Yevgeniy Nikulin allegedly targeted three Bay Area companies through cyber-attacks; LinkedIn, Dropbox and Formspring.
The 2012 LinkedIn data breach affected millions. "This is the hack of 114 million LinkedIn users," said Laura Hautala, Staff Reporter for CNET.
In October of 2016, Czech Republic law enforcement officials arrested Nikulin.
CNET's cyber security and privacy reporter says Nikulin allegedly used a LinkedIn employee's username and password to access the usernames and passwords of hundreds of millions more from LinkedIn, Dropbox and Formspring.
"It's really been a waiting game of waiting and seeing is this person actually going to be sent to the United States," said Hautala.
Nikulin was extradited overnight and appeared in federal court Friday morning. The prosecution is the result of a four-year investigation by the FBI, along with Czech Republic authorities and the U.S. Department of Justice.
"It's very rare that a Russian hacker would actually be in the United States facing these charges," said Hautala.
In an emailed statement, a LinkedIn Spokesperson writes, "We've been actively monitoring the FBI's case to pursue those responsible for the 2012 breach of LinkedIn member data. We are glad to see this progress and appreciate the hard work of law enforcement to resolve this investigation."
Experts say the data could have been sold on the dark web.
"What hackers do is take your username and password and compare it to perhaps where you work or your bank or something like that and see if they can get something really valuable," said Hautala.
At the time of the hack, LinkedIn recommended users change their passwords.
Hautala suggests users also create unique passwords for different websites.
Nikulin pleaded not guilty to the charges. He is scheduled to appear in court again next week.
The U.S. Attorney's Office released the following statement:
Yevgeniy Aleksandrovich Nikulin made his initial appearance in federal court today following his extradition from the Czech Republic, announced Acting United States Attorney Alex G. Tse and Federal Bureau of Investigation Special Agent in Charge John F. Bennett. He appeared before Jaqueline Scott Corley, United States Magistrate Judge in San Francisco.
Nikulin, 30, of Moscow, Russia, was charged in a 2016 indictment with illegally accessing computers belonging to LinkedIn, Dropbox, and Formspring, each of which has its headquarters in the San Francisco Bay area. The indictment further alleges that the defendant accessed the computers without authorization and that he obtained information from the computers. According to the indictment, the defendant also caused damage to computers belonging to a LinkedIn employee and to Formspring by transmitting a program, information, code, or command. Nikulin is alleged to have used the credentials of LinkedIn and Formspring employees without their knowledge or authorization in connection with the computer intrusions. The indictment charges that Nikulin engaged in a conspiracy with unnamed co-conspirators to traffic stolen Formspring user credentials.
Nikulin was arrested on October 5, 2016, by Czech Republic law enforcement officials pursuant to an Interpol Red Notice, and has been in Czech custody since that time. The United States submitted an official request to the Czech government for his extradition in November 2016. On March 29, 2018, the Minister of Justice of the Czech Republic ordered Nikulin extradited to the United States. Nikulin was transported to the United States by agents of the Federal Bureau of Investigation.
"Computer hacking is not just a crime, it is a direct threat to the security and privacy of Americans," Attorney General Jeff Sessions said. "In this case, the defendant, a Russian national, is accused of breaking into the computer system of several important American companies using stolen identities, and potentially gaining access to the personal information of millions of Americans. This is deeply troubling behavior once again emanating from Russia. We will not tolerate criminal cyber-attacks and will make it a priority to investigate and prosecute these crimes, regardless of the country where they originate.
"I want to thank our partners in the Czech Republic for their cooperation in the extradition process, and I also want to thank the FBI, the Department of Justice's Office of International Affairs, and Assistant U.S. Attorneys Michelle Kane and Matt Parrella for their hard work. The Department of Justice will continue our work to defend the safety, property, and privacy of the American people from the threat of foreign hackers."
"The Department of Justice is committed to investigating and bringing to justice hackers who illegally access computer systems to steal information," said Acting U.S. Attorney Alex G. Tse. "Hackers cause millions of dollars of damage to computer systems and victimize innocent users. We will use the considerable means at our disposal to find, capture, and bring to justice computer hackers who commit crimes against U.S. computer systems and the people who use and rely on those systems, regardless of where those hackers commence their attacks. The arrest and extradition of Nikulin is the result of effective cooperation between U.S. and our international law enforcement partners to combat computer crime."
"The FBI will not allow international cyber criminals to operate with impunity," said FBI Special Agent in Charge John F. Bennett. "Nikulin allegedly targeted three Bay Area companies through cyber-attacks, and will now face prosecution in the United States. This extradition is a success for U.S. law enforcement and our partners overseas."
Nikulin is charged with three counts of computer intrusion, in violation of 18 U.S.C. 1030(a)(2)(C); two counts of intentional transmission of information, code, or command causing damage to a protected computer, in violation of 18 U.S.C. 1030(a)(5)(A); two counts of aggravated identity theft, in violation of 18 U.S.C. 1028A(a)(1); one count of trafficking in unauthorized access devices, in violation of 18 U.S.C. 1029(a)(2); and one count of conspiracy, in violation of 18 U.S.C. 371.
An indictment merely alleges that crimes have been committed, and all defendants are presumed innocent until proven guilty beyond a reasonable doubt. If convicted, the defendant faces the following maximum penalties:
- 18 U.S.C. 371 (conspiracy): Five years of imprisonment, $250,000 fine, three years of supervised release, $100 special assessment, forfeiture, and restitution.
- 18 U.S.C. 1028A(a)(1) (aggravated identity theft): Two-year mandatory minimum sentence of imprisonment to run consecutive to any other sentence and in addition to the sentence for the underlying felony, $250,000 fine, three years of supervised release, $100 special assessment, restitution.
- 18 U.S.C. 1029(a)(2) and (c)(1)(A)(i) (trafficking in unauthorized access devices): Ten years of imprisonment, $250,000 fine, three of years supervised release, $100 special assessment, forfeiture, and restitution.
- 18 U.S.C. 1030(a)(2)(C) and (c)(2)(B) (computer intrusion): Five years of imprisonment, $250,000 fine, three years of supervised release, $100 special assessment, forfeiture, and restitution.
- 18 U.S.C. 1030(a)(5)(A) and (c)(4)(B)(i) (causing damage to a protected computer): Ten years of imprisonment, $250,000 fine, three years of supervised release, $100 special assessment, forfeiture, and restitution.
However, any sentence following conviction would be imposed by the court after consideration of the U.S. Sentencing Guidelines and the federal statute governing the imposition of a sentence, 18 U.S.C. 3553.
Nikulin pleaded not guilty to the charges. Magistrate Judge Corley scheduled Nikulin's next appearance for status on April 2, 2018, and scheduled a detention hearing for April 4, 2018.
Michelle J. Kane and Matt Parrella are the Assistant U.S. Attorneys who are prosecuting the case, with the assistance of Vanessa Quant and Elise Etter. The prosecution is the result of a four-year investigation by the Federal Bureau of Investigation with the assistance of authorities in the Czech Republic and the U.S. Department of Justice's Criminal Division, Office of International Affairs.
Case #: CR 16-00440 WHA
A copy of this press release will be placed on the U.S. Attorney's Office's website here.
Electronic court filings and further procedural and docket information are available here.
Judges' calendars with schedules for upcoming court hearings can be viewed on the court's website here.