The Russian hacker accused of raiding LinkedIn, Dropbox and Formspring, and obtaining data on 213 million user accounts, has been found guilty.

On Friday, Yevgeniy Nikulin was convicted [PDF] by a San Francisco jury of committing computer intrusion, data theft, and other charges [PDF] relating to the databases he broke into and siphoned off in 2012.

The jury reckoned Nikulin probably swiped the LinkedIn account details, all 117 million of them, for commercial gain, though they didn’t think greed played a role in his theft of 28 million account records from Formspring and 68 million from Dropbox. The Linkedin info was put up for sale, and leaked online along with the Dropbox data and at least a portion of the Formspring haul. The data contained usernames, email addresses, and hashed passwords.

The prosecution outlined how Nikulin had stolen the login credentials of employees at a bunch of US tech firms, and then used them to access back-end systems before downloading vast amounts of personal data that he later sold. Much of the case rested on persuading the jury that various pseudonyms used by the hacker were, in fact, Nikulin.

Despite the unanimous jury decision, it was far from certain Nikulin would be found guilty, with district judge William Alsup repeatedly criticizing the prosecution’s case, at one point calling it “gobbledygook,” and the next day “mumbo jumbo,” as prosecutors tried to connect Nikulin to a wider hacking conspiracy.

Nikulin’s defense team argued the only solid evidence connecting him to the hacker was a document provided by the Russian government whose reliability it questioned, arguing that Nikulin had been set up by the Russians, who were feeding misinformation. Nikulin himself may have been hacked, his lawyer argued.

The FBI in response said that it had tracked Nikulin down to his Moscow apartment by following the hacker’s IP addresses and then confirmed it was him by observing his communications with others. As one example, an FBI agent testified that the hacker, using the alias “dex.007”, had told another hacker that he was going to buy himself a $25,000 watch for his 25th birthday. Nikulin turned 25 the day afterwards, said the agent.

Flash the cash… then dash

It was Nikulin’s ostentatious taste that finally led to his downfall. He was a wanted man, and Interpol, at the request of the US, had issued a Red Notice for his arrest. He attracted the attention of the Czech police when he visited Prague in 2016 with his girlfriend, driving around in a flashy car and spending liberally. The cops nabbed him in a restaurant.

Despite having been arrested four years ago, the trial has been dogged by delays; first by Russian authorities who tried to prevent him being extradited to America, and then following a lengthy dispute over whether he was mentally fit to stand trial.

When the trial finally began, it was almost immediately put on hold due to the coronavirus outbreak and was nearly abandoned after jury members made it plain they were uncomfortable spending the whole day in a confined space.

Source: Guilty: Russian miscreant who hacked LinkedIn, Dropbox, Formspring, stole 200-million-plus account records • The Register

Hackers infiltrated Collabera, siphoned off at least some employees’ personal information, and infected the US-based IT consultancy giant’s systems with ransomware.

We understand this swiped data included workers’ names, addresses, contact and social security numbers, dates of birth, employment benefits, and passport and immigration visa details. Basically, everything needed for identity theft. The recruitment’n’staffing biz, which employs more than 16,000 people globally and banks hundreds of millions of dollars a year in sales, does not believe the lifted records have been used for fraud.

Collabera could not be reached for comment, though El Reg has seen a copy of the internal memo sent to staff disclosing the details of the leak. File-scrambling malware was detected on the IT consultants’ network on June 8, and within a couple of days, it emerged at least some data had been stolen, according to the business.

Source: Collabera hacked: IT staffing’n’services giant hit by ransomware, employee personal data stolen • The Register