Posted on July 22 2019
Hacker’s R’ US
We sell your data, a lot of data (originally posted March 28, 2018)
Defendant Nikulin made his first appearance in Federal Court, it appears he is being represented by a Public Defender. The Judge ordered a Russian speaking translator. Nikulin entered a Not Guilty Plea, See Minute Order on the recent docket report below:
Also on a related note, earlier this week Speaker Ryan traveled to Czech Republic and gave a speech to the lower parliament. Keep in mind the Czech Courts had yet to make a determination on Nikulin’s Extradition. It’s also worth noting that this was a tug of war between America and Russia, as detailed in the original entry, below the fold.
Speaker Ryan went on to disclose the following:
On March 27 (before the Extradition announcement): we have every reason to believe and expect that Mr. Nikulin will be extradited to America.”
See Radio Free Liberty Article, Speaker Ryan in Prague addresses Nikulin Extradition See video of Speaker Ryan meeting with the under chamber of the house of Reps in Prague
Yevgeniy Nikulin Welcome to America
For those who do not know, one of my main areas of research has and will always be:
- Hackers, Hacking, basically Cyber Warfare, Cyber Darwinism
- Court Activity related to aforementioned.
- Extradition of said hackers and/or Oligarchs
- Russia, Ukraine, North Korea, Kazakhstan, Turkey, Iran
On fact that shouldn’t be overlooked is, factually speaking the United States of America has an Extradition Treaty with the Czech Republic, See the State Department Link. Below is a quick chronology of said Extradition Treaty:
Between the UNITED STATES OF AMERICA and the CZECH REPUBLIC
Signed at Prague May 16, 2006 - “Entered into Force” February 1, 2010
Perhaps that might explain why my twitter accounts were targeted over and over again. At one point I was tracking 11 Indictments of various hackers. Sadly all that data is now gone. Yet here I am once again rebuilding what I had previously built 3 times before. So imagine my delight seeing this Reuters article, Nikulin Czech Court -Extradition to USA
What was overlooked is Nikulin filed an appeal for BOTH America and Russia extraditions. Once again Russia trying to end-run America. On February 2, 2018 the Czech Constitutional Court Suspended Nikulin’s Appeal for his extradition to Russia. Nikulin’s Attorney, Vladimir Makeev. argued that the main goal was to fight his extradition to America. Court later referenced Nikulin’s Attorney’s argument in their order to suspend extradition proceedings to Russia;
“Prague can refuse extradition not only to the Americans, but also to Russia. However, the main goal of the defense is to prevent the extradition of the detainee to the United States, where he faces 54 years of imprisonment for cybercrime,”
Nikulin was arrested by the Czech police at the request of the FBI in October 2016. And has remained in Czech custody since then. He is accused of involvement in hacker attacks on the sites of a number of large American companies in 2012.
Nikulin stated he was “forced” to give false evidence – when he confessed his hacking was part of Russia’s 2016 interference.
Shortly thereafter Russia sent a request for its extradition. In Moscow he is accused of stealing more than 100 thousand rubles ($1780) from e-wallets in 2009.
And thus explains why Nikulin dropped his appeal concerning his extradition to Russia.
October 2016 Department of Justice Press Release:
Nikulin, accessed computers belonging to LinkedIn, Dropbox and Formspring, each of which has its headquarters in the San Francisco Bay Area.
The indictment further alleges that the defendant accessed the computers without authorization and that he obtained information from the computers.
According to the indictment, the defendant also caused damage to computers belonging to a LinkedIn employee and to Formspring by transmitting a program, information, code, or command
Nikulin also is alleged to have used the credentials of LinkedIn and Formspring employees in connection with the computer intrusions.
Further, Nikulin is alleged to have engaged in a conspiracy with unnamed co-conspirators to traffic stolen Formspring user credentials.
In all, Nikulin is charged with three counts of computer intrusion; two counts of intentional transmission of information, code, or command causing damage to a protected computer; two counts of aggravated identity theft; one count of trafficking in unauthorized access devices; and one count of conspiracy.”
