Nikita Kislitsin, previously the pinnacle of community safety for one in all Russia’s high cybersecurity corporations, was arrested final week in Kazakhstan in response to 10-year-old hacking costs from the U.S. Division of Justice. Consultants say Kislitsin’s prosecution might quickly put the Kazakhstan authorities in a sticky diplomatic place, because the Kremlin is already signaling that it intends to dam his extradition to the USA.
Nikita Kislitsin, at a safety convention in Russia.
Kislitsin is accused of hacking into the now-defunct social networking web site Formspring in 2012, and conspiring with one other Russian man convicted of stealing tens of hundreds of thousands of usernames and passwords from LinkedIn and Dropbox that very same 12 months.
In March 2020, the DOJ unsealed two legal hacking indictments in opposition to Kislitsin, who was then head of safety at Group-IB, a cybersecurity firm that was based in Russia in 2003 and operated there for greater than a decade earlier than relocating to Singapore.
Prosecutors in Northern California indicted Kislitsin in 2014 for his alleged position in stealing account information from Formspring. Kislitsin additionally was indicted in Nevada in 2013, however the Nevada indictment doesn’t title his alleged sufferer(s) in that case.
Nonetheless, paperwork unsealed within the California case point out Kislitsin allegedly conspired with Yevgeniy Nikulin, a Russian man convicted in 2020 of stealing 117 million usernames and passwords from Dropbox, Formspring and LinkedIn in 2012. Nikulin is presently serving a seven-year sentence within the U.S. jail system.
As first reported by Cyberscoop in 2020, a trial brief within the California investigation recognized Nikulin, Kislitsin and two alleged cybercriminals — Oleg Tolstikh and Oleksandr Vitalyevich Ieremenko — as being current throughout a 2012 assembly at a Moscow resort, the place individuals allegedly mentioned beginning an web café enterprise.
A 2010 indictment out of New Jersey accuses Ieremenko and 6 others with siphoning nonpublic info from the U.S. Securities & Trade Fee (SEC) and public relations corporations, and making $30 million in unlawful inventory trades primarily based on the proprietary info they stole.
[The U.S. Secret Service has an outstanding $1 million reward for information leading to the arrest of Ieremenko (Александр Витальевич Еременко), who allegedly went by the hacker handles “Zl0m” and “Lamarez.”]
Kislitsin was employed by Group-IB in January 2013, almost six months after the Formspring hack. Group-IB has since moved its headquarters to Singapore, and in April 2023 the corporate introduced it had totally exited the Russian market.
In a press release supplied to KrebsOnSecurity, Group-IB mentioned Mr. Kislitsin is not an worker, and that he now works for a Russian group referred to as FACCT, which stands for “Battle In opposition to Cybercrime Applied sciences.”
“Dmitry Volkov, co-founder and CEO, bought his stake in Group-IB’s Russia-based enterprise to the corporate’s native administration,” the assertion reads. “The stand-alone enterprise in Russia has been working underneath the brand new model FACCT ever since and can proceed to function as a separate firm with no connection to Group-IB.”
FACCT says on its web site that it’s a “Russian developer of applied sciences for combating cybercrime,” and that it really works with purchasers to battle focused assaults, information leaks, fraud, phishing and model abuse. In a press release published online, FACCT mentioned Kislitsin is accountable for growing its community safety enterprise, and that he stays underneath momentary detention in Kazakhstan “to review the idea for extradition arrest on the request of the USA.”
“In accordance with the data we have now, the claims in opposition to Kislitsin should not associated to his work at FACCT, however are associated to a case greater than 10 years in the past when Nikita labored as a journalist and impartial researcher,” FACCT wrote.
From 2006 to 2012, Kislitsin was editor-in-chief of “Hacker,” a well-liked Russian-language month-to-month journal that features articles on info and community safety, programming, and steadily options interviews with and articles penned by notable or wished Russian hackers.
“We’re satisfied that there aren’t any authorized grounds for detention on the territory of Kazakhstan,” the FACCT assertion continued. “The corporate has employed legal professionals who’ve been offering Nikita with all the mandatory help since final week, and we have now additionally despatched an enchantment to the Consulate Basic of the Russian Federation in Kazakhstan to help in defending our worker.”
FACCT indicated that the Kremlin has already intervened within the case, and the Russian authorities claims Kislitsin is needed on legal costs in Russia and should as a substitute be repatriated to his homeland.
“The FACCT emphasizes that the announcement of Nikita Kislitsin on the wished checklist within the territory of the Russian Federation turned recognized solely right this moment, June 28, 6 days after the arrest in Kazakhstan,” FACCT wrote. “The corporate is monitoring developments.”
The Kremlin adopted the same playbook within the case of Aleksei Burkov, a cybercriminal who lengthy operated two of Russia’s most unique underground hacking boards. Burkov was arrested in 2015 by Israeli authorities, and the Russian authorities fought Burkov’s extradition to the U.S. for 4 years — even arresting and jailing an Israeli lady on phony drug costs to pressure a prisoner swap.
That effort finally failed: Burkov was sent to America, pleaded guilty, and was sentenced to nine years in prison.
Alexei Burkov, seated second from proper, attends a listening to in Jerusalem in 2015. Picture: Andrei Shirokov / Tass through Getty Photographs.
Arkady Bukh is a U.S. legal professional who has represented dozens of accused hackers from Russia and Japanese Europe who have been extradited to the USA over time. Bukh mentioned Moscow is more likely to flip the Kislitsin case right into a diplomatic time bomb for Kazakhstan, which shares an infinite border and quite a lot of cultural ties with Russia. A 2009 census discovered that Russians make up about 24 % of the inhabitants of Kazakhstan.
“That may put Kazakhstan at a crossroads to decide on between unity with Russia or going with the West,” Bukh mentioned. “If that occurs, Kazakhstan might need to make some very disagreeable choices.”
Group-IB’s exodus from Russia comes as its former founder and CEO Ilya Sachkov stays languishing in a Russian jail, awaiting a farcical trial and an inevitable conviction on costs of treason. In September 2021, the Kremlin issued treason costs in opposition to Sachkov, though it has to date refused to reveal any particulars concerning the allegations.
Sachkov’s pending treason trial has been the topic of a lot hypothesis amongst denizens of Russian cybercrime boards, and the consensus appears to be that Sachkov and Group-IB have been seen as slightly too useful to the DOJ in its numerous investigations involving high Russian hackers.
Certainly, since its inception in 2003, Group-IB’s researchers have helped to identify, disrupt and even catch various high-profile Russian hackers, most of whom obtained busted after years of legal hacking as a result of they made the unforgivable mistake of stealing from their very own residents.
When the indictments in opposition to Kislitsin have been unsealed in 2020, Group-IB issued a prolonged assertion testifying to his character and saying they might assist him along with his authorized protection. As a part of that assertion, Group-IB famous that “representatives of the Group-IB firm and, specifically, Kislitsin, in 2013, on their very own initiative, met with workers of the US Division of Justice to tell them concerning the analysis work associated to the underground, which was carried out by Kislitsin in 2012.”
