Case Document 4 Filed 10/20/16 Page 1 of 11

?niteh $13122; E?iztritt Q'mer-t

FOR THE 
NORTHERN DISTRICT OF CALIFORNIA

 

 

 

#7
2 4
VENUE: [Oakland I 62*, ?0
0 30 
4504/9),

UNITED STATES OF AMERICA, 4?03 ga/staw

v. 

YEVGENIY NIKULIN,

a/k/a ?ChinabigOl?
a/k/a ?dex.007?
a/k/a ?valeriy.krutov3?
a/k/a ?itBlacld-Iat?,

9316 MM-
- HA

DEFENDANT.

 

 

INDICTMENT

 

 

 

18 U.S.C. 371 Conspiracy; 18 U.S.C. 1028A Aggravated Identity Theft; 18
U.S.C. 1029(a)(2) Traf?cking in Unauthorized Access Devices; 18 U.S.C. 
1030(a)(2)(C) Computer Intrusion; l8 U.S.C. 1030(a)(5)(A) Intentional
Transmission Causing Damage to a Protected Computer; 18 U.S.C. 982(a)(2)
(B), 1029(c)(1)(C), 18 U.S.C. 1030(i) and Forfeiture.

(foreman

Filed in open court this 20 day of
0W Zol?

 

Clerk




 

 

Case Document 4 Filed 10/20/16 Page 2 of 11

A
A0 257 (Rev 6/78)

AMENDED

I DEFENDANT INFORMATION RELATIVE TO A CRIMINAL ACTION - IN U.S. DISTRICT COURT 

BY: CI COMPLAINT CI INFORMATION INDICTMENT
CI SUPERSEDING

 

 

OFFENSE CHARGED
Petty
 
mfg;
Felony
Seeattached.

Name of District Court. and/or Judge??gi?r

8 Lo IE
NORTHERN DISTRICT OF 

SAN FRANCISCO 7mg

 

DEFENDANT - U.S

YEVGENIY NIKULIN

DISTRICT COURT NUMBER

uyoHN I. OUUNG
CLERK. us. 
NORTHERN 
OAKLAND

WHA

 

 

PROCEEDING
Name of Complaintant Agency. or Person Title, if any)

FBI

 

 



give name of court

person is awaiting trial in another Federal or State Court.

 

El

per (circle one) 20. 21. or 40. Show District

this person/proceeding is transferred from another district

 

this is a reprosecution of
charges previously dismissed
which were dismissed on motion

Cl
US. ATTORNEY El DEFENSE

this prosecution relates to a
pending case involving this same
defendant

prior proceedings or appearance(s)
before US. Magistrate regarding this
defendant were recorded under

 

SHOW

MAGISTRATE
CASE NO.

}16-71303 MAG

 

 

Name and Of?ce of Person
Furnishing Information on this form

BRIAN J. STRETCH

EDS. Attorney Other US. Agency

Name of Assistant US.

Attorney (if assigned) MICHELLE J. KANE

 

 

PROCESS:

If Summons. complete following:
Arraignment Initial Appearance

Defendant Address:

SUMMONS [3 NO WARRANT

ADDITIONAL INFORMATION OR COMMENTS

2) Is a Fugitive

DEFENDANT

IS NOTIN CUSTODY
Has not been arrested. pending outcome this proceeding.
1) If not detained give date any prior
summons was served on above charges

3) IS on Bail or Release from (show District)

 

 

IS IN CUSTODY
4) On this charge

5) On another conviction

6) Awaiting trial on other charges
If answer to (6) is "Yes", show name of institution

Federal State

 

Has detainer Yes
been ?led? No

DATE OF .
ARREST

If "Yes"
give date
?led
Montthay/Year

 

DATE TRANSFERRED
TO U.S. CUSTODY

 

it Arresting Agency Warrant were not

Montthaleear

 

 

This report amends A0 257 previously submitted

 

Bail Amount: No bail

Where defendant previoust apprehended on complaint, no new summons or
warrant needed, since Magistrate has scheduled arraignment

Date/Time:

 

Comments:

 

Defendant is in custody in foreign jurisdiction.