The Unsealed Indictment
Once the Czech Government confirmed that Nikulin was in custody, the Department of Justice unsealed his Indictment and Superseding Indictment. You can read/download the Nikulin Nikulin Indictment
The attached penalty sheet can no found on page 2 - I’ve taken the liberty of embedding the statutes, which will take you to the Government Printing Office.
18 U.S.C § 371; Conspiracy to defraud - penalty of up to Five years of imprisonment, $250,000 fine (or alternatively, twice the gross gain or gross loss, whichever is greater), three years of supervised release, $100 special assessment, forfeiture, and restitution.
18 U.S.C, § 1028A(1): Aggravated Identity Theft - Two-year mandatory minimum sentence of imprisonment to run consecutive to any other sentence and in addition to the sentence for the underlying felony, $250,000 fine (or alternatively, twice the gross gain or gross loss, whichever is greater), three years of supervised release, $100 special assessment, restitution.
18 U.S.C. § 1029(a)(2) and (c)(l)(A)(i): Fraud and related activity in connection with access devices, colloquially known as credit card theft - Ten years of imprisonment, $250,000 fine (or alternatively, twice the gross gain or gross loss, whichever is greater), three of years supervised release, $100 special assessment, forfeiture, and restitution.
18 U.S.C. § 1030(a)(2)(C) and (c)(2)(B): Fraud and related activity in connection with computers - Five years of imprisonment, $250,000 fine (or alternatively, twice the gross gain or gross loss, whichever is greater), three years of supervised release, $100 special assessment, forfeiture, and restitution.
18 U.S.C. § 1030(a)(5)(A) and (c)(4)(B)(i): Ten years of imprisonment, $250,000 fine (or alternatively, twice the gross gain or gross loss, whichever is greater), three years of supervised release, $100 special assessment, forfeiture, and restitution.
Remember that the date on this Indictment is also important, October 2016 - the hackers targeted LinkedIn, DropBox, FormSpring and Google
Again the initial hack occurred in 2012 and in to 2013/2014 - with respect to the LinkedIn Hack the hackers used a LinkedIn Employee L.B. credentials to essentially smash and grab data. You’ll also note on page 4 of the Indictment there are three co-conspirators
Moving on to pages 5 and 6 - here the Indictment states the co-conspirators used gmail to communicate and once they exfiltrated the data, specifically MindSpring they then turned around and tried to sell it for €5,500 - what’s somewhat interesting is how long the hackers had access
On or about July 16, 2012, CO-CONSPIRATOR 1 sent an email message to CO-
CONSPIRATOR 3's Gmail account offering to sell the stolen Formspring user information database for €5,500...
customers of Formspring, Inc., and by such conduct from on or about June 1, 2012, and ending on or about May 31, 2013,
On page 7 we learn that the hackers used the credentials of FormSpring Employee L.S. As you might recall I’ve always thought that this was an important hack that it was the “planting of seeds” for the big hack (Yahoo!, OPM and credit rating agencies). That the tactics used in 2009-2012 are strikingly similar to the Xagent, XTunnel and Chopstick. Granted you could argue that it’s merely a tried and tested Playbook and I’d agree with you.
My counter argument is you need to find “zero day” - in the scientific physics and research community it’s known as Boggs-Hosin - colloquially known as the “god particle” - that same theory can and should be used when it comes to hostile foreign states and “for hire” hackers. Meaning you need to know from cradle to jail cell of the “why, when, how, what” Nikulin and his Co-conspirators targeted these companies. Otherwise you are only seeing part of a large mosaic. Again I could be wrong but in order to successfully litigate you need to know the whole picture not just a frame or two. There is a distinct possibility that we will never know but I do think it’s important to unearth all the facts of this particular hack. Absent that - then you forfeit the ability to understand the totality of the hack.
