Originally posted by the Voice of America.
Voice of America content is produced by the Voice of America,
a United States federal government-sponsored entity, and is in
the public domain.


Tangled Web of Russia's Cyber Underground Further Exposed in US Hacker Trial

Mike Eckel

   In March 2012, a 25-year-old Russian computer whiz named Yevgeny
   Nikulin sat with several others in a conference room in a hotel in
   eastern Moscow. A video taken by a Ukrainian named Oleksandr Ieremenko
   showed them discussing plans for an Internet cafe business and other
   matters.

   In an earlier part of the video, Ieremenko, 19, drives to the hotel to
   meet the group, which he calls a "summit of bad [expletives]."

   That same month, according to U.S. prosecutors, Nikulin broke into a
   social media company engineer's computer a half a world away, in
   California -- and allegedly stole the usernames and passwords used by
   tens of millions of people to access their LinkedIn accounts. Some of
   that data was put up for sale on a notorious Russian hacker forum that
   June.

   These details and other evidence were contained in pretrial motions
   prosecutors filed this week ahead of the opening of Nikulin's trial in
   U.S. federal court in San Francisco. Jury selection is scheduled to
   begin Monday.

   The case against Nikulin, who was arrested in 2016 in Prague and
   extradited to the United States in 2018, is the latest example of a
   Russian citizen facing prosecution in the United States for
   cybercrimes. It's a trend that has infuriated the Russian Foreign
   Ministry, which complains that the United States is "hunting" Russians
   around the globe.

   But the pretrial motions add yet more evidence of the web of
   relationships among Russia's cyber underworld, allegedly tying Nikulin,
   now 32, to people who have been charged with even bigger, more serious
   hacks. That includes a hacker who allegedly worked for Russian
   intelligence to steal hundreds of millions of Yahoo user credentials --
   possibly used in the 2016 hack of the U.S. Democratic National
   Committee, according to cyberexperts.

   Nikulin, who was examined by court-ordered psychologists last year amid
   concerns about his mental health, has pleaded not guilty to the
   charges.

   Arkady Bukh, one of Nikulin's lawyers, said prosecution lawyers
   appeared to be trying to pressure Nikulin to plead guilty ahead of the
   trial -- particularly, he said, since the conviction rate for such
   cybercases is high.

   Nikulin, however, has refused his lawyer's counsel to change his plea
   to guilty.

   'Zhenya' from Moscow

   According to prosecutors' evidence, the video showing Nikulin,
   Ieremenko and others was from a hard drive seized by Ukrainian
   authorities who raided Ieremenko's home in Kyiv, and the homes of
   several other alleged Ukrainian hackers, in November 2012.

   An FBI affidavit said photographs found on the hard drive included
   photos that said "Zhenya from Moscow" -- a diminutive form of the name
   Yevgeny.

   The U.S. Secret Service obtained the hard drive as part of an
   investigation into hacks of several business newswires, a scheme that
   involved selling unreleased corporate information to stock traders who
   then made trades based on the nonpublic information.

   Ieremenko, now 27, was implicated in that scheme, but he gained wider
   notoriety in 2019 when U.S. authorities indicted him and another
   Ukrainian in connection with a similar scam that traded on corporate
   earnings reports stolen from a database of the U.S. Securities and
   Exchange Commission. Ieremenko is believed to be in Russia.

   According to the trial motions, Nikulin worked closely with Ieremenko
   in 2012, sharing hacked passwords and coding tips, using Skype
   accounts. A Skype address they tied to Nikulin -- dex.007 -- was used
   to send Ieremenko a link containing the password to one of Nikulin's
   accounts on a domain hosting site, along with stolen LinkedIn
   credentials.

   'Reporting on the spot'

   The video, one of eight copied from Ieremenko's hard drive, was shot on
   March 18 or 19, 2012. In it, the person making the video narrates it,
   saying: "In short, we are reporting on the spot. Now, here at this Vega
   Izmailovo Hotel, there will be a f****** summit of bad motherf*****s,"
   according to the U.S. transcript submitted in the court record.

   Nikulin also worked closely with another Russian, Nikita Kislitsin, who
   was indicted in the United States in 2014 on conspiracy charges related
   to the hack of another, lesser-known social media company called
   Formspring. Kislitsin's indictment, which was under seal since being
   filed, was unsealed earlier this week.

   U.S. prosecutors say that, three months after the Moscow meeting,
   Nikulin himself stole 30 million user credentials from Formspring and
   utilized some of those credentials when he hacked into the LinkedIn
   engineer's computer.

   According to the court documents, the FBI used "court-ordered
   electronic interceptions" -- phone and email taps -- to track Nikulin
   in 2012 and 2013.

   U.S. investigators discovered overlap with another Russian, Aleksei
   Belan, under investigation in connection with a separate hack: the
   theft of user credentials from the Internet giant Yahoo, beginning in
   2013.

.