Before Judge:

 

 

Case Document 4 Filed 10/20/16 Page 3 of 11



Attachment
Penalty Sheet

Statutory Maximum Penalties:

18 U.S.C. 371: Five years of imprisonment, $250,000 fine (or alternatively, twice the
gross gain or gross loss, whichever is greater), three years of supervised release, $100
special assessment, forfeiture, and restitution.

18 U.S.C. :Two-year mandatory minimum sentence of imprisonment to run
consecutive to any other sentence and in addition to the sentence for the underlying
felony, $250,000 fine (or alternatively, twice the gross gain or gross loss, whichever is
greater), three years of supervised release, $100 Special assessment, restitution.

18 U.S.C. 1029(a)(2) and Ten years of imprisonment, $250,000 fine (or
alternatively, twice the gross gain or gross loss, whichever is greater), three of years
supervised release, $100 special assessment, forfeiture, and restitution.

18 U.S.C. 1030(a)(2)(C) and Five years of imprisonment, $250,000 fine (or
alternatively, twice the gross gain or gross loss, whichever is greater), three years of
supervised release, $100 special assessment, forfeiture, and restitution.

18 U.S.C. 1030(a)(5)(A) and Ten years of imprisonment, $250,000 fine (or
alternatively, twice the gross gain or gross loss, whichever is greater), three years of
supervised release, $100 special assessment, forfeiture, and restitution.






 

 

Case Document 4 Filed 10/20/16 Page 4 of 11 

  
 

 

 

BRIAN J. STRETCH (CABN 163973) I x-
't St tes Attorn 3Attorney for United States of America . 
2/
49/? ?i?fc *9
5?0
4, 
UNITED STATES DISTRICT COURT
NORTHERN DISTRICT OF CALIFORNIA 
OAKLAND DIVISION x.  
UNITED STATES OF AMERICA, CASIQWCB Plaintiff, VIOLATIONS: 18 U.S.C. 371 Conspiracy;
U.S.C. 1028A Aggravated Identity Theft; 18
v. U.S.C. 1029(a)(2) Traf?cking in Unauthorized
Access Devices; 18 U.S.C. 1030(a)(2)(C) 
YEVGENIY NIKULIN, Computer Intrusion; l8 U.S.C. 1030(a)(5)(A) -
Intentional Transmission Causing Damage to a
a/k/a ?ChinabigOl? Protected Computer; 18 U.S.C. 
1029(c)(1)(C), 18 U.S.C. 1030(i) and 
a/k/a ?dex.007? Forfeiture.

a/k/a ?valeriy.krutov3? SAN FRANCISCO VENUE

a/k/a ?itBlackHat? 

Defendant. 


IN I 
The Grand Jury charges:
BACKGROUND
At all times relevant to the Indictment:
1. LinkedIn Corporation was headquartered in Mountain View, California. LinkedIn

Operated a social networking website focused on business and employment connections. Each LinkedIn
user had an individual account protected by a user name, which was an email address, and a password.

LinkedIn maintained a database Of user account information, including user names and 

INDICTMENT

 






 

 

Case Document 4 Filed 10/20/16 Page 5 of 11

passwords, on computers located in the Northern District of California. LinkedIn employees were
assigned individual credentials by which they could remotely access the LinkedIn corporate network. An
individual with the initials N.B. worked for LinkedIn at its Mountain View, California, headquarters.

2. Dropbox, Inc., was an electronic ?le storage service headquartered in San Francisco,
California. Dropbox used cloud computing to enable users to store and share ?les and folders with other
users across the Internet using ?le Each Dropbox user had an individual account
protected by a user name, which was an email address, and password. Dropbox maintained a computer

. 

3. Inc., was a corporation with its headquarters in San Francisco, California.

database of user account information, including user names and passwords.

operated a social question and answer website. Each user had an individual
account protected by a user name and password. maintained a computer database of user
account information, including user names and passwords. employees were
assigned individual credentials by which they could remotely access the corporate network.
An individual with the initials .S. worked for at its San Francisco, California, headquarters.