Video of Nikulin October 2016 arrest
United States v. Nikulin (3:16-cr-00440)
Update July 2019
Before we jump down the docket-hole - I think it’s worth taking a quick moment and re-frame the LinkedIn Hack. As the 2016 Indictment alleges Nikulin was the main hacker. At the time LinkedIn acknowledged they had about 6million Accounts compromised. Fast forward to May 2016 - LinkedIn Officially acknowledged the totality of the data breach. On LinkedIn's website, specifically their. May 18, 2016 blog entry:
Yesterday, [May 17, 2016] we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012. We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords. We have no indication that this is as a result of a new security breach.
In 2012 DropBox initially stated about 6.9Million user credentials “may have been compromised”. As with any massive data breach the numbers almost always change and the swing can be somewhat astronomical when compared to the initial assessment. My assumption is with the assistance of their security teams, academic scholars, data scientists and Law Enforcement - although I personally think it was the hackers to “teased the data-load” when they dumped 700K accounts in a pastebin) put the data breach at tens of millions. And by late August -early September of 2016 the number of accounts was largely report as over 68 million. Full Disclosure I use DropBox - a lot. I am not paid to endorse this product. I’m customer. In early 2018 I was sent what looked like a spearfishing email - asking for my DropBox credentials. I contacted DropBox and they kept me updated in a timely manner, set my expectations and within <2 hours confirmed that email sent was a spearfishing email
July of 2018 DropBox via this blog entry
And yes I’ll admit that this particular case fell off my radar. Sadly I moved on to other matters. I am completely embarrassed to admit I had completely forgot about this case. It wasn’t until someone sent me a message asking for an update & explanation of last Friday’s docket entry.
So “friend” my otherwise leisurely Sunday evening was spent reading dozens of docket entries. Therefore Hades the following update dedicated to you, because had it not been for the message I would have completely dropped the ball. As with my standard practice, I’ll embed links to the various filings - if there’s a paywall then I’ll upload to my public Google Drive.
Crazy like a Fox? Maybe
Delay. Distract. And delay again
To say there has been a significant amount of docket activity is an understatement. On September 4, 2018 the the Court granted the Government and Defense Counsel Request for a Competency exam. The Court specifically stated:
Court finds that there is reasonable cause to believe that defendant Nikulin “may presently be suffering from a mental disease or defect rendering him mentally incompetent to the extent that he is unable to understand the nature and consequences of the proceedings against him or to assist properly in his defense.”
Defendant Nikulin on three separate occasions then refused to “cooperate” with the Court Ordered Dr to examine him, which left Defendant Nikulin’s defense counsel exasperated. That he subsequently filed a status report (on October 1, 2018) asking “guidance from the Court” to wit the Court then issued the following (albeit tersely worded) Order:
Defendant does not have a right to obstruct the orderly prosecution of this case. The undersigned hereby directs the United States Marshals Service to bring defendant to court on Tuesday, October 9 (forcibly or otherwise) unless defendant’s counsel presents medical evidence beforehand that defendant’s transport to the courthouse will endanger his health.
When Defendant Nikulin refused to cooperate (keep in mind this is after two separate Court Orders) the only viable and reasonable recourse by the Court was to Order Nikulin Committed, pursuant to 18 USC §4241(b) - Determination of mental competency to stand trial to undergo postrelease proceedings
ORDERS defendant committed for a reasonable period, not to exceed thirty days, to the custody of the Attorney General for placement in a suitable facility for purposes of an examination pursuant to 18 U.S.C. § 4241(b).
The director of the facility may apply for a reasonable extension, not to exceed fifteen days, upon a showing of good cause that the additional time is necessary to observe and evaluate the Defendant, as provided in 18 U.S.C. § 4247(b)
It is also important to note that as the mental competency was in question his criminal trial had commenced. Accordingly the trial was effectively paused until a full mental competency report was submitted to the Court and parties. On December 18, 2018 the Court issued yet another order granting the BOP an extension of time.
Having received such an application, and for good cause shown, the Bureau of Prisons’ request for a fifteen-day extension to complete the evaluation is GRANTED. The examiner’s report shall be provided to the Court by February 8, 2019. The government shall please provide a copy of this order to the Bureau of Prisons.
