The US attorney's office in San Francisco on Friday (21 October) announced that the 29-year-old Russian man – Yevgeniy Nikulin – who was arrested in Czech Republic, was indicted by a federal grand jury on Thursday on multiple charges including computer intrusion, aggravated identity theft and conspiracy. Nikulin was accused of hacking and stealing information from the computer systems at three Bay Area technology companies – LinkedIn, Drop Box and Formspring.
The indictment alleges that Nikulin of Moscow used the credentials of LinkedIn and Formspring employees to illegally access the companies' computers back in 2012. Nikulin also allegedly damaged the employees' computers and was accused of conspiring with unnamed co-conspirators to traffic stolen Formspring user credentials.
While the LinkedIn breach was executed over just two days in 2012 from 3-4 March, the Dropbox hack allegedly took place over more than two months, from 14 May to July 25 in 2012.
Social media network Formspring, which shut down in March 2013, allowed users to ask or answer questions about anything. Working with unnamed co-conspirators, Nikulin allegedly tried to sell the Formspring user credential database for €5,500 (about $7,000) in 2012.
Nikulin's online aliases include Chinabig01, dex.007, valeriy.krutov3 and itBlackHat.
The suspect has been charged with three counts of computer intrusion, two counts of intentional transmission of information, code or command causing damage to a protected computer, two counts of aggravated identity theft and one count of trafficking in unauthorized access devices and conspiracy each.
He could face more than 30 years in prison and over $1m in fines, prosecutors said.
Nikulin was arrested on 5 October by law enforcement at a central Prague hotel in the Czech Republic in response to a "red notice" issued by Interpol. The arrest was made 12 hours after local authorities learned he was in the country with his girlfriend and driving a luxury car, local police said.
He was arrested without resistance, but was briefly hospitalized after collapsing before being taken into custody, the police said in a statement.
LinkedIn suggested on Wednesday that the arrest, which was carried out in collaboration with the FBI, was tied to the massive 2012 LinkedIn breach that compromised over 100 million users' emails and passwords. In May, the social media network confirmed that the mega breach compromised vastly more accounts than previously thought. Earlier this year, the stolen user credentials were put up for sale on the Dark Web by a hacker named "Peace."
"Following the 2012 breach of LinkedIn member information, we have remained actively involved with the FBI's case to pursue those responsible," LinkedIn said in a statement earlier this week. "We are thankful for the hard work and dedication of the FBI in its efforts to locate and capture the parties responsible for this criminal activity."
In August, Dropbox confirmed that a 2012 data breach was much more extensive than previously thought, involving over an estimated 60 million accounts.
Nikulin is currently in custody in Prague and could face extradition to the United States. However, the Russian Embassy in Prague has demanded that the suspected is handed over to them, escalating already heightened tensions between the US and Russia. A decision on his extradition will be taken by Prague's Municipal Court where Justice Minister Pelikan will make the final call.
Aleksei Kolmalov, a spokesman for the embassy, was quoted by state-run Russian news agency Tass as saying, "We insist that the detained Russian citizen should be transferred to Russia."
Earlier in October, Washington formally accused Russia of attempting to "interfere" in the upcoming presidential elections by orchestrating cyberattacks by Russian hackers against the Democratic National Committee and other political organizations. The Kremlin has denied the allegations.
US law enforcement officials said the new arrest is not related to those cyberattacks.