Russian national Yevgeniy Nikulin has been sentenced to 88 months in prison for hacking into Bay Area tech companies LinkedIn, Dropbox, and the social networking platform formerly known as Formspring. The sentence follows a six-day jury trial and guilty verdict, the Department of Justice reports.
The jury found Nikulin hacked into computers belonging to these three organizations and damaged computers belonging to LinkedIn and Formspring by installing malware on them. He stole and used login credentials belonging to LinkedIn and Formspring employees; in addition, he conspired with other people to sell customer data he obtained in these intrusions.
Nikulin was in Moscow when he broke into the computer of a Bay Area-based LinkedIn employee and installed malware that enabled him to control the machine remotely and use the target's credentials to access LinkedIn's corporate VPN, evidence presented at trial indicates. With this access, he stole a database containing user login data, including encrypted passwords.
The evidence shows he was responsible for similar attacks and data thefts at Dropbox and Formspring. While the Court found Nikulin has also hacked into WordPress parent company Automattic, there was no evidence to show he had stolen any of its customer credentials.
Nikulin's trial began in March 2020 and he was convicted by a federal jury in July. He was convicted of selling stolen usernames and passwords, installing malware on protected computers, conspiracy, computer intrusion, and aggravated identity theft. In US custody since his March 2018 extradition from the Czech Republic, he will begin his sentence immediately.
Read the full DoJ release for more details.