U.S. Convicts Russian Hacker Nikulin Over Massive Data Breach

Yevgeny Nikulin

A jury in San Francisco has convicted Russian citizen Yevgeny Nikulin over a series of hacks and cyberthefts eight years ago that targeted major U.S. social-media companies such as LinkedIn and Dropbox.

The District Court for the Northern District of California said on July 10 that Nikulin’s sentence would be pronounced on September 29.

The 32-year-old defendant, who was examined by court-ordered psychologists last year amid concerns about his mental health, pleaded not guilty to the charges.

His lawyer vowed to appeal the verdict, which he called a “huge injustice.”

The appeal must be filed within 60 days, Arkady Bukh said, adding that "some changes are possible" due to the coronavirus pandemic.

Nikulin faces up to 10 years in prison for each count of selling stolen usernames and passwords, installing malware on protected computers, as well as up to five years for each count of conspiracy and computer hacking.

According to U.S. prosecutors, Nikulin in 2012 stole the usernames and passwords used by tens of millions of social-media users to access their accounts. Some of that data was put up for sale on a notorious Russian hacker forum.

Nikulin was detained in the Czech Republic in October 2016, and his extradition to the United States 17 months later angered Russia.

Moscow had asked the Czech authorities to extradite Nikulin to his home country, citing him as a suspect in a $2,000 online theft in 2009.

His trial started in California in early March but was interrupted by the coronavirus pandemic a week later, when nearly all in-person court hearings were postponed across the United States.

Nikulin was targeted by U.S. law enforcement as part of a multiyear campaign to arrest some of the most notorious Russian hackers and suspected cybercriminals.

More than a dozen have been arrested in various countries, with Moscow accusing Washington of “hunting” Russian citizens.

With reporting by Bloomberg and TASS