Euro Security Watch with Mathew J. Schwartz

Anti-Phishing, DMARC , Email Threat Protection , Fraud Management & Cybercrime

The US Presidential Election Hacker Who Wasn't

From Russia Today, With Apparent Propaganda
The US Presidential Election Hacker Who Wasn't

"Russian arrested in Spain 'over U.S. election hacking.'"

See Also: The Cybersecurity Swiss Army Knife for Info Guardians: ISO/IEC 27001

So read the original headline on an online BBC story published April 10, reporting on the April 7 arrest of Russian national Pyotr Levashov, 36, in the Spanish city of Barcelona.

But the supposed election-hacking connection appears to have been sourced solely from a Russian government propaganda arm: RT, formerly known as Russia Today.

To recap, last year the U.S. intelligence community released an unclassified version of a joint intelligence report that was ordered by President Obama, following the 2016 U.S. presidential election. The report says that Russian President Vladimir Putin had personally authorized a disinformation campaign designed to bolster Republican candidate Donald Trump's chances by discrediting Democratic presidential candidate Hillary Clinton (see Trump Confirms Russian Hacking Campaign, Aide Says).

In fact, the report calls out RT as being a part of "Russia's state-run propaganda machine" - together with whistleblowing website WikiLeaks - as well as having "contributed to the influence campaign by serving as a platform for Kremlin messaging to Russian and international audiences," including in the recent U.S. elections.

Accordingly, anything that RT claims - especially when it comes to American elections - should be treated at best with strong suspicion.

Single Source: RT

The RT report, however, fails to pass even a basic sniff test.

Levashov's wife, named as Maria Levashova, allegedly told RT that while on vacation in Spain with her husband and son, armed police stormed their rental accommodations at night, and detained her and a friend for at least several hours while they questioned her husband, before incarcerating him. That much would seem to ring true.

But Levashova allegedly also relayed a phone conversation to RT that she had with her husband following his arrest, saying that he told her that the charges against him related to malware that he had allegedly helped create, which was "linked to Trump's election win."

The gold standard for journalists is to obtain two or three sources for any claim. But in my reporting, I was not only unable to confirm the RT report, but received strong indications that the arrest had nothing whatsoever to do with any such national security concerns.

Sensationalizing Alleged Hacker's Arrest

The BBC was far from the only news outlet worldwide to suggest that Levashov's arrest related to the Russian government's attempt to meddle in U.S. affairs, based on specious evidence.

Other headlines - all extant as of April 11 - also highlighted that assertion:

  • "Media reports link alleged Russian hacker held in Spain to 'Trump's election win'" (Associated Press)
  • "Wife: Arrested alleged Russian hacker 'linked to Trump's election win'" (ABC)
  • "Spanish police arrest Russian programmer 'accused of hacking US election'" (the U.K.'s Telegraph newspaper)
  • "Russian computer programmer arrested in Spain over U.S. election hacking" (India Live)
  • "Spanish police detain Russian national wanted in U.S. for alleged cyber-espionage" (China's state-owned Xinhua agency)

After many of those reports first ran on April 10, citing RT, late in the day the Justice Department issued a statement, saying that the arrest relates to a criminal complaint. Specifically, Levashov has been accused - not for the first time - of masterminding massive spam and ransomware campaigns launched by the Kelihos botnet that he allegedly controlled, including assisting in pump-and-dump stock schemes that defrauded Americans. The Justice Department also said the arrest of Levashov - aka Petr Levashov, Peter Severa, Petr Severa and Sergey Astakhov - has nothing to do with national security.

Some, but not all, media outlets subsequently revised their stories.

Still extant in the BBC's story, however, is the alleged U.S. presidential hacking claim, as told by "Levashov's wife Maria [to] Russian broadcaster RT," in the BBC's words.

Propaganda Alert

One unanswered question is why RT might attempt to disseminate this apparently incorrect connection.

Here's the obvious, potential explanation: To sow doubt and confusion.

In late 2016, the New York Times reported that the U.S. government agency known as the Open Source Enterprise, which collects open-source material for use by other agencies, had warned those agencies that RT had attempted to sow doubt over the integrity of democratic systems in the United States during the 2012 presidential elections (see Russian Interference: Anatomy of a Propaganda Campaign).

Thomas Rid, a professor of war studies at King's College London, has called this type of influence operation "a Soviet invention designed to amplify an adversary's internal political divisions."

In a 2015 speech in Berlin to the Atlantic Council think tank, the U.S. Ambassador to Germany, John B. Emerson, warned that the Russian government was an expert at running these types of propaganda campaigns. Its favored tactic, he said, is the so-called 4D campaign: dismiss, distort, distract and dismay.

To further such efforts, he also noted that the Kremlin runs a $400 million media operation that covers 100 countries, and which includes RT.

Where the alleged Levashov and U.S. election meddling claim is concerned, score one for Russian propaganda?

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.