Russian Suspect Charged Over 2012 Hacks of LinkedIn and Dropbox

A Russian man arrested in the Czech Republic was indicted in California over cyberattacks on  LinkedIn and Dropbox in a case that has already raised tensions between the U.S. and Russia over his extradition, according to Bloomberg.

Yevgeniy Nikulin, 29, of Moscow, is charged with multiple counts of computer-enabled fraud and identity theft in the indictment filed Thursday and made public Friday in San Francisco federal court. Czech police  detained Nikulin at a Prague hotel on Oct. 5 after being alerted by a so-called Red Notice from Interpol.

Russia’s Foreign Ministry said Thursday it was working with Czech authorities to block Nikulin from being extradited. It said the arrest proves the U.S. is “hunting for Russian citizens across the world.“

The arrest follows the conviction of the son of a Russian lawmaker in Seattle two months ago on charges of orchestrating a global hacking bonanza in what a U.S. prosecutor called one of the most prolific credit card trafficking schemes in history. When Roman Seleznev was first arrested, the Russian Foreign Ministry accused U.S. agents of kidnapping him after a passport check in the Maldives and forcibly taking him to Guam.

This month, U.S. intelligence officials said publicly for the first time that they are “confident that the Russian government directed“ the hacking of  the Democratic National Committee and subsequent disclosures of almost 20,000 e-mails “to interfere with the U.S. election process.“ Russia has rejected the accusations.

Nikulin is accused in the indictment of executing the LinkedIn breach over two days in 2012, from March 3 to March 4, by using a company employee’s password and login. The Dropbox hack allegedly occurred over more than two months in 2012, from May 14 to July 25.

He is also accused in the indictment of breaking into the social networking platform Formspring to steal the company’s user accounts database. The breach, which began at an unknown date, ended on May 31, 2013, according to the indictment.

All three hacks were executed with the aid of three unnamed co-conspirators, two of whom used Gmail accounts to plan their attacks, according to the filing. They also discussed selling the Formspring data for 5,500 euros ($5,990).