[BreachExchange] Russian Found Guilty of Hacking LinkedIn, Formspring, Dropbox

Destry Winant destry at riskbasedsecurity.com
Tue Jul 14 10:08:21 EDT 2020


https://www.securityweek.com/russian-found-guilty-hacking-linkedin-formspring-dropbox

A Russian national accused of hacking into online platforms LinkedIn,
Formspring, and Dropbox was found guilty by a United States jury last
week.

The man, Yevgeniy Aleksandrovich Nikulin, 32, was arrested in 2016 in
the Czech Republic, and remained incarcerated there for two years,
before being extradited to the U.S.

In 2016, U.S. authorities charged Nikulin with accessing without
authorization the systems of LinkedIn, Dropbox and Formspring in 2012,
using stolen employee credentials.

Nikulin was accused of stealing approximately 117 million credentials
and of attempting to sell those on underground forums for €5,500
(roughly $6,200).

He was also linked to the theft of crypto-currency from the now
defunct Bitcoin exchange BitMarket.eu in 2013. Nikulin, who owned
luxury cars and watches, is believed to have made more money from the
theft of Bitcoin than from the trading of usernames and passwords.

The hacker’s trial started in March, but the coronavirus pandemic led
to proceedings being suspended for two months.

According to evidence presented at the trial, Nikulin hacked into the
computers of employees at LinkedIn, Dropbox, and Formspring, and
installed malware that provided him with remote control of the
machines and allowed him to steal login information.

He was located in Moscow at the time of the intrusions, and
investigators were able to track the IP used in at least one of the
attacks to his location.

Nikulin was found guilty of hacking into the systems of the online
services and of trafficking stolen data. His sentencing is scheduled
for September 29.


More information about the BreachExchange mailing list