A Russian man received a seven-year prison sentence for having hacked into computers belonging to LinkedIn, Dropbox and Formspring.

On September 30, Honorable William H. Alsup, U.S. District Judge for the Northern District of California, sentenced Yevgeniy Alexandrovich Nikulin, 32, of Russia to 88 months in prison.

This decision marked the end of a six-day trial for crimes committed by Nikulin against several technology companies in the Bay Area.

Court documents revealed that Nikulin had hacked into the computer of a LinkedIn employee living in the Bay Area while he was located in Moscow.

He used that unauthorized access to install malware on the computer, allowing him to control the device remotely and authenticate himself on LinkedIn’s corporate VPN using the affecting employee’s credentials.

Once inside LinkedIn’s corporate systems, Nikulin stole a database of users’ login information including their encrypted passwords.

Nikulin didn’t stop there, however. As the U.S. Attorney’s Office Northern District of California explained in a press release:

In addition, the evidence demonstrated that Nikulin was behind similar intrusions and thefts of data at Dropbox and at Formspring. The Court also found that Automattic, parent company of WordPress.com, was the victim of an intrusion by defendant, although there was no evidence that defendant stole any customer credentials.

International law enforcement arrested Nikulin while he was traveling in the Czech Republic on October 5, 2016. Authorities subsequently extradited him to the United States on March 30, 2018.

Ultimately, a jury convicted Nikulin of selling stolen usernames and passwords, installing malware on protected computers, conspiracy, computer intrusion and aggravated identity theft.

Judge Alsup stated that he handed down the 88-month prison sentence in the hopes that the punishment would deter anyone—including individuals located overseas—from engaging in similar conduct.

Nikulin has been in U.S. custody since (Read more...)