Collaborating Authors

Feds indict hacker over LinkedIn, Dropbox attacks


The US justice system has indicted a Russian citizen for allegedly performing cyberattacks against LinkedIn, Dropbox and Formspring. Unsealed on Friday, the indictment, issued by a federal grand jury in Oakland, California, alleges that Yevgeniy Aleksandrovich Nikulin of Moscow, Russia, is responsible for a series of attacks on the professional networking service LinkedIn and cloud storage provider Dropbox. Nikulin also apparently targeted Formspring, a social networking service now known as LinkedIn was the target of a 2012 data breach leading to the theft of data from over 160 million accounts, and while the US has only released limited details on what police claim are Nikulin's crimes, law enforcement says that the Russian citizen used malware to compromise a LinkedIn employee's PC and steal access credentials. Following on from this attack, Nikulin allegedly turned his attention to Dropbox.

Russian accused of massive hacking extradited to U.S., pleads guilty

The Japan Times

PRAGUE/NEW YORK – A Russian on Friday pleaded not guilty to charges he hacked three U.S. technology companies, potentially compromising personal details of more than 100 million users, after being extradited from the Czech Republic. Yevgeniy Nikulin, 30, of Moscow, entered his plea in the U.S. District Court in San Francisco, after having fought his extradition following his 2016 arrest in Prague. His case had turned into a battle over whether he should be sent to the U.S. or Russia, where a Moscow court in November 2016 issued an arrest warrant for his alleged theft seven years earlier of $3,450 via a site called Webmoney. The U.S. Department of Justice accused Nikulin of illegally accessing computers belonging to the U.S.-based social media firms LinkedIn, Dropbox and Formspring in 2012, including by using the credentials of LinkedIn and Formspring employees. LinkedIn, now owned by Microsoft Corp. has said the case was related to a breach that might have compromised information of at least 100 million users.

Alleged hacker behind LinkedIn breach at centre of US-Russia legal tussle

The Guardian

An alleged computer hacker being held in the Czech Republic is at the centre of an international legal tussle between the United States and Russia amid lingering disquiet over Moscow's alleged interference in the recent US presidential election. Yevgeniy Nikulin, 29, faces extradition requests from both countries after being detained by Czech police on an Interpol arrest warrant issued by US authorities. Nikulin, a Russian citizen, was arrested in a restaurant in Prague on 5 October shortly after arriving in the city during a holiday with his girlfriend. A federal court in Oakland, California, followed up with an indictment charging him with offences relating to the hacking of computer networks belonging to LinkedIn, Dropbox and Formspring and formally requesting his extradition to the US. He faces a maximum 30 years in prison and up to US$1m in fines if convicted on charges including computer intrusion, aggravated identity theft, conspiracy, damaging computers and trafficking in illegal access devices.

Russian man charged with hacking LinkedIn and other tech firms

The Guardian

A Russian man has been charged with hacking and stealing information from computers at LinkedIn and other San Francisco Bay Area companies. The US attorney's office in San Francisco announced Friday that a grand jury indicted 29-year-old Yevgeniy Aleksandrovich Nikulin, of Moscow, Russia, a day earlier on charges including computer intrusion and aggravated identity theft. Prosecutors say Nikulin used a LinkedIn employee's credentials to access the company's computers in 2012. Nikulin is also accused of hacking two other companies, Dropbox and Formspring, and conspiring to sell stolen user names, passwords and email addresses of Formspring customers. He was arrested on 5 October by officials in the Czech Republic and remains there, according to prosecutors.

US court finds Russian national guilty of hacking LinkedIn, Dropbox


A San Francisco jury has found Russian national Yevgeniy Nikulin guilty of one of the biggest data breaches in US history. Nikulin has been convicted of hacking LinkedIn and Dropbox back in 2012, which resulted in the theft of 117 million usernames and passwords that he tried to sell to other people on Russian--language forums. He was also found guilty of trafficking Formspring data. The massive breach served as a catalyst for Dropbox to roll out two-factor authentication and an automated feature that checks on suspicious activity. Nikulin was arrested in the Czech Republic and charged with nine felony counts back in 2016.