Yevgeniy Aleksandrovich Nikulin, also known as the “Russian LinkedIn hacker”, is the protagonist of one of the most-watched cybercrime cases that just came to an end.
He was also found guilty of hacking Dropbox and Formspring… Eight years ago.
He got notorious attention back in 2012 (between March and July) after stealing data belonging to 200 million users, out of the three mentioned social media firms.
But he only got charged in Prague (October 5, 2016) by Interpol with nine felony counts, including computer intrusion, computer damage, trafficking in unauthorized access devices, conspiracy, and identity theft.
Its extradition to the US finally occurred in March 2018 after a long legal battle between these two countries. He remained in the Czech Republic for a while, before his sentence.
Participants in the case say that Aleksandrovic tried to sell all these data to other Russian-speaking individuals, who were members of cybercriminal forums.
That earned the “Russian LinkedIn Hacker” a sentence of 88 months in United States prison (more than seven years).
How Did the Russian LinkedIn Hacker Defend?
Nikulin’s defense argued that “the government’s proposed sentencing was not true.”
Defense attorney, Adam Gasner, claimed during the hearing that the loss figures from LinkedIn and other hacking victims (+100 million) were practically null.
“None of those who got information accessed by Nikulin lost money. And the reported “millions of dollars” were overstated. Those corporate victims have no actual evidence.”
The 88 months in prison wasn’t enough for prosecutors, who requested 145 months (nearly 12 years), with three years of supervised release and restitution.
The reason behind this was an extra accusation of intrusion inside Automattic, the parent company of WordPress.com. In the end, there was no evidence of stolen credentials.
The entire trial process took longer than expected (extra weeks), due to the interruption of the coronavirus pandemic. After all, after a matter of hours, he finally was found guilty by a federal US jury in early July of 2020.
In the meantime, another perpetrator was suggested by the defense attorneys. A Latvian man by the name of Belan who ranks in a high-tier of the FBI’s most-wanted cyber criminals.
This other man was allegedly carrying direct knowledge work of Russian FSB intelligence services. He was employed by Group-IB (security firm) with offices in Moscow and Singapore.
The argument behind this accusation was that Nikulin wasn’t the hacker thought to be. Instead, he was described more as a “digital common thief, capable of stealing data in unsophisticated attempt to cash from it.”
William Alsus (the Judge) admitted that “this is a hard one because when he returns to Russia, I think he will return to being a hacker again. We can’t just lock him up and throw the key away.”
We can learn two things from today’s story.
First of all, that a “digital common thief” is capable of stealing million’s of people data. Then imagine what an advanced one could do to your company’s assets.
Second and last, that there’s no guarantee of him and thousands of other hackers doing what cybercriminals do, after yearly sentences like this one.
The Russian LinkedIn Hacker is just one of many.
Imagine how many others are out there in the shadows, on whatever part of the world, seeking vulnerabilities to sneak in and steal… Would you permit that to happen to you?
I hope not.
We need to talk as soon as possible, for you not to become a victim of an incurable crime.