Russian Hacker Nikulin Sentenced to Over 7 Years in Prison for Tech Industry Breaches

A Russian national was sentenced Tuesday afternoon to 88 months in prison for breaching several technology firms, capping a drawn-out legal battle that has involved competing extradition attempts, luxury sports cars, and delays due to the coronavirus outbreak.

Yevgeniy Nikulin was convicted in July of hacking into social media sites LinkedIn and Formspring in a pair of 2012 data breaches that compromised the personal information of 117 million individuals. Nikulin was also convicted of hacking into computers belonging to Dropbox, according to the U.S. Attorney for the Northern District of California David Anderson.

“Nikulin’s conviction is a warning to would-be hackers, wherever they may be. Computer hacking is not just a crime, it is a direct threat to the security and privacy of Americans. American law enforcement will respond to that threat regardless of where it originates,” Anderson said in a statement at the time.

Judge William H. Alsup of the U.S. District Court for the Northern District of California, who presided over the jury trial, said during the sentencing that he “had the feeling from time to time” that the case “was disjointed and possibly too weak to go to the jury,” but was convinced by the prosecution’s argument during the course of the trial.

The trial began in March but was suspended after two days due to the coronavirus outbreak. When the trial resumed in July, the defendant, attorneys, and Judge Alsup wore masks, while witnesses testified behind a glass panel, according to the U.S. Attorneys Office, which said it was the first federal jury trial in San Francisco since shelter-in-place rules took effect.

The trial and sentencing followed years of legal wrangling that has made it one of the most closely-watched hacking cases in recent memory. Nikulin was arrested in the Czech Republic while on vacation with his girlfriend in 2016, just two days before the Obama administration accused the Russian government of directing a hacking operation into the Democratic National Committee and other election-related organizations.

Nikulin was held in the Czech Republic for two years, however, as he battled the U.S.’s extradition request. The Russian government at the same time argued that he should be sent back to Moscow to stand trial for an alleged 2009 theft of about $3,500 from a website by the name of WebMoney. The Kremlin also argued that the U.S. government was waging a campaign against Russians around the world for political purposes. 

The extradition fight made its way to the highest levels of the Czech government, with the country’s president urging an extradition to Russia while the prime minister favored extradition to the U.S. Ultimately, the decision was left to the country’s minister of justice, who resigned from his post weeks after approving a U.S. extradition, citing ideological differences between him and his party.

Nikulin's lawyers argued on Tuesday that he had suffered already by spending several years in foreign jails where he couldn't see family or communicate with the people around him. Judge Alsup said the circumstances, as well as the coronavirus outbreak, made Nikulin's situation somewhat "Kafkaesque," but not quite because he committed the crime.

While awaiting trial in the U.S., Nikulin was placed in solitary confinement and allegedly attacked correction officers, but was deemed competent to stand trial after a psychiatric evaluation. Multiple media outlets also highlighted pictures of Nikulin that showcased his lavish lifestyle in Russia—including posing in Moscow’s Red Square next to a Lamborghini. Nikulin's social media pages included photographs with both the daughter of Russia’s defense minister and the Kremlin’s press secretary.

A timeline of events, courtesy of Dmitry Smilyanets

Court filings that surfaced during the trial also shed light into how many of Russia’s most notorious hackers, as well as the country’s intelligence services, know and sometimes work together. For example, Nikulin was in regular contact with Oleksandr Ieremenko, a Ukrainian national accused of hacking the U.S. Securities and Exchange Commission, reported CyberScoop’s Jeff Stone, who closely documented the multi-year trial. Additionally, prosecutors said during the trial that Nikulin worked with various people when he tried to sell the stolen data, including Alexsey Belan and Nikita Kislitsin, who allegedly tried selling Formspring data before he became an executive at Group-IB. The company, a Recorded Future competitor, said in a detailed statement that it supported Kislitsin, who was also charged in a separate indictment involving hacked data in March.

Documents made public during the trial identified Nikulin, Iremenko, Kislitsin, and an alleged cybercriminal as being present during a 2012 meeting where they allegedly discussed starting a business.

Dmitry Smilyanets, an expert threat intelligence analyst at Recorded Future, said the trial and sentencing illustrated the interconnected world of cybercrime.

“All top tier hackers, they know each other and pal around. In the case of Nikulin, we see he was connected with some of the most famous hackers in the world. That’s not just people on forums—these are people indicted by U.S. law enforcement for various serious crimes,” he said.