4. Google, Inc., was a corporation with its headquarters in Mountain View, California.
Google offered Internet-related services, including the Gmail email service, to customers all over the
world.
COUNT ONE: (18 U.S.C. lO30(a)(2)(C) and Computer Intrusion)

5. The factual allegations contained in Paragraph One are realleged and incorporated herein.

6. Beginning on approximately March 3, 2012, and continuing to approximately March 4,
2012, in the Northern District of California and elsewhere, the defendant,

YEVGENIY NIKULIN,

intentionally accessed a protected computer used in interstate and foreign commerce without
authorization and exceeding authorized access, and thereby obtained information from a protected
computer, and committed the offense for purposes of commercial advantage and private ?nancial gain,
and the value of the information obtained exceeded $5,000; that is, defendant used the Internet to access

computers belonging to LinkedIn Corporation and obtained information, all in violation of Title 18

INDICTMENT

 






 

 

Case Document 4 Filed 10/20/16 Page 6 of 11

United States Code, Sections 1030(a)(2)(C) and and 
COUNT TWO: (18 U.S.C. 1030(a)(5)(A) Intentional Transmission of Information, Code, or
Command Causing Damage to a Protected Computer)

7. The factual allegations contained in Paragraph One are realleged and incorporated herein.

8. Starting on or about March 3, 2012, and continuing through on or about March 4, 2012,
in the Northern District of California and elsewhere, the defendant,

YEVGENIY NIKULIN,

knowingly caused the transmission of a program, information, code, and command, and, as a result of
such conduct, intentionally caused damage without authorization to a protected computer; that is,
NIKULIN knowingly transmitted a program, information, code, and command to a computer belonging
to LinkedIn employee N.B. and thereby caused damage without authorization, and the offense caused
loss to a person during a one year period from the defendant?s course of conduct affecting a protected
computer aggregating at least $5,000 in value, all in violation of Title 18, United States Code, Sections
1030(a)(5)(A) and 
COUNT THREE: (18 U.S.C. 1028A Aggravated Identity Theft)

9. The factual allegations contained in Paragraph One are realleged and incorporated herein.

10. Beginning on approximately March 3, 2012, and continuing to approximately March 4,
2012, in the Northern District of California and elsewhere, the defendant,

YEVGENIY NIKULIN,

did knowingly possess and use, without lawful authority, a means of identi?cation of another person,
that is, the user name and password assigned to LinkedIn employee N.B., during and in relation to
violations of Title 18, United States Code, Section 1030(a)(2)(C) and and all in
violation of Title 18, United States Code, Section 1028A(a)(1).
COUNT FOUR: (18 U.S.C. 103 and - Computer Intrusion)

11. The factual allegations contained in Paragraph Two are realleged and incorporated
herein.

12. Beginning on approximately May 14, 2012, and continuing to approximately July 25,

INDICTMENT

 






 

 

Case Document 4 Filed 10/20/16 Page 7 of 11

2012, in the Northern District of California and elsewhere, the defendant,
YEVGENIY NIKULIN,

intentionally accessed a protected computer used in interstate and foreign commerce without
authorization and exceeding authorized access, and thereby obtained information from a protected
computer, and committed the offense for purposes of commercial advantage and private ?nancial gain,
and the value of the information obtained exceeded $5,000; that is, defendant used the Internet to access
computers belonging to Dropbox, Inc., and obtained information, all in violation of Title 18 United
States Code, Sections 1030(a)(2)(C) and and 
COUNT FIVE: (18 U.S.C. 371 Conspiracy)

13. The factual allegations contained in Paragraphs Three and Four are realleged and
incorporated herein.

14. Beginning on a date unknown to the grand jury and continuing to on or about May 31,
2013, in the Northern District of California, and elsewhere, the defendant,

YEVGENIY NIKULIN,
did knowingly and willfully conspire with others known and unknown to the grand jury to commit
offenses against the United States, that is, NIKULIN conspired to knowingly and with intent to defraud
traf?c in unauthorized access devices, that is, user names, email addresses, and passwords, belonging to
customers of Inc., and other companies, and by such conduct obtain $1,000 or more in any
one-year period, and said traf?cking would have affected interstate and foreign commerce, in violation
of Title 18, United States Code Section 1029(a)(2).
Manner and Means of The Consoiracv

15. It was part of the conspiracy that NIKULIN gained unauthorized access to protected
computers and thereby obtained the unauthorized access devices, including user names, email addresses,
and passwords.

