Russian Hacker’s $1.7M Restitution Order Overturned
A Russian cyber-criminal who hacked into three tech companies and stole more than 100 million user credentials will not have to pay restitution to his corporate victims.
Yevgeniy Aleksandrovich Nikulin was found guilty in July 2020 of causing data breaches at LinkedIn, Dropbox, and the now defunct social media platform Automatic in 2012.
Speaking during the closing arguments of Nikulin's trial, Assistant United States Attorney Katherine Wawrzyniak told the jury: “The data from one intrusion facilitated the next.”
Nikulin gained access to LinkedIn's data by hacking into the personal computer of LinkedIn engineer Nick Berry, then installing malware that gave him access to Berry's virtual private network (VPN) and the login credentials used by Berry to work remotely.
Nikulin used Berry's credentials to access LinkedIn's internal database and steal user credentials, which he then sold to associates. Some of the stolen data was used by Nikulin to infiltrate the work account of Dropbox employee Tom Wiegand and gain access to a shared employee Dropbox account.
Next, Nikulin used credentials stolen from Dropbox to compromise the work account of Formspring employee John Sanders and exfiltrate millions of hashed user passwords.
Nikulin was sentenced to serve 88 months in federal prison by US District