US Indicts Russian Hacker Allegedly Behind Dropbox, LinkedIn Breaches
Yevgeniy Aleksandrovich Nikulin also allegedly hacked Formspring.
Late on Friday, the Department of Justice unsealed an indictment against Yevgeniy Aleksandrovich Nikulin, who allegedly hacked LinkedIn, Dropbox, and Formspring, and stole customer details.
Nikulin, 29, from Moscow, Russia, is charged with three counts of computer intrusion; two counts of intentional transmission of information, code, or command causing damage to a protected computer; two counts of aggravated identity theft; one count of trafficking in unauthorized access devices; and one count of conspiracy.
At least in some cases, Nikulin allegedly used the credentials of employees from companies to gain access to more customer data, according to the indictment. He allegedly attacked LinkedIn in March 2012, Dropbox in between May and July 2012, and Formspring in June of the same year.
The indictment also points to several unnamed co-conspirators, one of which allegedly offered stolen customer details, such as usernames, email addresses, and passwords for sale. The indictment says another bought the information.
The hacker was allegedly known by several aliases online, including "chinabig01" and "itBlackhat," according to the indictment. One of them has an intriguing online trail. On June 2014, the Twitter account @itBlackhat sent three identical tweets, asking three people to send some unspecified data to a the email account Chinabig01@gmail.com. (According to the indictment, Nikulin's co-conspirators allegedly used a Gmail account to communicate about selling stolen data).
Nikulin was arrested in Prague by Czech police forces on October 5. Shortly after the arrest, LinkedIn came forward with a statement, claiming the hacker had breached the company's systems.
In 2012, hackers stole over 117 million email addresses and passwords from LinkedIn. As Motherboard first reported, hackers also obtained 60 million user account details from Dropbox. That breach, according to Dropbox, was related to an employee re-using a password.
Lorenzo Franceschi-Bicchierai contributed reporting to this article.