Which now brings us to March 2019 Order - at which point the parties had agreed to exclude time under the caveat of this case is a complex matter and under the Speedy Trial Act both parties did not have adequate time to prepare for the trial to resume. As previously ordered:
The Bureau of Prisons Forensic Psychologist provided a report to the Court, which the Court provided to the parties on February 11, 2019;
defendant’s transport back to this District was delayed, for reasons including severe weather, the parties jointly filed a request that the Court continue
...good cause shown, the Court finds that failing to exclude the time between March 12, 2019, and April 30, 2019, would unreasonably deny the defendant the reasonable time necessary for effective preparation
Just before Nikulin’s April 2019 Evidentiary Hearing on his Competency - Czech Republic President Miloš Zeman broke with the former Foreign Minister and gave multiple interviews. I could be wrong but I do believe that this is the first time the internal fight within the Czech Republic Government spilled out in the open.
🌶SpicyFiles Sidebar - Czech April 2019 Nikulin Constitutional Court Ruling🌶
This Radio Czech Republic article is a decent primer and I highly recommend you read it - especially the last two sentences. I’d have to do a bit more research on the “compensation liability” as I’m not well versed in the Czech Republic Constitutional Court or instruments Russia would use to seek compensation from the Czech Republic. Although as a casual observer it does appear that Russia seems to have “infected” Interpol and their abuse of the Red Flag Notice is pretty well known. See quote from Czech President below regarding Nikulin’s “constitutional rights” being violated.
Mr Zerman has welcomed this week’s Constitutional Court ruling striking down a March 2018 order to extradite suspected Russian hacker Yevgeniy Nikulin to the United States. In a televised interview on Thursday, Mr Zeman said he warned former justice minister Robert Pelikán that the move was illegal – and accused him of being an American lackey.
Mr Pelikán should have acted like the Minister of Justice of a sovereign Czech Republic. He should not have acted like a servile subaltern official, who panders to foreign powers.”
In short the Czech Republic Constitutional Court found that the former Foreign Minister violated Nikulin’s “rights” that he had an asylum application that the Czech Government was processing. In the end the Czech Government denied Nikulin’s asylum application. At this junction I’m not sure what - if any - impact the Czech Constitutional Court April 2019 ruling would or will have on Nikulin. Nothing I’ve read in the Czech & &SA Extradition Treaty gives me an inkling that we might have to send Nikulin back. But then again this is also yet another reminder of Trump’s incoherent foreign policy doctrine having real world consequences.
During the April 30, 2019 Evidentiary (competency) Hearing the Court reset dates, as detailed below. One thing you should know that when a Defendant’s mental competency is in question there’s a process - in non-legalese think of it as a sub-Trial. Meaning parties must brief on the matter and once the briefing schedule is complete then the Court renders a Order if the Defendant is competent to stand trial. It’s a necessary detour.
The evidence is complete. The Court set a briefing schedule – Government’s opening brief due by May 8, 2019; Defense responsive brief due by May 15, 2019; Government Reply due by May 20, 2019. Evidentiary/Motion hearing set for June 11, 2019 at 2:00 p.m. Defendant remanded to US Marshal. The Court excludes time for effective preparation of counsel from April 30, 2019 to June 11, 2019.
