bosses are released in Spain. When I was simply not allowed my lawyer, who I already had at that time, and just a Spanish judge, who is entirely associated with America, she has her own business in America, that is, Spanish judges are not allowed to have a business in Spain, but they can in America and this particular judge studied in America for 10 years and she has her own business in America. She is a businesswoman in America, but in Spain she is a judge and all the hacker cases that were conducted in Spain, for example the case of Lisov Stanislav and 5 or 6 other people there that year, when there were Trump elections in 2016, and this is 2017. Democrats tried to find any way to find a pretext and justify how Trump became an illegal president. Apparently there was an order from the FBI to arrest everyone we know, but when I got there with a frankly weak case, that is, why I managed to get out so well, in fact, it was good because they simply were not ready and said arrest whoever you can. Well, I see it that way, as I was arrested, many more people.
Q. How did you manage to serve so little time? Did you rat out your accomplices?
I served 33 months and 3 days, which is certainly not much in terms of what you can eat for the rest of your life, but it's almost 3 years, and I can tell you that for me it was a lot. In America, the judge decides who is punished enough and who is not, my case is public, you can take it all apart, naturally, I didn't rat out anyone, and there was no one to rat out, that is, I wrote the software myself, everyone else was just some kind of toad id. I met with several people from real life, with whom I worked closely, they are all free, for example, they don't accuse me of anything, and the one who writes there ratted out someone, well, tell me! Who did he rat out? 5 years have already passed, in America there is a statute of limitations for any crime, 5 years for almost all crimes. That is, of course, there are crimes where there is no statute of limitations, but everything related to computers, all economic crimes, all this is almost 5 years in America, that is, I was arrested in 2017, if I turned someone in, now 5 years have passed since the arrest. The information that I had has lost its value. That is, to build a case on it, but, firstly, they did not receive it, they were never able to decrypt my computer, they took the laptop, but they could not decrypt it. Can anyone think that suddenly I pointed a finger at someone during interrogations? I did not turn anyone in during drop interrogations, that is, you can not just say, but Vasya is bad, without providing any evidence, and I did not have any. It would not work.
Q. Why did you go to jail? What mistakes were made?
I didn't hide that much, so, for example, the last name Petr Levashov was visible at Spamhouse for a long time, when I even bought a domain there in my name. In 2000, they could have written my last name down somewhere in their database, well, another thing is that they had no patronymic, no address, no phone number, all the other information was fake, and there are, I think, 10 or so Petrov Levashovs in St. Petersburg alone, that is, quite a lot. In Russia, there are hundreds or even thousands of them, so I don't think they knew my real name, they just knew what kind of name it was. There was a mistake when my IP was shown in WebMoney, that is, I always used VPN, but at some specific moment it fell off, and the killswitch for some reason did not work and the IP was shown once, I noticed it on the same day, but I was just too lazy to change the wallet. I had a promoted WebMoney ID, I had a good reputation there. Another mistake, it seems to you that what you are doing is not so criminal, so for example, I always traveled around the world under my passport and in 2016 and 2017 I was in Greece and Finland, that's why I say that my arrest in Spain in 2017 was clearly connected with the command from above to arrest everyone and they were in a hurry with me. That is, if they had postponed my arrest for 2 or 3 years, I would have definitely gotten into some cryptolocker, there would have been a cryptolocker of the North, then I could have gone to jail for life, so in part I am generally grateful that everything happened this way, because then, when the Spanish justice system pulled me out, now I would not have been able to get out like that, because cryptolockers are already a serious crime, and for some reason it seems to me that I would never have passed by such a profitable topic, so everything, in my opinion, worked out very well.
