Pierluigi Paganini July 11, 2020

The Russian hacker Yevgeniy Nikulin found guilty for LinkedIn, Dropbox, and Formspring data breach back in 2012 and the sale of their users’ data.

A jury found Russian hacker Yevgeniy Nikulin guilty for the hack of LinkedIn, Dropbox, and Formspring back in 2012 and for the sale of the stolen data on cybercrime black marketplaces.

The Russian criminal was arrested in Prague in October 2016 in an international joint operation with the FBI.

The jury verdict was passed on last week in a California court.

Nikulin first breached LinkedIn between March 3 and March 4, 2012, the hacker first infected an employee’s laptop with malware then used employee’s VPN to access the LinkedIn’s internal network.

The Russian man stole roughly 117 million user records, including usernames, passwords, and emails.

Nikulin used data stolen from Linkedin to launch spear-phishing attacks against employees at other companies, including Dropbox.

Between May 14, 2012 and July 25, 2012, Nikulin obtained the records belonging 68 million Dropbox users containing usernames, emails, and hashed passwords.

Nikulin also hacked into an employee account of a Formspring engineer and used it to access the company network between June 13, 2012, and June 29, 2012. The hacker stole 30 million user details from the company database.

The data stolen by Nikulin were available on the cybercrime underground between 2015 and 2016, they were offered for sale by multiple traders.

The man always refused to cooperate with the authorities or to plead guilty while he was in prison.

The trial was initially set for early 2020, but it was delayed twice due to the ongoing coronavirus outbreak.

During the last trial, Nikulin did not plead guilty despite the prosecutors attempted to link him to other cybercrimes.

“The judge supervising the case called the prosecution’s efforts into question just days before the trial ended, describing their efforts and evidence as “mumbo jumbo,” wondered if the prosecutors were wasting the jury’s time, and also asked out loud if the prosecutors had any real evidence against Nikulin besides private messages sent between two nicknames on internet chats.” reads the post published ZDNet.

“However, despite the judge critiquing the prosecutors for their handling of the case, the jury found Nikulin guilty after only six hours of deliberations.”

The final sentence for Nikulin was scheduled for September 29, 2020.

Pierluigi Paganini

(SecurityAffairs – hacking, cybercrime)

[adrotate banner=”5″]

[adrotate banner=”13″]