Yevgeniy Nikulin allegedly hacked on behalf of Russian intelligence, dipping into LinkedIn, Dropbox, Formspring and Gmail.
Nikulin was arrested in 2016 and Russia fought his extradition to the US with competing and allegedly fabricated charges for extradition to Russia. If Nikulin talks, he may well reveal much about Russian intelligence capabilities, interests, and history.
This is huge in the world of hacking and given the current context of ‘the world vs. Russia’, this is even ‘huger’. Russia is taking major hits on multiple fronts and despite the Russian spin machine, Russian citizens are probably realizing that ““something is rotten in the state of Denmark”, or, in this case, Russia. Apologies to Shakespeare and Hamlet, but this phrase “is used to describe corruption or a situation in which something is wrong”. Wrong, indeed.
BY KEVIN G. HALL, GREG GORDON AND PETER STONE
March 30, 2018 05:18 PM
Updated 11 hours 18 minutes ago
The Czech Republic’s long-sought decision to surrender custody to the FBI of an alleged Russian hacker signals a potential break in the investigation of Kremlin meddling in the 2016 U.S. elections.
The Justice Department announced Friday afternoon Yevgeniy Nikulin’s sudden appearance in a San Francisco federal courtroom after an 18-month legal tug-of-war with the Russian government, which made a competing claim to extradite Nikulin.
Nikulin, 30, was arrested in a Prague restaurant on Oct. 5, 2016 and three days later, then-President Barack Obama made his first accusation of Russian meddling in the U.S. election. On Oct. 20, Nikulin was indicted on federal charges of hacking the private user databases of three U.S. internet giants, LinkedIn, Dropbox and Formspring, and mail accounts tied to Google. The indictment alleges Nikulin used several aliases, including Chinabig01 and itBlackHat.
Nikulin’s extradition is expected to lead to intense pressure from U.S. prosecutors for him to agree to a plea deal so that investigators can learn what he knows about the Kremlin’s cyber operations. Still to be learned is whether Nikulin has information that could assist Special Counsel Robert Mueller’s inquiry into whether Donald Trump’s presidential campaign colluded in Russia’s cyber attacks during the election.
“The FBI will not allow international cyber criminals to operate with impunity,” John Bennett, special agent in charge of the FBI’s San Francisco office, said in a statement. “Nikulin allegedly targeted three Bay Area companies through cyber-attacks and will now face prosecution in the United States.”
Nikulin’s extradition happened days after a visit to Prague by House Speaker Paul Ryan, R-Wis., who called for his extradition during his stay. Ryan and Czech Prime Minister Andrej Babis discussed the case during a meeting Tuesday. Ryan tweeted out thanks late Friday for the action.
Russia and the United States both sought his extradition. Russia’s request sought to bring Nikulin back to that country to face minor internet theft charges that many observers felt were cobbled together in order to keep Nikulin from falling into American hands and divulging potentially embarrassing information about Kremlin intelligence operations. Radio Praha reported Friday that the Russian ambassador was not informed of Nikulin’s extradition and that the Czech court would explain the basis for its decision on April 3.
The world of cybercrime is a murky one, and experts have long contended that Russia’s FSB tolerates it because it is able, when needed, to call in chits and have criminal organizations do its bidding.
“The red flag for me is why the Russians fought so hard to keep him from being extradited,” said Nick Akerman, a former Watergate prosecutor. “Why would they care about some low-level hacker?”
Akerman added that Nikulin was “in the right place, at the right time in terms of what the Mueller probe is interested in …The fact that the Russians fought so hard makes you wonder (what he knows). You’d certainly expect the Mueller team would want to talk to him.”
One of Nikulin’s alleged targets was Formspring, a social media site, drew national attention because it was used by disgraced former Rep. Anthony Weiner, D-N.Y., who employed the now infamous alias Carlos Danger on that network. Weiner, then the husband of Hillary Clinton’s top aide Huma Abedin, has admitted to having sexually explicit online chats on Formspring with a young woman. The revelation became an ongoing embarrassment for the Clinton campaign.
Weiner admitted sexting and online chats that happened in 2012 and into 2013. The indictment against Nikulin alleges his hack of Formspring occurred between June 13 and June 19, 2012. It also alleges that he downloaded to a computer outside the United States the platform’s user database — complete with email addresses, names and encrypted passwords.
Since his arrest in the Czech capital, Nikulin appealed his extradition. His appeals reportedly reached their endpoint this week. Nikulin’s extradition notches another victory for the FBI, which has managed to nab alleged hackers in cities across the globe.
The FBI office that investigated Nikulin also, last March, built the first-ever criminal cyber case against a Russian state actor. That case involved the hack of Yahoo’s network and 500 million of its subscribers. Two of the four defendants were officers of Russia’s Federal Security Service, a Russian spy agency known by the letters FSB.
Those defendants are still in Russia, out of the reach of U.S. authorities.
The sudden extradition followed a week of tit-for-tat expulsions of Russian diplomats by the United States and its allies, and Russian retaliation. The expulsions were a response to the nerve-agent poisoning in Great Britain of former Russian spy Sergei Skripal and his daughter Yulia, which Prime Minister Theresa May put at the feet of the Russian government.
Attorney General Jeff Sessions hinted at that in a statement Friday about the allegations against Nikulin.
“This is deeply troubling behavior once again emanating from Russia,” he said. “We will not tolerate criminal cyber-attacks and will make it a priority to investigate and prosecute these crimes, regardless of the country where they originate.”
The big questions on the minds of prosecutors, intelligence officials and cyber security experts are just what Nikulin knows and who he might have worked with. The indictment mentions a co-conspirator but no one else has yet been named or charged.
Another looming question is whether Nikulin worked with the Internet Research Agency, a St. Petersburg-based troll farm tied to Russian intelligence. In February, Mueller brought an indictment accusing 13 Russians, including several intelligence officials, and three companies of roles in sowing chaos and aiding Trump in 2016 election. These Russians sought to spread distrust among voters and in the election results, and they were bankrolled, according to the Mueller indictment, by a businessman friend of Russian leader Vladimir Putin named Yevgeniy Viktorovich Prigozhin.
PETER STONE IS A MCCLATCHY SPECIAL CORRESPONDENT