Roughly 8 years after he infiltrated U.S. social media companies LinkedIn and Formspring, Yevgeniy Nikulin, who stole credentials belonging to 100 million Americans, was found guilty and sentences to 7 years in prison.
The sentencing on Tuesday put a cap on a drawn-out legal battle that involved multiple extradition attempts, luxury sports cars, and delays due to the coronavirus outbreak.
Nikulin was charged in 2016 with nine felony counts, including computer intrusion and aggravated identity theft, in connection with data breaches that occurred in 2012 at LinkedIn and Formspring.
The 32 year old hacker was accused of stealing roughly 117 million usernames and passwords, then trying to sell those credentials to other users on Russian-language forums used primarily for cyber-crime.
According to David Anderson, U.S. Attorney for the Northern District of California, Nikulin was also convicted of hacking into computers belonging to Dropbox.
“Nikulin’s conviction is a direct threat to would-be hackers, wherever they may be,” U.S. Attorney David Anderson said in a statement. “Computer hacking is not just a crime, it is a direct threat to the security and privacy of Americans. American law enforcement will respond to that threat regardless of where it originates.”
Judge William H. Alsup of the U.S. District Court for the Northern District of California, who presided over the jury trial, said during the sentencing that he “had the feeling from time to time” that the case “was disjointed and possibly too weak to go to the jury,” but was convinced by the prosecution’s argument during the course of the trial.
The trial began back in March but was put on hold after two days because of the COVID-19 outbreak.
Trial resumed again in July and the defendant, attorneys, and judges were required to wear masks while the witnesses testified behind a glass panel.
Yevgeniy Nikulin’s trial was the first federal jury trial in San Francisco since the stay-at-home orders took effect due to the virus outbreak.
The trial and sentencing come after a grueling 8 years of legal wrangling that has made it one of the most closely followed hacking cases in recent history.
While on vacation with his girlfriend back in 2016, Nikulin was arrested in the Czech Republic, just two days before the Obama administration accused the Russian government of directing hacking operations toward the Democratic National Committee.
Nikulin was held in the Czech Republic for two years as a long extradition battle ensued with the U.S.
At the same time, the Russian government wanted him sent back to Moscow to stand trial for the hacking of WebMoney in which he stole $3,500 back in 2009.
The extradition fight made its way to the highest levels of the Czech government, with the country’s president urging an extradition to Russia while the prime minister favored extradition to the U.S.
The decision was ultimately made by the Czech Republic’s minister of justice who approved that Nikulin be extradited to the U.S.
Just two weeks after he approved the U.S. extradition, he resigned from his position as minister of justice stating the reason as being “ideological differences between him and his party.”
After being extradited and while awaiting his trial in the U.S., Nikolin was placed in solitary confinement.
During this time, he allegedly attacked a few correction officers and was given a psychiatric evaluation in which he was deemed competent to stand trial.
Nikulin’s lawyer used the argument during his trial on Tuesday that he had suffered by spending over two years in foreign prisons and that he was unable to communicate with family or friends. His lawyer also went on to use the argument that the coronavirus outbreak make Nikulin’s situation somewhat “Kafkaesque,” for reasons not related to the crimes he committed.
Nikulin lived a lavish lifestyle in Russia and often posted photos of his travels and his fancy cars.
His social media included images of him standing next to his Lamborghini as well as images with both the daughters of Russia’s defense minister and the Kremlin’s press secretary.
Several court filing that surfaced during the trial showed links between many of Russia’s most notorious hackers and the country’s intelligence services.
The documents reveal that they know and sometimes work together.
For example, documents revealed that Nikulin was in regular contact with Oleksandr Ieremenko, a Ukranian national who was accused of hacking the U.S. Securities and Exchange Commission.
Further documents revealed that Nikulin tried to sell the stolen data to Alexsey Belan and Nikita Kislitsin.
Kislitsin later became an executive at Group-IB.
In a detailed statement released by Group-IB, they claim that they did not receive any subpoenas related to the case and that he was already charged in a separate indictment involving hacked data inMarch.
When asked for comment about the newly unsealed charges, which include conspiracy and trafficking in stolen user names and passwords, against Kislitsin, Group IB said that they predate his employment.
Kislitsin, according the U.S. prosecutors, allegedly partnered with Belan to get the Formspring data from Nikulin in July 2012.
Documents made public during the trial identified Nikulin, Iremenko, Kislitsin, and an alleged cyber-criminal as being present during a 2012 meeting where they allegedly discussed starting a business together.
Dmitry Smilyanets, an expert threat intelligence analyst at Recorded Future, said the trial and sentencing illustrated the interconnected world of cyber-crime.
“All top tier hackers, they know each other and pal around. In the case of Nikulin, we see he was connected with some of the most famous hackers in the world. That’s not just people on forums—these are people indicted by U.S. law enforcement for various serious crimes,” he said.