United States v. Levashov
3:17-cv-00074
D. AlaskaApr 5, 2017Background
- The United States filed an ex parte complaint seeking injunctive relief under 18 U.S.C. §§ 1345 and 2521, alleging Levashov operated the Kelihos botnet and committed wire fraud and unauthorized interception of electronic communications.
- The government presented evidence that Levashov intentionally infected hundreds of thousands of computers with Kelihos malware to steal credentials, install additional malware (ransomware, banking Trojans), and send fraudulent spam (counterfeit drugs, pump-and-dump, job scams).
- The government sought and the court found good cause for emergency, sealed, ex parte relief because advance notice would allow Levashov to relocate servers, alter malware, or evade disruption.
- The court temporarily restrained Levashov and associates from operating Kelihos, using malicious code to commit wire fraud, or intercepting communications on computers not owned by him.
- The court authorized the government to deploy substitute servers and infrastructure to replace the defendant’s command-and-control, and to collect DRAS (dialing, routing, addressing, signaling) information from infected machines while preventing collection of electronic content.
- The court ordered immediate redirection and lock/prevention-of-transfer of the domains gorodkoff.com, goloduha.info, and combach.com to FBI-designated name servers and set an April 12, 2017 hearing for a preliminary injunction; service would be effected in Spain and by publication as needed.
Issues
| Issue | Plaintiff's Argument | Levashov's Argument | Held |
|---|---|---|---|
| Jurisdiction & right to injunctive relief | Federal courts have jurisdiction; complaint states claims under §§1345 and 2521 | Not presented in the record | Court found jurisdiction and that complaint states a claim |
| Likelihood of success on the merits (malware, wire fraud, interception) | Evidence shows intentional infection, credential theft, spam propagation, installation of other malware, and interception of communications — likely to prevail | Not presented in the record | Court found good cause to believe government is likely to prevail |
| Ex parte relief / notice waiver | Advance notice would allow defendant to move/alter infrastructure and defeat relief; exigent circumstances justify no prior notice under Fed. R. Civ. P. 65(b) | No defense argument recorded regarding notice | Court granted ex parte relief and relieved government of prior-notice requirement |
| Scope of emergency relief (server substitution, domain redirection, DRAS collection) | Temporary control of command-and-control via substitute servers, redirection/lock of specified domains, and limited DRAS collection (no content) necessary to halt ongoing harm | Not presented in the record | Court authorized substitute servers, domain redirection/lock, and DRAS collection limited to non-content data |
Key Cases Cited
No reported cases are cited in the opinion.