DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Yevgeniy Nikulin indicted for hacking LinkedIn, Dropbox, and Formspring

Posted on October 21, 2016 by Dissent

From the U.S.A.O. press release:

OAKLAND – A federal grand jury in Oakland indicted Yevgeniy Aleksandrovich Nikulin yesterday for obtaining information from computers, causing damage to computers, trafficking in access devices, aggravated identity theft, and conspiracy, announced United States Attorney Brian J. Stretch and Federal Bureau of Investigation Special Agent in Charge John F. Bennett.

The indictment, unsealed today, alleges that Nikulin, 29, of Moscow, Russia, accessed computers belonging to LinkedIn, Dropbox, and Formspring, each of which has its headquarters in the San Francisco Bay Area.  The indictment further alleges that the defendant accessed the computers without authorization and that he obtained information from the computers. According to the indictment, the defendant also caused damage to computers belonging to a LinkedIn employee and to Formspring by transmitting a program, information, code, or command. Nikulin also is alleged to have used the credentials of LinkedIn and Formspring employees in connection with the computer intrusions. Further, Nikulin is alleged to have engaged in a conspiracy with unnamed co-conspirators to traffic stolen Formspring user credentials.  In all, Nikulin is charged with three counts of computer intrusion, in violation of 18 U.S.C. § 1030(a)(2)(C); two counts of intentional transmission of information, code, or command causing damage to a protected computer, in violation of 18 U.S.C. § 1030(a)(5)(A); two counts of aggravated identity theft, in violation of 18 U.S.C. § 1028A(a)(1); one count of trafficking in unauthorized access devices, in violation of 18 U.S.C. § 1029(a)(2); and one count of conspiracy, in violation of 18 U.S.C. § 371.

Defendant was arrested on October 5, 2016, by officials in the Czech Republic pursuant to a provisional arrest request based on the warrant issued in connection with the complaint. He remains in custody in Prague.

An indictment merely alleges that crimes have been committed, and all defendants are presumed innocent until proven guilty beyond a reasonable doubt. If convicted, the defendant faces the following maximum penalties:

  • 18 U.S.C. § 371: Five years of imprisonment, $250,000 fine (or alternatively, twice the gross gain or gross loss, whichever is greater), three years of supervised release, $100 special assessment, forfeiture, and restitution.
  • 18 U.S.C. § 1028A(a)(1): Two-year mandatory minimum sentence of imprisonment to run consecutive to any other sentence and in addition to the sentence for the underlying felony, $250,000 fine (or alternatively, twice the gross gain or gross loss, whichever is greater), three years of supervised release, $100 special assessment, restitution.
  • 18 U.S.C. § 1029(a)(2) and (c)(1)(A)(i): Ten years of imprisonment, $250,000 fine (or alternatively, twice the gross gain or gross loss, whichever is greater), three of years supervised release, $100 special assessment, forfeiture, and restitution.
  • 18 U.S.C. § 1030(a)(2)(C) and (c)(2)(B): Five years of imprisonment, $250,000 fine (or alternatively, twice the gross gain or gross loss, whichever is greater), three years of supervised release, $100 special assessment, forfeiture, and restitution.
  • 18 U.S.C. § 1030(a)(5)(A) and (c)(4)(B)(i): Ten years of imprisonment, $250,000 fine (or alternatively, twice the gross gain or gross loss, whichever is greater), three years of supervised release, $100 special assessment, forfeiture, and restitution.

However, any sentence following conviction would be imposed by the court after consideration of the U.S. Sentencing Guidelines and the federal statute governing the imposition of a sentence, 18 U.S.C. § 3553.

Michelle J. Kane is the Assistant U.S. Attorney who is prosecuting the case with the assistance of Melissa Dorton and Elise Etter. The prosecution is the result of an investigation by the Federal Bureau of Investigation with the assistance of authorities in the Czech Republic and the U.S. Department of Justice’s Criminal Division, Office of International Affairs.

Further Information:

Case #: CR 16-00440 WHA, 16-71303 MAG

# # #

Related: Indictment

N.B. Nikulin’s online screen names were allegedly ChinaBig01, dex.007, valeriy.krutov3, and itBlackhat.

Tweets by itBlackHat
Tweets by itBlackHat in 2014. 

Related posts:

  • Yevgeniy Nikulin sentenced to 88 months for hacks of LinkedIn, Dropbox, and Formspring
  • Yevgeniy Nikulin convicted of 2012 LinkedIn, Dropbox, Formspring hacks
  • Yevgeniy Nikulin made his initial appearance in federal court after extradition
  • CA: Two men indicted in “sim swapping” scheme to steal cryptocurrency
Category: Business SectorHackOf NoteU.S.

Post navigation

← NJ: Couple used IDs of prison inmates to file $317K in false insurance claims, authorities say
Yesterday’s major outage was brought to you by hacked IoT devices →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.