Q. Why you shouldn't fight extradition to the US?
Let's start with the fact that I want to give advice to everyone who is ever arrested in some 3rd country on a request from the US. There is no point in you spending a dollar on a lawyer in this country where the US government has filed requests. If you were arrested somewhere for crimes in the USA, you will 100% go to the USA, everyone who was caught went to the USA, 99% went, but that 1% that didn’t go, for example, Vinnik, he was arrested together with me in 2017, that is, for 5 and a half years Mr. Vinnik travels from a French prison to a Greek one and in the end he will still go to the USA at the end, that is, this term that he is serving now, it will be good if a kind American judge counts at least a day, because according to American laws, your term begins from the moment when you crossed the US border on a plane with two marshals in handcuffs, therefore, if someone is suddenly arrested somewhere and they say there is a request from the USA in your name for extradition, you need to do it like this: tell the judge right away, yes, I want to go to the USA, I understand that no one decides anything here, I understand that no one will consider my case here. So don't spend a dollar on a lawyer, get a free lawyer and tell him boldly I want to fly to the USA as soon as possible, right now, today I agree, where to sign? This will save you a lot of time and effort in this Papuan country like Spain or some other, where you were just arrested. When you get to the USA in a week, look into the eyes of the judge who will be looking at you and tell the judge: Mr. Judge, a week ago I was arrested on the request that you signed, I have never been arrested before, as soon as I found out that I have a problem in the USA, I immediately agreed to fly here. Yes, I'm here once, yes, I don't have bail, yes, I don't have a connection, but I want to rent an apartment now, here's a check from a lawyer, I've already withdrawn it, I'm ready to hope for a tracking bracelet on my ankle, but I want to remain free, Mister Judge, everything that's happening now is nonsense, I want to study my case with my lawyer and prove in your court that I'm innocent, and after such a speech, no American judge will leave you behind bars, you have to understand this. But if you spent six months or a year somewhere in Africa trying by hook or by crook to avoid this extradition, and then you got to the judge and your lawyer says you should let him go, but why the hell let him go? If he fought this extradition for a whole year, like I did, for example, I did it wrong and I advise everyone: don't fight extradition in the country where the USA arrested you, they know what to do, they've already got everything under control and you'll fly to the USA. You can drag out and delay this process, but it will not help you in any way; you will sit in prison, in this country where you are now.I advise you to agree and fly, and then to the US, yes, in the US you need to hire good lawyers. In the US you need to look through the entire case yourself, understand every line, what every word means, look at similar cases, that's where it will be necessary.
Q. How much was spent on lawyers?
150,000 euros in Spain, which turned out to be useless, and about 150,000 dollars in the USA. It is worth considering that lawyers are cunning, they take payment in parts, then additional services, and so on. I advise everyone who gets into a difficult situation in America to contact me directly on Telegram, Instagram, Twitter. Let it be your wife, let it be your mother, there is no point in hiding when you are arrested, let someone call me and say this is what happened. I will give all my advice, calm people down, I am a military psychologist by accounting specialty, a military man, I know how to work with people. I will advise everything for free, tell you what to do, how to do it. There are a lot of nuances with lawyers, all Russian lawyers in America from Manhattan are Jews, so you need to have a common language with them. A lawyer in America can ask for $2,500 and $250,000 for the same job, that is, 100 times more, just by looking at you, the number of services will not change, exactly the same amount of work will be done on documents, on calls, on everything, it's just that one person looks like $2,500, and another looks like $250,000, it will be the lawyer who decides, that's why no one likes them.
Q. Tell us about your experience in white business. Where did you invest the money you earned illegally?
I invested the money I earned in different businesses, but from what is interesting to tell, I probably had a project that I unsuccessfully called Khottabych, because it is known to a Russian person, but as it turned out, for a foreigner it simply grates on the ear, and for young Russians Khottabych is no longer an authority. The point is that it was a service similar to the Vertu concierge service, that is, it is an application where you can contact with any question: buy a ticket, book anything or just ask how many grams are in a kilogram and a live person will answer you, there is its own monetization system, it was based more on the percentage of services, that is, you do not even pay for this, it is free for the client, it is just a Vertu concierge service that solves all your questions, but you do not need to buy a Vertu, and it is just a free application, but unfortunately, I did not calculate the marketing budget then and in fact the development was done, but not really launched, but this is one of such interesting projects, it could still take off now, you just need to correctly find the audience, it was very vague for me, it seemed to me that everyone needed the application, but in fact it needs to be made for specific groups of people, that is, for example, for tourists of the city. The service solves the problems of a specific group of people, gradually expands, when you have already figured out this group of people, for example tourists, you can do everything for them. And order a car and everything they need, guides for example. then connect the next group of people, and when you say that I can do everything, in fact, it is impossible to advertise.
Besides that, I bought all sorts of things. Real estate, expensive cars, diamonds.
