back to article Russian hacker, described as 'brilliant' by judge, gets seven years in a US clink for raiding LinkedIn, Dropbox

A Russian scumbag found guilty of hacking into LinkedIn, Dropbox, and Formspring – and stealing data on over 200 million users – has been sent down for more than seven years. Yevgeniy Nikulin was sentenced to 88 months in an American prison by a federal court in San Francisco this week though the judge in this case, William …

  1. Andy Tunnah

    Nice opening

    A Russian scumbag ? Really ?

    1. Kane Silver badge
      Boffin

      Re: Nice opening

      He is Russian.

      He is a scumbag.

      What exactly is the problem here?

  2. macjules Silver badge

    A Russian scumbag found guilty of hacking into LinkedIn, Dropbox, and Formspring

    Next time mate, get a job with Facebook or Cambridge Analytica - they make a Netflix documentary about you instead of jailing you.

    1. Natalie Gritpants Jr Silver badge

      Re: A Russian scumbag found guilty of hacking into LinkedIn, Dropbox, and Formspring

      This was his interview process

  3. Anony Mice
    Thumb Down

    An intro worth of the Daily Mail

    "A Russian scumbag found guilty of hacking into..."

    Not to condone his offences at all, however that leading line reads like it could have been pulled straight out of one of the trashier tabloids. Not that El Reg is above its fair dose of satire & mockery, but I'm used to a bit more effort & wit being invested in its take-downs.

    "Could do better"

  4. rcxb
    Mushroom

    His lawyer argued that “the weight of the guilt and the pain of being separated from these people who love and need him is far more punitive than any term of imprisonment that this court or any other can issue to Mr Nikulin,”

    Judge & jury: "Challenge accepted..."

    1. Doctor Syntax Silver badge

      It's the judge who sets the sentence, not judge and jury.

      1. rcxb

        https://en.wikipedia.org/wiki/Jury#Jury_sentencing

  5. Jan 0

    Scumbag?

    Does the judge know that it means a used condom?

    Scum is just an obsolete term for spunk.

    1. Anonymous Coward
      Anonymous Coward

      Re: Scumbag?

      @"Scum is just an obsolete term for spunk."

      not to me it isn't, it might include spunk in the same way that filth includes things other than faeces but I have never heard it being inherantly linked before.

    2. Jonathan Richards 1 Silver badge

      Re: Scumbag?

      >Does the judge know that it means a used condom?

      Firstly, the word does not appear to have been used by Alsup J., but rather by Mr McCarthy in reporting here on El Reg.

      Secondly, it seems to have acquired that meaning in the early 20th century, after first and for a long time being a designation for a piece of sugar refining equipment. I was aware of the modern meaning as simply a despicable person, but had never heard of the earlier ones.

      Source: Where Did the Word “Scumbag” Come From?

      1. Anonymous Coward
        Anonymous Coward

        Re: Scumbag?

        yes, scum on water i.e that which floats upon water used for cleaning.

        Not met the reference to sugar equipment

  6. Synkronicity

    William Alsup is a fantastic judge. He was the one who adjudicated the Google vs Oracle API case and learned Java programming to adjudicate it right. Sadly it was butchered in appeals by judges without the same professional drive or competency.

    He also recently handled the Google vs Levandowski case.

  7. Anonymous Coward
    Anonymous Coward

    So if we let him go today, he'd go directly back to Russia and start hacking again, but two years in prison will cause a different outcome? Or will it just delay his return to hacking by two years?

    1. This post has been deleted by its author

  8. Anonymous Coward
    Anonymous Coward

    Meanwhile Julian Assange faces 150 years in Solitary ...

    ... for Honest Journalism.

    Unreported News: Your Man in the Public Gallery: Assange Hearing Day 20.

    1. Robert Grant Silver badge

      Re: Meanwhile Julian Assange faces 150 years in Solitary ...

      I find that guy's writing style so tedious to wade through.