I should probably state in my line of work if you have a Defendant that is in fact feigning some mental defect - that’s what we call a stall tactic. And it can be incredibly frustrating for all parties. Because the reality is in America we don’t trample of rights, even for a Defendant. To be perfectly candid I’ve grown increasingly skeptical when it comes to Russian and Ukrainian Criminal Hackers - they all appear to be bat shit crazy - like boil your bunny crazy with a capital C. In almost every case I’ve monitored since 2017 the record shows that the Russian and Ukrainian Defendants are not just Narcissist but they are incredibly premeditated in how they approach our Judicial system. I could add more color but frankly it’s just exhausting. As if relates to Defendant Nikulin - well I’ll let the docket speak for itself. Dr Johnson is the BOP Dr, whereas Dr Ginsberg is the Dr selected by the Defense Counsel. See May 29 2019 Order
Dr. Johnson's evaluation and report relied on her own observations as well as those of detention officers and medical staff who interacted with defendant during his eight weeks in BOP custody. She also reviewed discovery, defendant’s mental health and medical records, defendant’s email communications with friends and family, and transcripts of defendant’s phone calls. Dr.Johnson also considered input from colleagues and spoke with defense and government counsel
Dr. Johnson concluded that no objective evidence indicates that defendant suffers from a major mental disorder or organic disorder that would impair his present ability to understand the nature and consequences of these proceedings or properly assist counsel in his defense. She opined that defendant instead suffers from “Other Specified Personality Disorder (Narcissistic Traits),” as specified in the Diagnostic and Statistical Manual of Mental Disorders, Fifth Edition (“DSM-5”), essential features of which are “a pervasive pattern of grandiosity, need for admiration, and lack of empathy.”
Again not to belabor the point but Dr Ginsberg’s assessment the Court found his conclusions “less credible” nor could the good Doctor offer actual reasoning of how his observations would prevent the Defendant from communicating with his Defense Counsel. One potential avenue that the Defense will argue (on appeal) is that Dr. Ginsberg is fluent in Russian so I would actually expect Nikulin would argue that “things could be lost in translation” but the Court found several areas of deficiencies in Dr. Ginsberg assessment specifically failure to use evaluation methods used by the forensic community, recitation from out of date Medical Diagnostics...
Diagnostic and Statistical Manual of Mental Disorders, Fourth Edition, which is not
the current edition. He also failed to use evaluation measures widely utilized in the forensic community, electing instead to use tools more often used in a therapeutic setting. Lastly, as far as the record shows, Dr. Grinberg has never performed a formal competency evaluation of a Defendant prior to this case
Accordingly the Court ruled that Nikulin was and is competent to stand trial. Yet about two weeks later Defendant Nikulin filed a Notice of Appeal. I’ve uploaded said notice to my public google drive, found here. Nikulin 9thCCOAs Case No found here.
As a general rule - when your own Defense Attorney states the following upon filing a Notice and Motion to Withdraw - that’s not a good thing. At all. In my opinion
This is where things might get slightly dicey or worse this might be Nikulin “gaming” our Judicial System and its process. Dr Ginsberg (whom the Defense hired) didn’t proffer Nikulin’s sanity or insanity. I should disclose that I am completely biased against Nikulin’s main defense attorney - largely based on his previous clients.
Defendant has completely ignored all his attorneys’ advises and demands, rendering the firm’s legal assistance unnecessary.
on June 17, 2019, Mr. Nikulin made bizarre requests, which cannot be disclosed based on the attorney-client privilege, but their nature and the way they were asked indicate that Mr. Nikulin simply is not sane. This was the last straw that convinced the undersigned that it would be a travesty of justice and a breach of the ethical norms to continue representing Mr. Nikulin in this matter.
The reality is, the Federal Criminal Rules of Procedure and/or local rules have an orderly and rigorous process in place for an Attorney to seek leave of the Court to withdraw. Since Nikulin;s Criminal Case is in the Northern District of California you’ll need to read their local rules, found here, specifically Local Rule 44.2(b) - which can be found on page 21 and reads:
When the Court makes a determination to grant or deny an Attorney’s Motion to Withdraw there are numerous factors (beyond lack of payment) the Court reviews. The Factors the Court may consider include:
(1) the reasons for withdrawal, (2) prejudice that may be caused to other litigants, (3) harm caused to the administration of justice, and (4) delay to the resolution of the case caused by withdrawal.
Although one weighty determining factor is if there are irreconcilable differences between the attorney and the client. And those differences directly impact the attorney’s ability to defend their client - during the course of a criminal trial. Which is exactly the multifaceted argument Arkady Bukh presented to the Court in his Motion to Withdraw.
