Russian hacker, described as 'brilliant' by judge, gets seven years in a US clink for raiding LinkedIn, Dropbox A Russian scumbag found guilty of hacking into LinkedIn, Dropbox, and Formspring – and stealing data on over 200 million users – has been sent down for more than seven years. Yevgeniy Nikulin was sentenced to 88 months in an American prison by a federal court in San Francisco this week though the judge in this case, William …
"A Russian scumbag found guilty of hacking into..."
Not to condone his offences at all, however that leading line reads like it could have been pulled straight out of one of the trashier tabloids. Not that El Reg is above its fair dose of satire & mockery, but I'm used to a bit more effort & wit being invested in its take-downs.
"Could do better"
>Does the judge know that it means a used condom?
Firstly, the word does not appear to have been used by Alsup J., but rather by Mr McCarthy in reporting here on El Reg.
Secondly, it seems to have acquired that meaning in the early 20th century, after first and for a long time being a designation for a piece of sugar refining equipment. I was aware of the modern meaning as simply a despicable person, but had never heard of the earlier ones.
William Alsup is a fantastic judge. He was the one who adjudicated the Google vs Oracle API case and learned Java programming to adjudicate it right. Sadly it was butchered in appeals by judges without the same professional drive or competency.
He also recently handled the Google vs Levandowski case.
This post has been deleted by its author
... for Honest Journalism.
Unreported News: Your Man in the Public Gallery: Assange Hearing Day 20.
"Sympathy that Nikulin has a 10-year-old daughter in Russia, and he is unlikely to see his mother, who is in poor health, alive in person again due to being jailed in the US."
This didn't seem to concern him when he started hacking things left, right, and centre. So why should it concern anyone else.
This didn't seem to concern him when he started hacking things left, right, and centre. So why should it concern anyone else.
Short answer: Because that is what decent people should do.
Long answer: I do not know the facts in this case and I would guess neither do you. The fact that the judge expressed sympathy says a lot about his character and the situation as it came out during trial. I had to sit on the jury for someone who was eventually found guilty on multiple accounts of using, dealing and manufacturing drugs. Yes, data point of one, but please bear with me. The defendant made terrible choices that affected himself and his family. It was truly tragic on a number of levels. He deserved the sentence he got, but we all felt he deserved the help he reached out for prior to what he did and was denied. If the justice system lacks in sympathy, it can be completely automated and the people who are involved with it dehumanized. I fail to see how that would be a good thing.
Baloney.
We spend inordinate amounts of money trying to give miscreants alternatives. Most of them only show for the sessions as an excuse to get out of their cell and do not take advantage of the opportunities. (Of course there are some who do.) The state pen here has GED programs, continuing education beyond HS, skilled trades apprenticeship programs, self-improvement classes, counseling (mental, drug, alcohol, etc.).
Some people come out ahead; it depends on their personality.
Why are you even on this site if you have to ask that question?
Send a phishing email to 100,000 users, and even if only 10% of people fall for it, that's still 10k people you now have the credentials for. Now you can set up automation to send out more emails from that person's account, targeting internal users; more fall for this as the message comes from a trusted, internal address. You snag two admin credentials and dump databases. Burn the servers and the online backups on your way out, and hold the data for randsom when you find out they don't keep offline backups.
Would you be surprised to hear that this happens to different handfuls of random companies around the world monthly, if not weekly? And that the first two steps are usually completely automated? Before I forced our company to use MFA, we had 2+ people fall for this stuff every phishing campaign. Thankfully the crooks didn't realize they got access to some real juicy stuff and just sent out gift card scams.
LinkedIn is filled with high-up employees and Dropbox is used by businesses the world over. Phishing aside,gGetting corporate info like this is a goldmine to credential stuffers; imagine there is another leak where passwords are involved, and they correctly corroborate potential passwords using first and last name. No phishing needed.
There's also the chance that he got in on some of these scams, and negotiated cuts of the take for providing the information. Or someone paid him to steal it in the first place.
There's even more examples to be had but I don't want people getting any funny ideas about what I do in my spare time...
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
