Accused Russian hacker Yevgeniy Nikulin was found guilty by a San Francisco jury on Friday and charged with hacking LinkedIn and Dropbox in a pair of data breaches dating back to 2012. The 32-year-old has been accused of stealing credentials of over 100 million Americans in one of the biggest data thefts in recent times.
The US was at one point confident that Nikulin was working for the Russian intelligence agency. However, he seems to have carried out the crimes without any assistance. His case is also somewhat unusual as he has served sentences in several jails across different countries over the years, which in itself is a constitutional violation.
Nikulin Found Guilty
The 32-year-old Russian was convicted on Friday for hacking LinkedIn and Dropbox in 2012 in one of the largest data breaches in US history, which resulted in the stealing of around 117 million login codes of users. Nikulin's trial started in early March but was abruptly halted following the coronavirus outbreak and stay-at-home orders in the Bay Area on March 16. Thus, this was the first trial in North California since the outbreak.
Nikulin was also found guilty of stealing and trafficking Formspring data and damaging the computer of one of its employees that cost around $5,000. All the incidents date back to 2012.
According to the US government, Nikulin also tried to sell the stolen data from LinkedIn to accused scammer Nikita Kislitsin. The deal was allegedly brokered by a top official from the Russian security services. However, the jury on Friday did not find him guilty on charges of crime for financial gain.
The Justice Department alleged that Nikulin's crimes once again brings to light how an older generation of cyber criminals would easily hack accounts of US companies, sometimes with the knowledge of Russian intelligence agencies. "Nikulin's conviction is a direct threat to would-be hackers, wherever they may be," US Attorney David Anderson said in a statement.
Unlike Other Cyber Crimes
Nikulin is scheduled to be sentenced on September 29 and could end up serving 10 years in prison for each count of selling stolen login codes, installing malware on computers, and five years for each count of conspiracy and hacking.
Interestingly, Facebook's data breach involving Cambridge Analytica in 2018, which resulted in the leaking of personal information of 80 million users, pales in comparison to Nikulin's crime. Prosecutors had argued that he had acted as the digital equivalent of a common thief who used hacking tools to steal important information and sell it to scammers.
Nikulin's defense at one point even suggested that he himself could have been a victim of intrusion, as cyber criminals who were working under the backing of the Russian government may have stolen his identity to commit the crimes of which he is now charged. Justice Department prosecutors had also linked Nikulin to a ring of hackers and spies who were operating in and around Moscow in 2012.
End of a Long Drama
Nikulin was arrested in 2016 in the Czech Republic by the country's police following an operation by the Federal Bureau of Investigation (FBI). However, it took two years to process extradition requests from both the US and Russia for his custody, while he remained in jail.
Russia was not pleased with Nikulin's arrest and had said that the US was "hunting for Russian citizens" across the world. He is one of the few Russian citizens to have been successfully extradited to the US amid opposition from Russia in recent times.
According to his former attorney, Nikulin initially refused to cooperate with his defense lawyer after his extradition and met Russian officials directly in the absence of a lawyer. During his indictment in the US, he also tried to vandalize the jail cell and had to be placed in solitary confinement for a while. Later, he was deemed fit to stand trial after completing a psychiatric evaluation.