Q. Tell us about your current project sevaradao.ai
I will try to answer as simply as possible. SeveraDAO is a group of people who have united together to create various projects and make a profit. To collect funding and account for the share of each contributor, the SEV token was created. Owning SEV tokens is, in fact, owning a corresponding share of SeveraDAO. SEV tokens are already available for manual purchase, and after April 7, SEV tokens can be freely bought and sold on the open market, like any cryptocurrency. Also, with the help of SEV tokens, if you want, you can take an active part in the management of our DAO, and vote with your tokens on the SeveraDAO forum on all issues and suggestions. All profits received from each of the projects will be distributed proportionally between the holders of SEV tokens. In addition, SeveraDAO is not only a business community. We are a group of professionals, and the constant exchange of knowledge, private topics and profitable ideas and schemes is the basis of our professionalism and leadership. We will share all this on the closed SeveraDAO forum, accessible only to SEV token holders.
At the moment, there will be two projects. These are the SeveraDAO Cybersecurity Company and Deep Learning Trading (trading shares using a neural network). You can learn more about them in the peter_severa Instagram account
This concludes the interview, if you read to the end and you are interested, we would be grateful if you subscribe to the guest's social networks, and also devote at least a minute of your time to his project SeveraDAO.ai
instagram.com/peter_severa/
twitter.com/peter_severa/
And so, on to the questions!
Q. Please tell us what prompted the choice of names for your botnets Storm Worm, Waledac and Kelihos?
Thank you for the question, it's interesting, so the first botnet Storm Worm, this name was invented by journalists, it was a simple spam botnet, that is, all these botnets, Storm Worm, Waledac and Kelihos are essentially the same botnet, for me it just evolved over time. And when I made a major update, that is, refactored the code or changed it entirely, journalists and researchers called it a new name, that's why it's all like one botnet, roughly speaking, evolving over time since 2000. Storm Worm is a spam botnet, I just promoted it myself, that is, I took my bot, wrote a letter, and in this letter I took an existing news story about a storm in the USA, which was there that day, but there were no victims, and I wrote that there were 1000 victims, that is, I greatly exaggerated this event. I wrote a letter saying if you want to know more about the dead, then download my file and journalists naturally based on this letter, since the idea of the letter was about a terrible storm and called this virus Storm Worm. Waledac's name was invented by Kaspersky, Kelihos, I think, is also Kaspersky, maybe I'm wrong. Unfortunately, I can't say what the people who invented this were guided by, there is no sense in the last 2 names for me.
Q. The prosecution claimed that at its peak, the Storm Worm botnet sent 57 million emails per day, Waledac was capable of sending 1.5 billion spam messages, and Kelihos, with the help of 100,000 infected computers, sent 4 billion spam content per day. How true are these claims?
In my best years, it was 2004-2006, in that range, I was responsible for sending half of all spam, that is, of all spam letters in those days, half of all letters were sent using my botnet. At that time, it was Waledac and Kelihos, one replaced the other, since it is essentially the same technology. The capacities were about the same, well, Kelihos sent a little faster, because I improved something there in multithreading, but in fact, this was just during the transition, it was a golden time, in the first years of Kelios, half of all spam was mine, I am not very proud of this, I was punished for this and paid in full, but yes, I am guilty, the trash was mine.
Q. How were the botnets written? Who helped? Whose projects were they besides yours?
The project was always mine, I was alone, I probably wrote 90% of the code myself, of course I hired people, but there were such routine tasks, not very convenient, like for example, I collected Kelihos ftp passwords from all saved clients saved on computers, that is, now no one uses special ftp clients, because any browser can ftp. But then it was necessary to install ftp. There were dozens of different clients and in order to steal a password in this program, you essentially need to download each program, install it, figure out how it stores its data, that is, write something there, save it, find what file, if it encrypts the program somehow, and some of them try to save data from such theft, they encrypt it, write it to databases, you need to figure it all out, find it and extract it. You need to install 30 programs, then conduct research 30 times and write the same code, I outsourced such things, I bought all this in source codes, that is, someone wrote for me, according to my technical specifications, I accepted every line of code. In fact, I was the only leading developer and the only owner.
