A Russian hacker has finally been convicted of cyber-attacks on LinkedIn, Dropbox and Formspring which breached millions of customer accounts, after spending years in custody.
Yevgeniy Nikulin, now 32, was arrested in 2016 in Prague and detained there for over a year while US and Russian officials submitted extradition requests.
He was eventually brought to the US but then faced further delays after violent behavior which led to a psychiatric evaluation. It has also been reported that Nikulin initially refused to meet with his defense counsel.
The case was then postponed due to COVID-19 lockdowns.
According to a 2016 indictment by US prosecutors, Nikulin hacked LinkedIn, Dropbox and Formspring back in 2012. The attacks are subsequently revealed to have hit 117 million LinkedIn accounts, 69 million Dropbox users and 28 million Formspring accounts.
He’s alleged to have used many of the stolen log-ins to launch subsequent attacks on individuals.
In the first case to be held in the Northern California district since the start of the pandemic, it took a jury just a few hours to convict Nikulin.
He now faces up to 10 years in prison for each count of selling stolen usernames and passwords and installing malware onto computers, and up to five years for each count of conspiracy and computer hacking. There’s also a two-year stretch potentially awaiting for identity theft.
Sentencing will be handed down on September 29.
Nikulin is one of the few Russian cyber-criminals to have ended up in court in the US. The Putin administration has taken an increasingly hard line on US extradition attempts of Russian citizens from other countries.
In fact, it claimed back in 2016 that Washington was systematically “hunting for Russian citizens across the world.”
Earlier this month, an indictment was unsealed naming Andrey Turchin as “Fxmsp” — an alleged prolific hacker who made millions from selling network access.
However, he lives in Kazakhstan, which has no extradition treaty with the US.