The man accused of hacking LinkedIn, Dropbox and the Q&A Formspring forum, and then selling the stolen data of hundreds of millions of users, saw his trial interrupted for the third time by the coronavirus pandemic.
At a hearing on Tuesday, judge William Alsup again delayed the US trial of the alleged Russian hacker Yevgeniy Nikulin until June 1; the third of these delays since the COVID-19 virus appeared in San Francisco, where the proceedings are taking place. The judge also considered answers [PDF] jurors who were asked last week if they would be happy to return to the courthouse given the potential health risk.
A majority said no, as did several key witnesses. He is therefore back in prison for a guy arrested in 2016, suspected of having hacked the personal computers of employees of companies and compromised more than 200 million accounts.
On March 10 and 11, two days of Nikulin's estimated seven-day trial had already taken place, when the Governor of California locked the US state to stop the spread of the coronavirus, the hearings were suspended. Its recovery was delayed several times: it had to restart first on April 13, then after an extension of the lock, May 4.
Nikulin was stopped in the Czech Republic in October 2016 for his alleged role in hacks that took place more than three years earlier. He was staying in a hotel in Prague with his girlfriend and allegedly got around in an expensive car. Shortly after, the international criminal police organization Interpol identified him, published a red notice and the city victim caught him in a restaurant.
As soon as he had a collar, US prosecutors requested his extradition to the United States to face nine counts of hacking into the systems of LinkedIn, Dropbox, and Formspring, as well as for attempting to break into the systems. WordPress maker Automattic, pretending to be employees of each company. He faces ten years in prison if convicted.
Not so fast
The extradition lasted 18 months, largely because the Russian authorities – who he said recruited Nikulin to help him with his own hacking efforts – extradition request on a much smaller hack load. Eventually, Nikulin was flown to the United States where he pleaded not guilty to the charges, and a jury trial was scheduled.
US, Russia engage in fierce fight against LinkedIn hacking suspect
However, this process was further delayed due to concerns about Nikulin's mental health. His defense team said he suffered from a mental illness and was unable to fully understand what was going on. Justice Alsup accepted an assessment following reports of Nikulin's abuse and non-communication behind bars, which led to his being chained up during his preliminary hearings.
However, Nikulin refused to meet with the psychiatrist on his defense team, which resulted in the suspect being sent to a secure facility in Los Angeles for an eight-week assessment by a psychologist. the subsequent report [PDF] revealed disturbing details about Nikulin, including his father's abuse, his brother's suicide, and a family history of mental health issues.
However, the court approved the assessment that he was able to understand the charges against him and the situation he was in, and that he could follow the trial with the help of a Russian translator. .
His behavior has been attributed to a narcissistic personality disorder: “whose essential characteristics are” an omnipresent model of grandiosity, a need for admiration and a lack of empathy “.” His defense argued that he suffered from chronic post-traumatic stress disorder – a diagnosis the judge found “significantly less credible”.
This process took an additional nine months, so by the time the decision was made to proceed with a jury trial, the “voluminous discovery” was reviewed, a date fixed for trial and the statements of opening made, Nikulin has already been in tingling for 41 months, nearly three and a half years.
I see seashells
During the two days of the trial that took place, witnesses from the technology companies in question scanned the evidence [PDF] they knew how their systems were hacked by someone pretending to be an employee.
The intruder had successfully accessed and installed employee personal machines, including a “r57” backdoor shell. Their login credentials were then stolen and used to log into their employers' systems via a VPN. The logs of these attempts were sent for forensic analysis and were eventually traced to Nikulin by the FBI, it is said.
The hacks' goal was to steal, then sell in the metro, the user account credentials of LinkedIn, Dropbox and Formspring, and the intrusions were a huge success: despite the initial announcement that 6.5 million accounts had been compromised, LinkedIn later acknowledged this figure should have been no less than 117 million. Dropbox confirmed that 68 million of its accounts had been hacked. And Formspring has reset 28 million passwords as a result of the robbery.
A special FBI agent is expected to testify in the underground market for usernames and passwords, including encrypted and hashed passwords that are hacked via brute force attacks.
Despite repeated attempts to relaunch the trial, including reconfiguring the courthouse to allow for social distancing, house arrest orders, the problem will arise among expert witnesses from Washington and Southern California, and jurors and Witness health issues prevented him.
In one memorandum [PDF] the judge asked the prosecution team to meet, the legal justifications and the case history to postpone and / or call a trial have been gathered. Basically the issue is the fact that the trial started, and then there was a significant delay in the proceedings, during which time the jury may have forgotten the key details of the testimony and it is much more likely that the jurors will have read the cover of the case.
The foreclosure of San Francisco is now extended until the end of May, Justice Alsup is probably at the limit of what he could afford to ensure a fair trial. If it is extended after June 1, it is very likely that it will declare a trial in error and the whole process will have to start again.
Either way, Yevgeniy Nikulin will have to spend many months in prison until he has the opportunity to respond to the hacking charges. ®
Webcast: Build the Next Generation of Your Business in the Public Cloud