Q. How much did it cost to write your botnet at that time? How long did it take?
Since I wrote it myself, I can't say about the money. In terms of time, this process was also very drawn out, because initially I just had a socks bot that simply opened socks on the computer, well, and knocked on the server that it was alive, and the server itself was already sending out spam and connecting to these socks and sending spam, and then at some point it clicked in my head, why am I doing everything on the server when I have a bunch of clients and they only essentially open a port for me, and I need the client to come to the server himself, take the task for sending and generate all the spam letters himself and send them. As soon as I realized this, I think I rewrote everything in 3 days, it was already a socks botnet before, and now it has become a mail botnet, the sending speed has increased 100 times. Probably because I used to use only those computers that had an external API and there was no firewall, that is, you could connect to this socks from the server and send a letter, and this is essentially no more than 10% of all computers, and when I switched to this approach, that the client knocks on the server, takes the task and sends it, already 99% of all computers began to send my spam, not always an inbox of course, because some IPs are in such networks from which you can’t send an inbox, but the speed increased significantly.
Q. What was your knowledge of programming languages at the time of writing botnets?
I started learning computer language back in school, accordingly, in Turbo Pascal. In my opinion, I wrote the botnet when I already had a pretty solid knowledge of C++. Well, it's hard to say, I think it wasn't junior, but somewhere around post-junior, and then I tried to study myself, that is, I just slowly read, looked at other people's code. I think that any junior can start writing his own botnet. The thing is that as long as you don't start infecting other people's computers with your bot without permission, it's not even criminal, that is, you can develop a botnet entirely, have it on your computer, if you get caught and find it, it's still legal, that is, until you infect at least one person with this botnet and don't ask for their permission, you haven't committed a crime, so I think that any junior can take and try to write his own botnet for the purposes of study. Although, of course, a senior will do better.
Q. How did you get interested in programming languages? What motivated you?
I was born in 1980, I got my first computer quite late, by today's standards, I was 11 or 12, it was an IBM 8088, and I was probably the first in my class who at least had such a computer, so the time was a little different, but even then, when it first appeared, it was interesting, I remember studying books on assembler. At school, probably, then we learned programming, this was the 6th or 7th grade, that is, it turns out, I was already 13 or 14 years old and only then did I start getting interested, but most likely thanks to the computer science teacher, that is, at home I still played on the computer more than did anything, and the computer science teacher showed that you can do more than play. Her name was Evgeniya Andreyevna, and she was not such a strong programmer, but she was able to captivate me and then Turbo Pascal seemed interesting, that is, I made some presentations and I remember some game, a parody of tanks, then all this appeared terribly late by today's standards, now, it seems to me, you need to start learning the first programming languages from about 4 or 5 years old. Python for children or something like that.
Q. How did you become a spammer?
Good question. I was 19 years old, I got my first job as a system administrator, and there they used an ICQ box for communication, there was a messenger called ICQ. And everyone in the company where I worked had this messenger and I just wanted a short number, everyone there had shorter ones. It was called a six-digit number, it was fashionable then, and I had already registered a seven-digit or eight-digit number. I realized that ICQ sends a password to restore the six-digit number to the email that was specified during registration, at first I manually went through the beautiful numbers on the ICQ website and looked at which email, because some emails are released after 3 months of inactivity of the owner, that is, I looked for emails that were released in order to register them and request a password from ICQ, restore and receive a six-digit number manually. I quickly got tired of it, I already knew how to do something and wrote a simple script, which simply went forward in the range from 100000 + 1, requested the server even in single-threaded mode, I think, there was simply no delay, requested the ICQ server for each ID and saved the email. I launched it, went to bed, and when I woke up, I got a base of 30 or 40 million email addresses, because I simply did not set the limit. In fact, I only needed it from 100000 to 1000000 numbers, and I simply launched the cycle from 100000 and went to bed, but I thought that it would not even get to a million in that time, but it went through the entire base, I got this base of emails, live ICQ users. And they noticed, a week later my script couldn't work like that, I should have added socks, but I wasn't interested in that anymore, I downloaded the entire database, and when I became the owner of such an email database, I just saw a billboard on the street that said: "Your ad could be here", it all just dawned on me, and then I just started thinking about how I could send my own ad to these emails.
