A Russian hacker, Yevgeniy Nikulin, was found guilty for selling databases on the black market after breaching Dropbox's internal networks, LinkedIn, and Formspring back in 2012. ZDNet reported that the jury verdict, which was passed on Friday, was the first trial in California since the beginning of the global pandemic caused by COVID-19.
LinkedIn, Dropbox, and Formspring were hacked by Nikulin in the spring of 2012. Based on the trial's court documents and evidence, LinkedIn was the first one hacked by Nikulin between March 3 and 4, 2012. He abused the employee's VPN by infecting the employee's laptop with malware, allowing him to access the internal network of LinkedIn.
Also Read: Study: There are Now about 15 Billion Stolen Logins in the Dark Web, See the Actual Figures Here
Around 117 million user records and data were stolen, including passwords, usernames, and emails. The Russian hacker sent spear-phishing emails using the stolen LinkedIn data to employees from different companies, including the staff working at Dropbox. He also hacked a Dropbox's employee account, allowing him to invite himself to a Dropbox folder containing the company's data.
The authorities stated that Nikulin was able to make off with a trove of information on 68 million Dropbox users, including email usernames and hashed passwords, during the breach that lasted from May 14 to July 25, 2012. He was able to make his way into the Formspring engineer's employee account between June 13 and June 29, 2012. Nikulin was able to access the company's internal user database, which contained 30 million user details.
He sold the stolen databases to other cyber-criminals on the underground hacker market. The data was identified in 2015 and 2016 because many data traders put the stolen databases on criminal e-commerce stores and publicly-accessible forums.
Russian hacker, arrested
According to the previous report of ZDNet, the investigation began after the three big companies filed criminal complaints in California in 2015. The Russian hacker was arrested while vacationing in Prague with his girlfriend, a year later, in October 2016. Nikulin's extravagant lifestyle, financed by his hacking activities, was published in 2016 by a Radio Free Europe editorial.
The report highlighted several expensive watches, luxury cars, and travels around Europe. He later admitted owning a Bentley, a Lamborghini Huracan, a Mercedes-Benz G-Class, and a Continental GT. Nikulin was arraigned after being sent to the United States in the summer of 2017--despite attempting to fight extradition in the Czech Republic.
He remained incarcerated; refusing to reach a plea deal or cooperating with the investigation, while changing lawyers several times. The judge was concerned with his mental health after he refused to talk with councils and appear in front of the court because he was mentally apt for a trial; psychologists examined him under the court's order.