“Putin of the Hacking World” Sentenced in the U.S.
A Russian hacker known as the “Putin of the hacking world” has been sentenced to seven years in prison on charges related to his hacking of American companies such as LinkedIn and Dropbox.
Yevgeny Nikulin was found guilty of hacking LinkedIn and the now-defunct Formspring in 2012, stealing the personal data of 117 million Americans and subsequently attempting to sell the data on the Russian dark web. The data breach also included the login details of 1,000 British MPs and parliamentary staff, as well as more than 1,000 U.K. Foreign Office officials.
Nikulin used this information to send phishing emails to employees at other companies, such as Dropbox, and gain access to the system using their accounts. He then stole the information of 68 million Dropbox users.
Adam Gasner, one of Nikulin’s defense attorneys, alleged that the companies overestimated the financial damage, pointing out that none of the victims had claimed financial losses resulting from the hack. “These are corporate victims to whom no actual losses have been evidenced,” he said.
One of the prosecutors, U.S. Attorney David Anderson, said in a statement that “computer hacking is not just a crime, it is a direct threat to the security and privacy of Americans. American law enforcement will respond to that threat regardless of where it originates.” Prosecutors asked for Nikulin to serve 12 years for his nine convictions.
After Czech law enforcement arrested Nikulin in Prague in 2016, the U.S. and Russia filed competing extradition requests, leading to a long and contentious legal battle, which the U.S. eventually won. Czech authorities, the U.S. Secret Service, and the Department of Justice assisted the FBI in building the case.
U.S. law enforcement had tracked down Nikulin as part of a broader campaign, dating back to the early 2010s, to catch Russian cybercriminals. Dozens have been arrested in the past decade, prompting accusations from the Kremlin that the U.S. is “hunting for Russian citizens.”
The accusations represented a breakdown of attempted cooperation between the FBI and Russia’s Federal Security Service (FSB) to find such suspects, as did the discovery that the FSB had simultaneously been recruiting hackers themselves.
One of the FSB’s alleged assets and the FBI’s most wanted cybercriminals, Alexsey Belan, collaborated with Nikulin in the sale of his data. Another, Nikita Kislitsin, testified to FBI agents that Nikulin had worked with the FSB to collect “compromising information” on unspecified Americans. The case has “yielded insight” into the FSB’s use of hackers—including during their interference into the U.S. presidential election in 2016.
Nikulin’s lawyers pleaded for leniency, citing his childhood abuse and the suicide of his older brother; his 10-year-old daughter and ailing mother in Russia, the latter of whom may not live to see him again; and the difficulties of “the coronavirus pandemic, language challenges, and a[n unfamiliar] judicial system.” Nikulin himself has written to his judge often, mainly to ask that he be allowed to use hand-held video game devices.
“Mr. Nikulin spent a significant time in solitary confinement. Even when he was placed in the general population, Mr. Nikulin continued to experience isolation by virtue of being a Russian national that does not speak English and thus, was unable to communicate effectively, make friends, or take advantage of jail programs,” said.Valery Nechay, Nikulin’s attorney. “We look forward to the day he is reunited with his family in Russia, who he has not seen in almost four years; Mr. Nikulin’s family desperately await his safe return.”
Though sympathetic, William Alsup, the judge charged with sentencing Nikulin, was also skeptical of the hacker’s intentions.
“I believe here is a substantial risk that he will repeat the crime when he goes back to Russia,” said Alsup. “I think I know enough about him to know that he will be very tempted to get back into the hacking business when he gets over there… beyond the reach of the U.S.”