Q. Why are you called the Spam King?
This is a passing title. The spammer who is currently arrested, if he is too big, becomes the king of spam for that time, so I am not the only king of spam, I think that a dozen people called me the king of spam, but maybe I deserved it, again for the volume, that is, the researchers simply saw that half of the world's spam was mine. I was the biggest player, without a doubt. Moreover, I probably outpaced the next one by 10 times, so I think I rightfully deserved the title of king of spam, but again, those were the best years, 2004-2006, because then the financial crisis began and then spam was not so profitable. Volumes were falling, and my main topic on spam did not give such profits. The so-called Pump&Dump, that is, pumping and dumping in Russian, manipulation of shares. Severadao.ai just inherits my experience gained in those years. Then we bought a share of a cheap company, I spammed it to generate interest, the price grew. At the top, we sold. The price fell and accordingly we received super profits. Hundreds of percent per day. American partners came to me with this scheme, that is, I was a spammer, and they negotiated with companies and all that sort of thing.
That's all for today, 04.04, in the second part of the interview, which will be aired on the second channel, we will talk about the first carding conference in Odessa, arrest, courts, lawyers and their cost. We will analyze the mistakes that led to imprisonment and white business, as well as much more. But for now, if you read to the end and you are interested, we will be grateful if you subscribe to the guest's social networks, and also devote at least a minute of your time to his project SeveraDAO.ai
Continuation of the interview with Peter Severa Levashov
Q. Tell us about the first carding conference. Who was there and how did it happen?
By 2002, I was a moderator of the Spam section on the first carding forum carderplanet.com, which was led by the legendary Script, Dmitry Golubov. I myself did not deal with credit cards, but only carried out mass mailings by email on request, for the needs of forum participants. And I answered all the questions that the forum members had about spam. At the beginning of the year, a decision was made to meet together in Odessa, the birthplace of Script, and hold the First International Carding Conference in late May - early June 2002. Looking ahead, I will say that both that conference were the first and the last. The NY Times later wrote about it, which caused a great international resonance, and called into question the very existence of the forum. At that time, as one of the forum moderators, I had the title of Don and was also invited. I weighed all the pros and cons. For privacy, Script promised to ban any video and photo shooting by participants, except for official ones. Besides that, I was only involved in spam, and back then it wasn't that illegal in Russia. And new connections and acquaintances meant new clients. I was only 22 years old, and I decided to go. Probably in vain. Because in 2018, in the US, they gave me several photos from that event in my case materials. Photos that Script never gave me many years ago. My face was outlined several times, in different colors. The photos were leaked to the US not even once, but several times, by various would-be carders who were caught by American justice over the years. As for the event itself, everything was organized at the highest level. I flew from St. Petersburg to Odessa via Moscow. As it turned out, there were 4 more participants from different cities flying with me on the same plane from Moscow, but we didn't know each other by sight then. In Odessa, a limousine met us all at the airport, and that's where we met. We were taken to a holiday home by the sea. There were already about 15 other participants there, and we were among the last to arrive. Then we went to the event itself, to an elite restaurant/nightclub in the center of Odessa, on Deribasovskaya Street, which belonged to one of the active participants of the party with the nickname Borman. The second floor was completely closed for our party. I have never seen so much black caviar on one table in my life. The choice of drinks seemed unusual. There was only whiskey, like in gangster films, three types - Jack Daniels, Jim Beam and something else. And most of them made long drinks with Coca-Cola and ice. Deals for fabulous amounts for me - hundreds of thousands of dollars - were concluded right at the table. "With a code, without a code" - this is about the cvv code of the credit card, "by 3, by 4" for some reason I remember these price numbers, maybe wholesale prices for cards in those years? I had nothing special to do, I did not deal with cards. I walked around in circles, making sure that everyone at the table knew that I was Peter Severa and that the spam was for me. I remember looking around the table and being amazed that almost no one had touched the nearest huge dish of caviar and eggs, and there were three of them all over the table. “You carders don’t know how to snack,” I said,and to the laughter of his neighbors he moved the whole dish closer