Mr. Bukh’s Declaration is largely reiterative of his Motion - meaning there’s actually nothing new nor does he present factual pretext that would persuade the Court - beyond the fact Nikulin can no longer afford to pay for his legal services. The “other” stipulated “facts” are contrary to what the Court previously ruled - but I noticed a tiny detail in Bukh’s Declaration. Granted I’ve glossed over it dozens of times. Look at the email address for Nikulin’s attorney. Notice the domain? It’s owned by World Media Group - domain info from domain USA.com:
World Media Group
World Media Group, LLC ("World") is focused on providing innovative websites in the travel, professions, interests, search, local, and e-commerce verticals. World focuses resources on the development of websites that offer premium value to our visitors. Examples of World sites include USA.com, a local guide to cities, towns, and neighborhoods in the United States, India.com, a content-rich and comprehensive resource for and about India; Lawyer.com, a fast and powerful site to find a lawyer; and Doctor.com, the leading doctor search site online. With your support, we are committed to delivering high value content and services that leverage the power of the Internet. World develops through its own global team of talented developers or in conjunction with core partners that are aligned to ensure the brands meet their tremendous potential.
And lastly on Friday July 19, 2019 the 9thCCOAs issued the following Order (and Mandate) concerning Nikulin’s appeal. The current state of play is as followed:
Nikulin’s 9thCCOAs was voluntarily withdrawn by Nikulin
Nikulin’s Defense Counsel’s Request to Withdraw - Oral Arguments set for August 9, 2019 - See the Court’s Order which I’ve uploaded to my public google drive, found here.
In the past I’ve discussed how certain Russian & Ukraine criminals end up fighting Extradition. It’s important to remember that America does not have an extradition treaty with Russia. That extradition fact is immaterial since Nikulin has already been extradited. With respect KT other high profile Extraditions - it can be a multi-venue protracted judicial battle. I would be curious to know if Ambassador King has had any conversations with Trump, or the Czech President concerning Nikulin’s Extradition and the April 2019 Czech Constitutional Court Ruling. Because that would worry me and I’m not sure why reporters aren’t asking that question,
It’s also important to understand that Nikulin and his co-conspirators may (operative word) started out working for or at the very least “behest of” Putin - but there was a dispute about payment and hacked-data “ownership”. My assumption is Nikulin is a chaos agent and a man without a Country. That said I’d urge to remain skeptical that Nikulin’s a “FBI” assets - I know that there’s been some light chatter that Nikulin “purportedly sent a letter” stating the FBI was dangling a home, payment and protection - if “he copped to hacking the DNC” again those are rumors and I have a very hard time believing the FBI would make such an offer. Moreover if Nikulin is (as his defense counsel argues, repeatedly) then how can you believe anything in that “purported letter” because you can’t have it both ways and disinformation like that does Putin’s work for him - planting seeds of discord and watching those seeds grow into a vine which smothers the facts and sunlight out. I’d rather stand in the sunlight.
At any rate apparently I really must get back to my “new job” at Judicial Watch because according to some people now I work there. It’s kind of weird do you even know how many office buildings are in that 2 block radius? But hey don’t let. facts get in the way of your sad bitter obsession. It is weird, I thought I was a “bored bitter housewife” shoving bonbons in my calorie hole because my husband divorced me after I cheated on him, repeatedly.
To he clear, you could never pay me enough to work for Judicial Watch - they are akin to the Judicial Crisis Network. I also have standards and the aforementioned “organizations” are far below my lowest standards but sure keep on putting that lie out there. I won’t react, I’m silently building my file because “Free speech” does not protect absolute malice.
-SpicyFiles Out I’ve got bonbons to eat
While you're here, throw us a bone.
Mad Dog is thrilled to have Spicy in our PAC(k). We are proud to provide a space for her tireless, hard hitting, in-depth investigations. But we can’t do it without you.
Our numbers are growing. Our voices are being heard. Our campaigns are making a difference. Help us, and Spicy, continue to fight the good fight. Consider a donation to help support the work of Mad Dog PAC today.