Cybercrime , Fraud Management & Cybercrime , Incident & Breach Response

LinkedIn Breach: Russian Suspect Extradited to US

Czechs Extradite Suspect Also Charged With Hacking Dropbox and Formspring
LinkedIn Breach: Russian Suspect Extradited to US
Russian national Yevgeniy Nikulin was the focus of competing U.S. and Russian extradition requests. (Photo: YouTube)

Russian national Yevgeniy Aleksandrovich Nikulin, 30, made his first appearance in a U.S. courtroom on Friday after being extradited from the Czech Republic to face hacking changes.

See Also: The Need for a Breakthrough in Cybersecurity

Nikulin - aka "Chinabig01," "dex.007," "valeri.krutov3" and "itBlackHat" - has been charged with hacking into social networking site LinkedIn, file-sharing service Dropbox and Formspring, which was a social question-and-answer website. In 2016, LinkedIn said 117 million user credentials may have been stolen in its 2012 breach (see LinkedIn Breach: Worse Than Advertised).

The defendant, who's from Moscow, appeared in court for for just 17 minutes on Friday before Jaqueline Scott Corley, a U.S. magistrate judge in San Francisco federal court.

Nikulin entered a plea of not guilty and the judge ordered him to be remanded to custody. He's due back in court on Wednesday for a detention hearing.

Gabriela Bischof, an assistant federal public defender, has been appointed as Nikulin's attorney. She could not be immediately reached for comment on the charges against her client.

Competing Extradition Requests

The 2016 indictment against Yevgeniy Nikulin.

Nikulin was arrested on Oct. 5, 2016, by police in Prague, acting on a red notice issued by Interpol (see Russian Indicted for Breach of Three Silicon Valley Companies ).

Nikulin remained in Czech custody, where he was the focus of competing extradition requests filed by Washington and Moscow (see Russia's Accused Hacker Repeat Play: Extradition Tug of War).

Last May, a Czech court ruled that the country could extradite the defendant to either the United States or Russia, both of which have filed extradition requests.

But on Thursday, Robert Pelikán, the Czech Republic's minister of justice, ordered him to be extradited to the United States, after which he was transported by FBI agents.

Nikulin's Arrest in Prague

Footage of Yevgeniy Aleksandrovich Nikulin being arrested in Prague in Oct. 5, 2016. (Source: Czech Republic Police)

Four-Year FBI Investigation

The appearance of Nikulin in a U.S. courtroom is the result of a four-year investigation led by the FBI, together with assistance from authorities in the Czech Republic as well as the U.S. Department of Justice. The suspect faces more than 30 years in prison and $1 million in fines (see Is US Computer Crime Justice Draconian?).

"In this case, the defendant, a Russian national, is accused of breaking into the computer system of several important American companies using stolen identities, and potentially gaining access to the personal information of millions of Americans," says U.S. Attorney General Jeff Sessions. "This is deeply troubling behavior once again emanating from Russia. We will not tolerate criminal cyberattacks and will make it a priority to investigate and prosecute these crimes, regardless of the country where they originate."

Nikulin allegedly hacked LinkedIn and Dropbox in 2012 as well as Formspring in 2013. He allegedly stole and used access credentials for LinkedIn and Formspring employees, and together with unnamed co-conspirators has been accused of offering stolen data for sale.

The indictment against Nikulin, filed in October 2016, charges him with three counts of computer intrusion; two counts of intentional transmission of information, code or command causing damage to a protected computer; two counts of aggravated identity theft; one count of trafficking in unauthorized access devices; and one count of conspiracy.

"The FBI will not allow international cyber criminals to operate with impunity," says FBI Special Agent in Charge John F. Bennett. "Nikulin allegedly targeted three Bay Area companies through cyberattacks, and will now face prosecution in the United States. This extradition is a success for U.S. law enforcement and our partners overseas."

More Russians Extradited to US

Nikulin is the latest in a long line of alleged cybercriminals who have been extradited to the U.S.

In February, Russian national Peter Levashov, who was arrested in Spain last year, was extradited to the U.S. to face allegations that he ran the notorious Kelihos botnet that pumped out spam, banking Trojans and ransomware (see Accused Russian Botnet Mastermind Extradited to US).

In January, meanwhile, Spain had extradited Russian national Stanislav Lisov to the United States. He was arrested by Spanish police in January 2017, while on his honeymoon, at U.S. request. Lisov has been charged with crimes related to the "Neverquest" banking Trojan, also known as Vawtrak and Snifula, which have been tied to alleged losses of $855,000 from U.S. banking customers between June 2012 and January 2015.

In both Lisov and Levashov's cases, the Russian government filed competing extradition requests, seeking to prevent them from being sent to the United States.

Russia's competing extradition requests for alleged cybercriminals don't appear to have ever succeeded.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.