to himself. Then there was a lot of communication, I remember Borman bragging about his new anti-abuse hosting in Iran. Like, he sent a live person there, he sits at the servers with a gun, and no one will ever turn them off. As it turned out later, they turn them off for my spam. Apparently, people come with heavy weapons. Or they just turn off the uplink. I also remember two interesting guys who were just flying with me from Moscow. Also not exactly carders, like me. Their topic at that time was “virtual” cars on the Ebay auction. Both had perfect English, as well as Russian. The guys could also speak with accents from different states. They put photos of cars up for sale on Ebay, and then talked buyers into transferring an advance payment or sending a check, and managed to withdraw the money before the buyer woke up. They said that you have to constantly hang on the phone with the buyer, drag out the time, like: “yes, I’m already on my way to you, I’ll turn into your city now, wait, don’t call the police.” And in the meantime, the money is being withdrawn. As I understood, there was a lot of money, hundreds of thousands of dollars a month. The guys were good, they laughed at jokes and didn’t show off. I remember Script himself, also a young guy, younger than me. I vaguely remember Boa, I wonder if he remembers me? In a word, I had a good trip. And personal contacts allowed me to get a lot of warm reviews and regular customers for email newsletters. I just had to loudly refuse at those moments when everyone was invited to take pictures, jokingly, getting another wave of laughter and positive emotions. And, perhaps, in 2017, not end up in a prison cell in Spain, but go home. The Odessans themselves were very memorable for their warmth.And personal contacts allowed to get a lot of warm reviews and regular customers for email newsletters. It was necessary to simply refuse loudly at those moments when everyone was invited to take pictures, jokingly, to receive another wave of laughter and positive emotions.
severa and pav01
year 2001
Q. Tell us a little about the arrest.
I was arrested on 04/07/2017, I came there with my family for literally a couple of weeks to relax in Barcelona, Catalonia is not even exactly Spain, it is an independent province, but there was a request from the USA for extradition. At 5 am, machine gunners broke down my door, put me on the floor, found a knife with me and left, and then the police just took me to prison and that was it. I fought extradition for 11 months, my family flew home, and I stayed. And then, in February I was extradited to the United States as a result. There is a lot that can be said about the arrest. There was a lot that was illegal in Spain according to Spanish laws. The fact that the Spanish court extradited me to the United States is a violation of all laws, because I was connected with the political life of Russia. That is, I collected signatures for various deputies when I was still a student and then coordinated this activity not for United Russia, but for various parties. It was more of a commercial collection of signatures, but at a certain point I had up to 100 people in the team who collected these signatures. That is, this is clearly political activity, I proved it in the Spanish court, that here are all the estimates, here are my photographs, how I organize it all. That is, there was no doubt that I was participating in political activity, and therefore I cannot be extradited to America. This is the law of Spain, it did not affect it in any way. I am also a reserve officer, that is, I came to the military department at the institute. I got a military specialty at the Polytechnic and I have a secret military registration specialty, that is, I signed all sorts of notebooks there, sealed with seals and I have secret information. A missileman, albeit a reserve of the Russian Federation, and this is also point 2, why I cannot be extradited to the USA from Spain, that is, in Spain, all possible laws were violated. During the arrest, there were a bunch of violations, for which Spanish lawyers told me that mafia bosses are released in Spain. When I was simply not allowed my lawyer, who I already had at that time, and just a Spanish judge, who is entirely associated with America, she has her own business in America, that is, Spanish judges are not allowed to have a business in Spain, but they can in America and this particular judge studied in America for 10 years and she has her own business in America. She is a businesswoman in America, but in Spain she is a judge and all the hacker cases that were conducted in Spain, for example the case of Lisov Stanislav and 5 or 6 other people there that year, when there were Trump elections in 2016, and this is 2017. Democrats tried to find any way to find a pretext and justify how Trump became an illegal president. Apparently there was an order from the FBI to arrest everyone we know, but when I got there with a frankly weak case, that is, why I managed to get out so well, in fact, it was good because they simply were not ready and said arrest whoever you can. Well, I see it that way, as I was arrested, many more people.
