On Good Friday authorities in the Czech Republic extradited Mr Yevgeniy Nikulin, a Russian citizen to the United States so that he can be prosecuted on charges of hacking the information systems of LinkedIn, Dropbox and Formspring, thereby compromising personal data of about 200 million people.
Worse, Mr. Nikulin appropriated himself of the identities of employees in those countries to use their credentials for access to these three companies and a host of service providers and other business associates.
The case sparked an internal feud inside the Czech government where Mr Putin has made great inroads with the President while the Prime Minister tends to side with the West.
And it also triggered yet another tug-of-war between the U.S. and Russia. Russian authorities sought to stop the extradition request by the U.S. by filing charges against Mr Nikulin for an alleged theft of under US 4,000 through a virtual money website. Accordingly, they argued, Mr Nikulin had to be extradited to Moscow.
Browsing court papers what strikes as most interesting is Mr Nikulin’s modus operandi.
Once a target is chosen, he goes after an employee following the individual through every possible means up and until he is able to steal his or her identity.
Once this is accomplished, Mr Nikulin begins his system penetration resorting first to employee information so as to have several identities seized. This allows him to penetrate systems undetected, as he choses employees from target areas such as the finance departments or customer care.
He then starts copying information. Once he has obtained what he deems valuable, he closes files and goes on to another company. The method allows him to stay inside a company sucking its information for months before he is detected. Apparently, this case will bring light into the penetration of the computers by the National Democratic Committee and other government data banks compromised by Russian hackers in the U.S. and Europe.
The case promises to trigger greater enforcement by Western powers of the U.N. Convention against Transnational Organized Crime (the Palermo Convention) given that Russian hackers are committing crimes that are typified in the Russian penal code and by perpetrating such crimes cause grave damage to other nations.
This precisely was the reasoning used by the US prosecutors to indict the FIFA leadership several years ago.
Russia is preparing to counter this reversal of fortune.
In the petition to extradite Mr Nikulin the Kremlin claims that the United States has unfairly targeted Russians around the world for political purposes. Russian authorities also claim that the case against Mr. Nikulin was an effort to “extend the jurisprudence of American law to the territory of third countries.”
But the wave seems to be gaining momentum to Russia’s chagrin. This year, Spain extradited to the United States two Russians suspected of hacking. Another Russian, Aleksandr V. Vinnik, is being held in Greece pending extradition requests from Washington and Moscow. Should these individuals be extradited to the U.S., law enforcement authorities will have a field day with a very distinguished group of cyber criminals that have taken over cyber space for personal gain and that of their country of origin.
We might then begin to know the full extent of the damages so far caused by the 21st century buccaneers to business and political fortunes in the West.
Published by LAHT.com on Monday April 2nd, 2018