Information operations · Information Warfare · Russia

Alleged Russian hacker extradited. Will he help Mueller probe?

Archive YouTube footage from 2015 shows Yevgeny Nikulin after a Lamborghini Huracan race outside Moscow. The U.S. has orchestrated multiple arrests of Russian cybercriminals across Europe over the past year. Alexander Zemlianichenko AP

Yevgeniy Nikulin allegedly hacked on behalf of Russian intelligence, dipping into LinkedIn, Dropbox, Formspring and Gmail. 

Nikulin was arrested in 2016 and Russia fought his extradition to the US with competing and allegedly fabricated charges for extradition to Russia. If Nikulin talks, he may well reveal much about Russian intelligence capabilities, interests, and history. 

This is huge in the world of hacking and given the current context of ‘the world vs. Russia’, this is even ‘huger’. Russia is taking major hits on multiple fronts and despite the Russian spin machine, Russian citizens are probably realizing that ““something is rotten in the state of Denmark”, or, in this case, Russia. Apologies to Shakespeare and Hamlet, but this phrase “is used to describe corruption or a situation in which something is wrong”.  Wrong, indeed.

</end editorial>


March 30, 2018 05:18 PM

Updated 11 hours 18 minutes ago

Nikulin’s extradition is expected to lead to intense pressure from U.S. prosecutors for him to agree to a plea deal so that investigators can learn what he knows about the Kremlin’s cyber operations. Still to be learned is whether Nikulin has information that could assist Special Counsel Robert Mueller’s inquiry into whether Donald Trump’s presidential campaign colluded in Russia’s cyber attacks during the election.

“The FBI will not allow international cyber criminals to operate with impunity,” John Bennett, special agent in charge of the FBI’s San Francisco office, said in a statement. “Nikulin allegedly targeted three Bay Area companies through cyber-attacks and will now face prosecution in the United States.”

Nikulin’s extradition happened days after a visit to Prague by House Speaker Paul Ryan, R-Wis., who called for his extradition during his stay. Ryan and Czech Prime Minister Andrej Babis discussed the case during a meeting Tuesday. Ryan tweeted out thanks late Friday for the action.

Russia and the United States both sought his extradition. Russia’s request sought to bring Nikulin back to that country to face minor internet theft charges that many observers felt were cobbled together in order to keep Nikulin from falling into American hands and divulging potentially embarrassing information about Kremlin intelligence operations. Radio Praha reported Friday that the Russian ambassador was not informed of Nikulin’s extradition and that the Czech court would explain the basis for its decision on April 3.

The world of cybercrime is a murky one, and experts have long contended that Russia’s FSB tolerates it because it is able, when needed, to call in chits and have criminal organizations do its bidding.

“The red flag for me is why the Russians fought so hard to keep him from being extradited,” said Nick Akerman, a former Watergate prosecutor. “Why would they care about some low-level hacker?”

Akerman added that Nikulin was “in the right place, at the right time in terms of what the Mueller probe is interested in …The fact that the Russians fought so hard makes you wonder (what he knows). You’d certainly expect the Mueller team would want to talk to him.”

One of Nikulin’s alleged targets was Formspring, a social media site, drew national attention because it was used by disgraced former Rep. Anthony Weiner, D-N.Y., who employed the now infamous alias Carlos Danger on that network. Weiner, then the husband of Hillary Clinton’s top aide Huma Abedin, has admitted to having sexually explicit online chats on Formspring with a young woman. The revelation became an ongoing embarrassment for the Clinton campaign.

Weiner admitted sexting and online chats that happened in 2012 and into 2013. The indictment against Nikulin alleges his hack of Formspring occurred between June 13 and June 19, 2012. It also alleges that he downloaded to a computer outside the United States the platform’s user database — complete with email addresses, names and encrypted passwords.

Since his arrest in the Czech capital, Nikulin appealed his extradition. His appeals reportedly reached their endpoint this week. Nikulin’s extradition notches another victory for the FBI, which has managed to nab alleged hackers in cities across the globe.

The FBI office that investigated Nikulin also, last March, built the first-ever criminal cyber case against a Russian state actor. That case involved the hack of Yahoo’s network and 500 million of its subscribers. Two of the four defendants were officers of Russia’s Federal Security Service, a Russian spy agency known by the letters FSB.

Those defendants are still in Russia, out of the reach of U.S. authorities.

The sudden extradition followed a week of tit-for-tat expulsions of Russian diplomats by the United States and its allies, and Russian retaliation. The expulsions were a response to the nerve-agent poisoning in Great Britain of former Russian spy Sergei Skripal and his daughter Yulia, which Prime Minister Theresa May put at the feet of the Russian government.

Attorney General Jeff Sessions hinted at that in a statement Friday about the allegations against Nikulin.

“This is deeply troubling behavior once again emanating from Russia,” he said. “We will not tolerate criminal cyber-attacks and will make it a priority to investigate and prosecute these crimes, regardless of the country where they originate.”

The big questions on the minds of prosecutors, intelligence officials and cyber security experts are just what Nikulin knows and who he might have worked with. The indictment mentions a co-conspirator but no one else has yet been named or charged.

Another looming question is whether Nikulin worked with the Internet Research Agency, a St. Petersburg-based troll farm tied to Russian intelligence. In February, Mueller brought an indictment accusing 13 Russians, including several intelligence officials, and three companies of roles in sowing chaos and aiding Trump in 2016 election. These Russians sought to spread distrust among voters and in the election results, and they were bankrolled, according to the Mueller indictment, by a businessman friend of Russian leader Vladimir Putin named Yevgeniy Viktorovich Prigozhin.




One thought on “Alleged Russian hacker extradited. Will he help Mueller probe?

Comments are closed.