Q. How did you manage to serve so little time? Did you rat out your accomplices?
I served 33 months and 3 days, which is certainly not much in terms of what you can eat for the rest of your life, but it's almost 3 years, and I can tell you that for me it was a lot. In America, the judge decides who is punished enough and who is not, my case is public, you can take it all apart, naturally, I didn't rat out anyone, and there was no one to rat out, that is, I wrote the software myself, everyone else was just some kind of toad id. I met with several people from real life, with whom I worked closely, they are all free, for example, they don't accuse me of anything, and the one who writes there ratted out someone, well, tell me! Who did he rat out? 5 years have already passed, in America there is a statute of limitations for any crime, 5 years for almost all crimes. That is, of course, there are crimes where there is no statute of limitations, but everything related to computers, all economic crimes, all this is almost 5 years in America, that is, I was arrested in 2017, if I turned someone in, now 5 years have passed since the arrest. The information that I had has lost its value. That is, to build a case on it, but, firstly, they did not receive it, they were never able to decrypt my computer, they took the laptop, but they could not decrypt it. Can anyone think that suddenly I pointed a finger at someone during interrogations? I did not turn anyone in during drop interrogations, that is, you can not just say, but Vasya is bad, without providing any evidence, and I did not have any. It would not work.
Q. Why did you go to jail? What mistakes were made?
I didn't hide that much, so, for example, the last name Petr Levashov was visible at Spamhouse for a long time, when I even bought a domain there in my name. In 2000, they could have written my last name down somewhere in their database, well, another thing is that they had no patronymic, no address, no phone number, all the other information was fake, and there are, I think, 10 or so Petrov Levashovs in St. Petersburg alone, that is, quite a lot. In Russia, there are hundreds or even thousands of them, so I don't think they knew my real name, they just knew what kind of name it was. There was a mistake when my IP was shown in WebMoney, that is, I always used VPN, but at some specific moment it fell off, and the killswitch for some reason did not work and the IP was shown once, I noticed it on the same day, but I was just too lazy to change the wallet. I had a promoted WebMoney ID, I had a good reputation there. Another mistake, it seems to you that what you are doing is not so criminal, so for example, I always traveled around the world under my passport and in 2016 and 2017 I was in Greece and Finland, that's why I say that my arrest in Spain in 2017 was clearly connected with the command from above to arrest everyone and they were in a hurry with me. That is, if they had postponed my arrest for 2 or 3 years, I would have definitely gotten into some cryptolocker, there would have been a cryptolocker of the North, then I could have gone to jail for life, so in part I am generally grateful that everything happened this way, because then, when the Spanish justice system pulled me out, now I would not have been able to get out like that, because cryptolockers are already a serious crime, and for some reason it seems to me that I would never have passed by such a profitable topic, so everything, in my opinion, worked out very well.
Q. Why you shouldn't fight extradition to the US?
Let's start with the fact that I want to give advice to everyone who is ever arrested in some 3rd country on a request from the US. There is no point in you spending a dollar on a lawyer in this country where the US government has filed requests. If you were arrested somewhere for crimes in the USA, you will 100% go to the USA, everyone who was caught went to the USA, 99% went, but that 1% that didn’t go, for example, Vinnik, he was arrested together with me in 2017, that is, for 5 and a half years Mr. Vinnik travels from a French prison to a Greek one and in the end he will still go to the USA at the end, that is, this term that he is serving now, it will be good if a kind American judge counts at least a day, because according to American laws, your term begins from the moment when you crossed the US border on a plane with two marshals in handcuffs, therefore, if someone is suddenly arrested somewhere and they say there is a request from the USA in your name for extradition, you need to do it like this: tell the judge right away, yes, I want to go to the USA, I understand that no one decides anything here, I understand that no one will consider my case here. So don't spend a dollar on a lawyer, get a free lawyer and tell him boldly I want to fly to the USA as soon as possible, right now, today I agree, where to sign? This will save you a lot of time and effort in this Papuan country like Spain or some other, where you were just arrested. When you get to the USA in a week, look into the eyes of the judge who will be looking at you and tell the judge: Mr. Judge, a week ago I was arrested on the request that you signed, I have never been arrested before, as soon as I found out that I have a problem in the USA, I immediately agreed to fly here. Yes, I'm here once, yes, I don't have bail, yes, I don't have a connection, but I want to rent an apartment now, here's a check from a lawyer, I've already withdrawn it, I'm ready to hope for a tracking bracelet on my ankle, but I want to remain free, Mister Judge, everything that's happening now is nonsense, I want to study my case with my lawyer and prove in your court that I'm innocent, and after such a speech, no American judge will leave you behind bars, you have to understand this. But if you spent six months or a year somewhere in Africa trying by hook or by crook to avoid this extradition, and then you got to the judge and your lawyer says you should let him go, but why the hell let him go? If he fought this extradition for a whole year, like I did, for example, I did it wrong and I advise everyone: don't fight extradition in the country where the USA arrested you, they know what to do, they've already got everything under control and you'll fly to the USA. You can drag out and delay this process, but it will not help you in any way; you will sit in prison, in this country where you are now.I advise you to agree and fly, and then to the US, yes, in the US you need to hire good lawyers. In the US you need to look through the entire case yourself, understand every line, what every word means, look at similar cases, that's where it will be necessary.
