Fraud Management & Cybercrime , Incident & Breach Response , Managed Detection & Response (MDR)

Russian Indicted for Breach of Three Silicon Valley Companies

Suspect Said to Have Targeted LinkedIn, Dropbox and Formspring
Russian Indicted for Breach of Three Silicon Valley Companies

A U.S. federal grand jury in Oakland, Calif. indicted a 29-year-old Russian man for hacking computers at three Silicon Valley companies - social networking sites LinkedIn and Formspring and file-sharing company Dropbox.

See Also: Gartner Guide for Digital Forensics and Incident Response

Authorities accuse Yevgeniy Aleksandrovich Nikulin of Moscow of conducting a phishing attack against a LinkedIn employee, putting code on the worker's computer, stealing the employee's username and password and using those credentials to access the company's IT system in 2012.

In 2012, LinkedIn revealed it experienced a computer breach in which more than 6.5 million of its members' hashed passwords were stolen (see LinkedIn: Hashed Passwords Breached). This past May, a data breach notification site revealed that nearly 170 million credentials appear to have been compromised in the 2012 breach (see LinkedIn Breach: Worse Than Advertised). The quantity of credentials suggests that attacker obtained virtually every LinkedIn username and hashed password.

Conspiracy to Sell Stolen Credentials Alleged

The indictment, unsealed Oct. 21, also said Nikulin hacked Dropbox and Formspring computers and conspired with two unnamed co-conspirators to sell stolen user names, passwords and email addresses of Formspring customers.

Nikulin faces more than 30 years in prison and $1 million in fines.

Czech police arrested Nikulin on Oct. 5 at a Prague hotel, while on vacation with his girlfriend, after receiving a request from Interpol, which was tipped off of his whereabouts by the FBI (see Hackers' Vacation Plans in Disarray After Prague Arrest).

The New York Times reports that Nikulin - who goes by the online aliases Chinabig01, Dex.007, Valeriy.krutov3 and itBlackHat - did not resist arrest. Czech police issued a statement saying the suspect had unspecified medical problems and was briefly hospitalized before being returned to custody.


About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.