Feds indict hacker over LinkedIn, Dropbox attacks

black-vine-header-imagecredsymantec.jpgSymantec

The US justice system has indicted a Russian citizen for allegedly performing cyberattacks against LinkedIn, Dropbox and Formspring.

Unsealed on Friday, the indictment, issued by a federal grand jury in Oakland, California, alleges that Yevgeniy Aleksandrovich Nikulin of Moscow, Russia, is responsible for a series of attacks on the professional networking service LinkedIn and cloud storage provider Dropbox.

Nikulin also apparently targeted Formspring, a social networking service now known as Spring.me.

LinkedIn was the target of a 2012 data breach leading to the theft of data from over 160 million accounts, and while the US has only released limited details on what police claim are Nikulin’s crimes, law enforcement says that the Russian citizen used malware to compromise a LinkedIn employee’s PC and steal access credentials. Following on from this attack, Nikulin allegedly turned his attention to Dropbox.

US law enforcement claim that Nikulin not only caused damage to computers at each of the San Fransisco-based companies but also illegally obtained credentials and performed identity theft.

In addition, Nikulin allegedly planned to traffic stolen Formspring credentials with a co-conspirator.

See also: LinkedIn user? Your data may be up for sale

The 29-year-old was arrested on October 5 by law enforcement in the Czech Republic after a notice was posted by the International Criminal Police Organization (Interpol) in connection with a warrant issued for his arrest.

Nikulin remains in custody in the Czech Republic. However, under charges of computer intrusion, causing damage, two counts of aggravated identity theft, conspiracy, and trafficking, if found guilty, the Russian national could face over 30 years in prison.

More security news