Tech

Tony Soprano of Cybercrime Snitches on Russian Hacker

TURNCOAT

The man who allegedly orchestrated the JP Morgan hack is cooperating with the U.S. against the man accused of running one of the most notorious botnets ever.

180228-poulsen-gery-shalon-hero_rve2tn
Photo Illustration by The Daily Beast/REUTERS/Amir Cohen

Accused Russian hacker Peter Levashov is losing his defense attorney following the discovery that the same lawyer was simultaneously representing a cybercrime ringleader who informed on Levashov in a plea deal.

The bizarre twist connects for the first time two of the U.S. government’s biggest cybercrime catches: Levashov, who was extradited from Spain this month on U.S. charges that he ran the massive Kelihos botnet, and Gery Shalon, a Russian-born Israeli businessman who allegedly orchestrated the 2014 hack of JP Morgan Chase.

Shalon is now cooperating with prosecutors in a bid for leniency. He provided incriminating information on Levashov and is a potential witness against the hacker. And until two weeks ago, both men had the same attorney.

ADVERTISEMENT

New York lawyer Igor Litvak dropped from Shalon’s case on February 16, and he told  Levashov’s judge that his active work for Shalon was confined to a single month in the fall of 2016, after which Shalon stopped talking to him. But the conflict of interest remains, wrote Magistrate Judge Holly Fitzsimmons, in a 30-page proposed ruling on Tuesday. Referring to Shalon as “Client #1,” to protect his identity, the judge wrote that Litvak could not ethically represent Levashov’s interests after receiving private documents and holding privileged attorney-client conversations with Shalon.

“Attorney Litvak remained a counsel of record for Client #1 until after he undertook defendant Levashov’s representation,” wrote Fitzsimmons. “He was still counsel of record when, according to the Assistant U.S. Attorney, Client #1 met with prosecutors in another district, entered into a cooperation agreement, and provided incriminating information about now defendant Levashov, although Attorney Litvak has represented that he was unaware of those actions.”

The written opinion does not use Shalon’s name, but provides detailed information about appearances and court filings that leave no doubt that “Client #1” is Shalon, including a direct quote from Litvak’s motion to withdraw from the Shalon case.

Litvak has two weeks to challenge the proposed ruling. He did not respond to inquiries for this story.

A native of St. Petersburg, Russia, Levashov was wanted in the U.S. on various hacking and spamming charges for nearly a decade before he was arrested on a trip to Barcelona in April 2017 on U.S. computer hacking charges.  After losing a lengthy extradition battle, Levashov arrived in federal court in New Haven, Connecticut early this month to face new charges that he created and operated the notorious Kelihos botnet, a network of 100,000 hacked Windows machines that was leased out to cyber criminals to distribute spam, phishing emails and ransomware.

His lawyer, Litvak, is one of a pair of Russian-speaking New York attorneys who’ve become the go-to counsel for Russian nationals charged with hacking. Litvak’s client list includes Roman Seleznev, the son of a Russian lawmaker who was sentenced to 27 years for a large-scale credit card hacking operation and Dmitriy Smilianets, who helped sell ATM and credit card data stolen from targets like, Hannaford, 7-Eleven, and Heartland Payment Systems.

Litvak frequently works beside a second lawyer named Arkady Bukh, and at one point he was part of Bukh’s small law firm. Both men were attorneys-of-record for Gery Shalon, and Bukh remains on Shalon’s case, though a third lawyer, Michael Soshnick, has now taken the lead. (Soshnick did not immediately return a phone call from the Daily Beast on Wednesday.)

Shalon and some of his associates are charged in federal court in Manhattan with running a vast cybercrime empire with hundreds of employees and a vast international infrastructure.  Shalon’s business interests allegedly included 12 online casinos, two payment processing companies that catered to black market pharmaceutical and malware sales, and the shady BitCoin exchange Coin.mx.  Between 2007 and 2015, his enterprises allegedly earned hundreds of millions of dollars, all laundered through a network of 75 shell corporations and stashed in banks in Cyprus, Latvia, Georgia and Switzerland.

Shalon’s biggest cash cow was allegedly a pump-and-dump operation in which he’d buy penny stocks then boost them in an aggressive spam campaign. To get email addresses for the campaigns Shalon allegedly had three hackers penetrate financial firms and steal customer data. The largest such breach was the 2014 JP Morgan Chase hack that compromised information on 76 million households and 7 million small businesses.

Shalon and some of his allegedly co-conspirators were extradited to the U.S. from Israel in June 2016. Court filings over the last year have largely been under seal.

The exact nature of Shalon’s association with Levashov is unclear. Shalon’s indictment says three hackers worked for him to penetrate financial sites and other targets—two are named, one remains a secret, leaving the possibility that Levashov is the third hacker. It’s also possible that Shalon commissioned Levashov to distribute his pump-and-dump spam through Kelihos

What’s certain is that Shalon began providing information on Levashov early in his plea negotiations during a “proffer” with the government—a debriefing in which a defendant lays out what they have to offer. (Litvak was not at the proffer sessions, according to Monday’s findings; his co-counsel Bukh was present.)

Levashov’s first choice was Bukh, who declined the case because of the conflict of interest.  And despite the legal controversy, Levashov’s wants desperately to stick with Litvak, in part because he wants his case to proceed after already spending eight months in a Spanish jail.

"In volunteered statements and in response to the Court’s questions, defendant Levashov has repeatedly emphasized that he REALLY wants Attorney Litvak to represent him, and he therefore wishes to waive any conflict and give up any future claim for ineffective assistance of counsel, should he be convicted,” the magistrate wrote.

Shalon, though, has refused such a waiver, and the prospect that he might one day testify against Levashov, and even face cross examination by his own former lawyer, weighs heavily against Levashov’s request, the magistrate wrote. “Indeed, Client #1’s refusal to agree raises the specter of ‘betrayal’ and fundamental unfairness that inevitably arises when an attorney must cross-examine or otherwise attack a former client.”