The US Department of Justice indicted Russian national Yevgeniy Nikulin in several major cybercriminal offenses, such as stealing personal identities, usernames and credit card information of customers from Formspring, LinkedIn and Dropbox.
Nikita Kislitsin, an employee of a cybersecurity firm with offices in Moscow and Singapore Group-IB is an alleged co-conspirator in the Formspring 2012 case, according to the DOJ. Kislitsin joined the company in January 2013, about six months after the US prosecutors say Kislitsin tried to sell the Formspring data. US prosecutors have not alleged any wrongdoing by Group-IB.
Russian software firms are under scrutiny too after leading anti-virus software firm Kaspersky Labs, that has sold its software all over the world, was cooperating with the Russian Federal Security Service (FSB) – a claim the company has stringently denied.
Group-IB is a leading Russian cyber-security firm that also has an international clientele however, the company dismissed the charges against Kislitsin in statement the company shared with bne IntelliNews, as “only allegations,” arguing that no case has been made yet.
Indeed, Group-IB said that company representatives and Kislitsin met with representatives of the Justice Department to discuss Kislitsin research into hackers and the dark web that he conducted before joining Group-IB, while editor of the magazine “Hacker.”
From 2006-2012, Nikita Kislitsin was a famous journalist and as chief editor of Hacker wrote extensively about information security, programming, and computer network administration. The magazine paid particular attention to research into cyberattacks, analysis of cybercriminal groups’ tools, case studies of online fraud and hacking, and recommendations on cybersecurity measures and protection against cyberthreats. Kislitsin has also worked in the US as independent threat researcher in the US in 2012.
In Russia the cases of “poacher turned game-keeper” are common amongst the software engineering community and are usually amongst Russia’s best engineers.
Group-IB has offered to fully cooperate with the authorities as the company’s raison d’etre is to prevent cybercrime and hacking attacks. Like most countries Russia also suffers from digital crime and the Central Bank of Russia (CBR) reported earlier this year that Russian banks lost hundreds of millions of dollar to cybercrime in 2019. Last October the state-owned retail banking giant Sberbank was hacked and the personal details of millions Sberbank’s clients were offered for sale on the black marketing in what was Russia’s largest ever data breach, according to security experts. Group-IB regularly publishes research about payment fraud techniques and other cyber threat as a public service and has assisted international law enforcement in its investigations on occasion, according to a company spokesman.
Group-IB said it will support Kislitsin and has taken advice from international lawyers before taking its next steps. Kislitsin is currently employed as the head of network security, according to a company webiste
The indictment is short on details of the alleged crime and the evidence that has been publically released is based on little more than a conspiracy theory.
According to US press reports the case against Kislitsin is largely built on linking him to Yevgeniy Nikulin, a Russian national, who is set to stand trial in March in San Francisco for allegedly stealing 117mn usernames and passwords from Formspring, LinkedIn and Dropbox in a separate case.