Man behind LinkedIn data theft nabbed in Prague

20 Oct 2016

Czech authorities have arrested a man US officials and LinkedIn believe stole personal information about millions of users of the social network for professionals.

Yevgeniy NikulinYevgeniy Nikulin, identified by law enforcement officials Wednesday as a Russian citizen, was arrested at a Prague hotel on 5 October on charges stemming from the 2012 data breach.

The theft didn't come to light until this spring, when a hacker claimed to have more than 100 million LinkedIn login names and passwords, or about a quarter of the Mountain View, California company's user base. LinkedIn confirmed the breach in May and reset passwords of affected users.

Hours after the arrest was made public, LinkedIn suggested that the arrest was tied to a 2012 breach of member information. A spokesman for the US Justice Department declined to confirm that or comment on a possible connection.

The company cooperated with the Federal Bureau of Investigation to track down the suspect, saying Wednesday that it was thankful for the FBI's efforts ''to locate and capture the parties believed to be responsible for this criminal activity".

In a statement, the FBI confirmed the arrest of "a Russian citizen suspected of conducting criminal activities targeting US interests", though the bureau declined to comment further.

The case has nothing to do with recent hacks of the Democratic National Committee or other political organizations that the Obama administration alleges were orchestrated by the Russian government, one US law enforcement official said.

The official described the hack of LinkedIn as fairly typical of the types of cybercrimes the FBI and other US law enforcement agencies have investigated in recent years.

In May, LinkedIn said that the 2012 breach resulted in more than 100 million of its users' passwords being compromised - vastly more than previously thought. The business social network said that it believes to be true a purported hacker's claim that 117 million user emails and passwords were stolen in the breach.

Police spokesman Jozef Bocan said the suspect was arrested in a Prague hotel. After the arrest the suspect collapsed, received first aid treatment and was hospitalized, Bocan said.

Another police spokesman, David Schoen, told The Associated Press the arrest took place on 5 October and that police delayed releasing information about it for "tactical" reasons.

Prague's Municipal Court will now have to decide on his extradition to the United States, with Justice Minister Robert Pelikan having the final say. Russian officials, however, are demanding that the suspect be handed over to them.

Spokeswoman Marketa Puci said the court ruled on 12 October that the man will remain in detention until the extradition hearing. No date has yet been set.

US authorities have two months to deliver to their Czech counterparts all the documents necessary for the Czech authorities to decide on the extradition request.

Stepanka Zenklova, spokeswoman for Prague's state prosecution, said US officials have not officially asked for the man's extradition.

Russia's TASS and RIA Novosti news agencies quoted Prague's Russian Embassy spokesman Alexey Kolmakov as saying that it was insisting that the suspect be handed over to Russia.

"The embassy has been taking all necessary efforts to protect the interests of this Russian citizen. We are in contact with his attorney," the embassy statement said.

"Russia repudiates Washington's policy of imposing its extraterritorial jurisdiction on all countries. We insist that the detainee is handed over to Russia."

Justice Ministry Tereza Schejbalova said her ministry has not received any official request from Russia in this case.

The US has accused Russia of coordinating the theft and disclosure of emails from the Democratic National Committee and other institutions and individuals in the US to influence the outcome of the election. Russia has vigorously denied that.

According to The New York Times, cybersecurity experts are unsure about the value of investigations and the filing of charges against foreign nationals.

Definitively identifying a culprit can be difficult because hackers often route their attacks through computers around the world, complicating efforts to trace the digital trail. In addition, extraditing suspects is often difficult when dealing with Russian and Chinese authorities.