Categories: Security

US Names Arrested Russian As Alleged LinkedIn, Dropbox Hacker

US authorities have unsealed a grand jury indictment naming 29-year-old Russian citizen Yevgeniy Aleksandrovich Nikulin, of Moscow, as one of three alleged culprits behind hacks on LinkedIn, Dropbox and others that breached millions of passwords.

Last week Czech police announced they had arrested the man, whose identity wasn’t disclosed at the time, on 5 October as he scanned the menu in a Prague restaurant.

Phishing attack

The indictment alleges Nikulin used malware to illegally access the computer of a LinkedIn employee, which he then used to steal user credentials.

It also accuses him of hacking Dropbox and a now-defunct social network called Formspring and stealing user names, passwords and email addresses, then conspiring with two other unnamed individuals to sell the data.

The counts listed include computer intrusion and damage, identity theft, trafficking in unauthorised access devices and conspiracy, adding up to more than 30 years in prison, although maximum sentences are rarely handed out.

Nikulin was arrested about 12 hours after Interpol reported he was in Prague, Czech police said last week.

Officers took him into custody while he was sitting in a restaurant with his girlfriend near the hotel where they had been staying, police said. He had been driving around Prague in a luxury automobile, and his Instagram account reportedly shows a taste for gold Rolexes.

Extradition

The suspect collapsed after being arrested and was taken to hospital, then returned to police custody, where he remains, awaiting an extradition hearing.

Russia’s Foreign Ministry said in a statement it is looking to block Nikulin’s extradition, saying the case shows the US is “hunting for Russian citizens across the world”.

LinkedIn stated it appreciated the FBI’s work to “pursue those responsible for the 2012 breach of LinkedIn member information”.

A hacker using the pseudonym peace_of_mind told journalists the 2012 breaches had been carried out by Russians, who made use of them privately for years before selling them publicly earlier this year, with the intent of retiring on the proceeds.

Dropbox forced password resets in August after it found 68 million sets of user credentials posted online that it believes were stolen in 2012.

The LinkedIn breach involved more than 100 million sets of credentials, and after the data was sold publicly in May led to further hacks on individuals who had reused their passwords elsewhere.

Quiz: What do you know about cybersecurity in 2016?

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

6 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

7 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

7 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

9 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

12 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

12 hours ago