  9. Version 1.0 Silver badge
    Meh

    Hacking is a crime

    But leaving the door unlocked (or just propped shut) on your data is not - there's no need to make all your data secure because you can jail anyone who wanders through the door and walks off with it. No wonder the would is hacked al the time.

    1. Nunyabiznes

      Re: Hacking is a crime

      Locks keep honest people honest - at best good coding and security will encourage miscreants to move to a softer target. However, if the perceived benefit is higher than the cost of attacking your security, someone will be poking around your perimeter soon enough.

  10. Aristotles slow and dimwitted horse Silver badge

    Sympathy...

    "Sympathy that Nikulin has a 10-year-old daughter in Russia, and he is unlikely to see his mother, who is in poor health, alive in person again due to being jailed in the US."

    This didn't seem to concern him when he started hacking things left, right, and centre. So why should it concern anyone else.

    1. Pascal Monett Silver badge

      Re: Sympathy...

      Indeed.

      If you can't do the time, don't do the crime.

    2. Robert Helpmann??
      Childcatcher

      Re: Sympathy...

      This didn't seem to concern him when he started hacking things left, right, and centre. So why should it concern anyone else.

      Short answer: Because that is what decent people should do.

      Long answer: I do not know the facts in this case and I would guess neither do you. The fact that the judge expressed sympathy says a lot about his character and the situation as it came out during trial. I had to sit on the jury for someone who was eventually found guilty on multiple accounts of using, dealing and manufacturing drugs. Yes, data point of one, but please bear with me. The defendant made terrible choices that affected himself and his family. It was truly tragic on a number of levels. He deserved the sentence he got, but we all felt he deserved the help he reached out for prior to what he did and was denied. If the justice system lacks in sympathy, it can be completely automated and the people who are involved with it dehumanized. I fail to see how that would be a good thing.

  11. HellDeskJockey

    Sorry but there needs to be a consequence. My work email was one of the compromised addresses. I have to spend every day deleting phishing emails, and be very aggressive about hacking. This annoys me and costs my employer.

  12. sitta_europea

    He'll never change.

    1. Version 1.0 Silver badge

      A US jail sentence is just punishment, there is zero effort to change people's attitudes or rehabilitate them when the sentence expires so when you are released you just go back to work and hack some more.

      1. Nunyabiznes

        Baloney.

        We spend inordinate amounts of money trying to give miscreants alternatives. Most of them only show for the sessions as an excuse to get out of their cell and do not take advantage of the opportunities. (Of course there are some who do.) The state pen here has GED programs, continuing education beyond HS, skilled trades apprenticeship programs, self-improvement classes, counseling (mental, drug, alcohol, etc.).

        Some people come out ahead; it depends on their personality.

  13. James 47

    How did he become so wealthy? Is user information really that valuable? To who?

    1. sev.monster Bronze badge
      IT Angle

      Why are you even on this site if you have to ask that question?

      Send a phishing email to 100,000 users, and even if only 10% of people fall for it, that's still 10k people you now have the credentials for. Now you can set up automation to send out more emails from that person's account, targeting internal users; more fall for this as the message comes from a trusted, internal address. You snag two admin credentials and dump databases. Burn the servers and the online backups on your way out, and hold the data for randsom when you find out they don't keep offline backups.

      Would you be surprised to hear that this happens to different handfuls of random companies around the world monthly, if not weekly? And that the first two steps are usually completely automated? Before I forced our company to use MFA, we had 2+ people fall for this stuff every phishing campaign. Thankfully the crooks didn't realize they got access to some real juicy stuff and just sent out gift card scams.

      LinkedIn is filled with high-up employees and Dropbox is used by businesses the world over. Phishing aside,gGetting corporate info like this is a goldmine to credential stuffers; imagine there is another leak where passwords are involved, and they correctly corroborate potential passwords using first and last name. No phishing needed.

      There's also the chance that he got in on some of these scams, and negotiated cuts of the take for providing the information. Or someone paid him to steal it in the first place.

      There's even more examples to be had but I don't want people getting any funny ideas about what I do in my spare time...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022