Q. How much was spent on lawyers?
150,000 euros in Spain, which turned out to be useless, and about 150,000 dollars in the USA. It is worth considering that lawyers are cunning, they take payment in parts, then additional services, and so on. I advise everyone who gets into a difficult situation in America to contact me directly on Telegram, Instagram, Twitter. Let it be your wife, let it be your mother, there is no point in hiding when you are arrested, let someone call me and say this is what happened. I will give all my advice, calm people down, I am a military psychologist by accounting specialty, a military man, I know how to work with people. I will advise everything for free, tell you what to do, how to do it. There are a lot of nuances with lawyers, all Russian lawyers in America from Manhattan are Jews, so you need to have a common language with them. A lawyer in America can ask for $2,500 and $250,000 for the same job, that is, 100 times more, just by looking at you, the number of services will not change, exactly the same amount of work will be done on documents, on calls, on everything, it's just that one person looks like $2,500, and another looks like $250,000, it will be the lawyer who decides, that's why no one likes them.
Q. Tell us about your experience in white business. Where did you invest the money you earned illegally?
I invested the money I earned in different businesses, but from what is interesting to tell, I probably had a project that I unsuccessfully called Khottabych, because it is known to a Russian person, but as it turned out, for a foreigner it simply grates on the ear, and for young Russians Khottabych is no longer an authority. The point is that it was a service similar to the Vertu concierge service, that is, it is an application where you can contact with any question: buy a ticket, book anything or just ask how many grams are in a kilogram and a live person will answer you, there is its own monetization system, it was based more on the percentage of services, that is, you do not even pay for this, it is free for the client, it is just a Vertu concierge service that solves all your questions, but you do not need to buy a Vertu, and it is just a free application, but unfortunately, I did not calculate the marketing budget then and in fact the development was done, but not really launched, but this is one of such interesting projects, it could still take off now, you just need to correctly find the audience, it was very vague for me, it seemed to me that everyone needed the application, but in fact it needs to be made for specific groups of people, that is, for example, for tourists of the city. The service solves the problems of a specific group of people, gradually expands, when you have already figured out this group of people, for example tourists, you can do everything for them. And order a car and everything they need, guides for example. then connect the next group of people, and when you say that I can do everything, in fact, it is impossible to advertise.
Besides that, I bought all sorts of things. Real estate, expensive cars, diamonds.
Q. Tell us about your current project sevaradao.ai
I will try to answer as simply as possible. SeveraDAO is a group of people who have united together to create various projects and make a profit. To collect funding and account for the share of each contributor, the SEV token was created. Owning SEV tokens is, in fact, owning a corresponding share of SeveraDAO. SEV tokens are already available for manual purchase, and after April 7, SEV tokens can be freely bought and sold on the open market, like any cryptocurrency. Also, with the help of SEV tokens, if you want, you can take an active part in the management of our DAO, and vote with your tokens on the SeveraDAO forum on all issues and suggestions. All profits received from each of the projects will be distributed proportionally between the holders of SEV tokens. In addition, SeveraDAO is not only a business community. We are a group of professionals, and the constant exchange of knowledge, private topics and profitable ideas and schemes is the basis of our professionalism and leadership. We will share all this on the closed SeveraDAO forum, accessible only to SEV token holders.
At the moment, there will be two projects. These are the SeveraDAO Cybersecurity Company and Deep Learning Trading (trading shares using a neural network). You can learn more about them in the peter_severa Instagram account
This concludes the interview, if you read to the end and you are interested, we would be grateful if you subscribe to the guest's social networks, and also devote at least a minute of your time to his project SeveraDAO.ai
instagram.com/peter_severa/
twitter.com/peter_severa/
