AuthorTopic: Russian Hacker Behind LinkedIn Breach also Charged with Hacking Dropbox and Form  (Read 346 times)

Offline Palloy

  • Moderator
  • Sous Chef
  • *****
  • Posts: 3751
    • View Profile
    • https://palloy.wordpress.com
So Nikulin gained access by getting "the credentials of employees", presumably those with root access - that is, complete control over the site. 

In the DD context, those credentials would be for either CPanel, or FTP or SSH logins. I think I am the only one that uses FTP and SSH credentials. I don't know how many Diner admins actually use CPanel.  I have PMed RE with those credentials in the past (PGP encrypted), and will do it again today.  It is ESSENTIAL that these credentials are not lost to hackers.

How Nikulin got the credentials is another matter, perhaps by a phishing attack, or by trying passwords that are also used on other sites that have been hacked, or by a treacherous employee giving them.

http://thehackernews.com/2016/10/linkedin-russian-hacker.html
Russian Hacker Behind LinkedIn Breach also Charged with Hacking Dropbox and Formspring
October 24, 2016
Mohit Kumar
 
The alleged Russian hacker, who was arrested by the FBI in collaboration with the Czech police, was believed to be the one responsible for massive 2012 data breach at LinkedIn, according to a statement released by LinkedIn.

Now, United States authorities have officially indicted Yevgeniy Aleksandrovich Nikulin, 29-years-old Russian national, for hacking not just LinkedIn, but also the online cloud storage platform Dropbox, and now-defunct social-networking company Formspring.

Nikulin was arrested in Prague [Watch Video] on October 5 by the Czech police after Interpol issued an international arrest warrant.

According to an indictment unsealed Friday, Nikulin had hacked three Bay Area technology companies in the spring and summer of 2012, which includes LinkedIn Corp, Dropbox, and Formspring.

Nikulin gained access to LinkedIn's network between March 3 and March 4, 2012; Dropbox's network between May 14 and July 25, 2012; and Formspring between June 13 and June 29, 2012.

The U.S. Justice Department also says that Nikulin allegedly gained access to credentials belonging to LinkedIn and Formspring employees, which helped him carry out the computer hacks.

The hacker is reported to have stolen accounts of more than 117 Million LinkedIn users and more than 68 Million Dropbox users. Authorities also say that after stealing data from the three companies, Nikulin worked with unnamed co-conspirators to sell the stolen data.

In September, a hacker was selling this Dropbox data dump on a Dark Web marketplace known as TheRealDeal for around $1200.

However, earlier this month, well-known researchers Thomas White uploaded the full Dropbox data dump of 68,680,741 accounts onto his website for anyone to download the leaked database for free.

US officials have charged Nikulin with:

    3 counts of computer intrusion.
    2 counts of intentional transmission of information, code, or command causing damage to a protected computer.
    2 counts of aggravated identity theft.
    1 count of trafficking in unauthorized access devices.
    1 count of conspiracy.


Nikulin faces a maximum of 32 years in prison and a massive fine of over $1 Million, according to the maximum penalties for each count.

The hacker remains in custody in Prague, Czech Republic. The FBI is waiting for a Czech court to decide on his extradition to the United States.
The State is a body of armed men

 

Related Topics

  Subject / Started by Replies Last post
0 Replies
376 Views
Last post September 14, 2015, 08:35:56 PM
by Palloy
0 Replies
364 Views
Last post January 23, 2017, 01:08:42 PM
by Palloy2
0 Replies
258 Views
Last post June 19, 2017, 05:40:13 PM
by Palloy2