16. It was further part of the conspiracy that 1 possessed the
unauthorized access devices and offered them for sale.

17. It was further part of the conspiracy that CO-CONSPIRATOR 3 purchased the

INDICTMENT

 






 

 

Case Document 4 Filed 10/20/16 Page 8 of 11

unauthorized access devices.
18. It was ?irther part of the conspiracy that CO-CONSPIRATORS 2 and 3 used Gmail
accounts to communicate with CO-CONSPIRATOR 1 regarding the conspiracy.
Overt Acts
19. In furtherance of the conspiracy and to effect its objects, NIKULIN and his co-co-
conspirators committed and caused to be committed the following overt acts, among others, in the
Northern District of California and elsewhere:
a. Between on or about June 13, 2012, and on or about June 29, 2012, NIKULIN gained
unauthorized access to the computers holding the user information database and
downloaded the user information database, including user names, email addresses,
and passwords, to a computer located outside the United States.
b. On or about July 13, 2012, CO-CONSPIRATOR 2, using a Gmail'account, sent an email
message to CO-CONSPIRATOR 1 vouching for reliability in selling stolen user
credentials.
c. On or about July 16, 2012, CO-CONSPIRATOR I sent an email message to CO-
CONSPIRATOR 3?s Gmail account offering to sell the stolen user information
database for ?5,500.
A11 in violation of Title 18, United States Code, Section 371.
COUNT SIX: (18 U.S.C. 1029(a)(2) Traf?cking in Unauthorized Access Devices)
20. The factual allegations contained in Paragraphs Three, Four, and Thirteen through
Nineteen are realleged and incorporated herein.
21. Beginning on a date unknown to the grand jury and continuing to approximately
September 19, 2012, in the Northern District of California and elsewhere, the defendant,
YEVGENIY NIKULIN,
knowingly and with intent to defraud, trafficked in unauthorized access devices, that is, user names,
email addresses, and passwords, belonging to customers of Inc., and by such conduct from

on or about June 1, 2012, and ending on or about May 31, 2013, obtained $1,000 or more, said

INDICTMENT

 






 

 

Case Document 4 Filed 10/20/16 Page 9 of 11

traf?cking affecting interstate and foreign commerce, in violation of Title 18, United States Code,
Sections 1029(a)(2) and 
COUNT SEVEN: (18 U.S.C. 1030(a)(2)(C) and Computer Intrusion)

22. The factual allegations contained in Paragraphs Three, Four, and Thirteen through
Nineteen are realleged and incorporated herein.

23. Beginning on approximately June 13, 2012, and continuing to approximately June 29,
2012, in the Northern District of California and elsewhere, the defendant,

YEVGENIY NIKULIN,

intentionally accessed a protected computer used in interstate and foreign commerce without
authorization and exceeding authorized access, and thereby obtained information from a protected
computer, and committed the offense for purposes of commercial advantage and private ?nancial gain,
and the value of the information obtained exceeded $5,000; that is, defendant used the Internet to access
computers belonging to Inc., and obtained information, all in violation of Title 18 United
States Code, Sections 1030(a)(2)(C) and and 
COUNT EIGHT: (18 U.S.C. 1030(a)(5)(A) Intentional Transmission of Information, Code, or
Command Causing Damage to a Protected Computer)

24. The factual allegations contained in Paragraphs Three, Four, and Thirteen through
Nineteen are realleged and incorporated herein.

25. Starting on or about June 13, 2012, and continuing through on or about June 29, 2012, in
the Northern District of California and elsewhere, the defendant,

YEVGENIY NIKULIN,

knowingly caused the transmission of a program, information, code, and command, and, as a result of
such conduct, intentionally caused damage without authorization to a protected computer; that is,
NIKULIN knowingly transmitted a program, information, code, and command to a computer belonging
to and thereby caused damage without authorization, and the offense caused loss to a person

during a one year period from the defendant?s course of conduct affecting a protected computer

aggregating at least $5,000 in value, all in violation of Title 18, United States Code, Sections

IN DICTMENT

 






 

 

Case Document 4 Filed 10/20/16 Page 10 of 11

1030(a)(5)(A) and 
COUNT NINE: (18 U.S.C. 1028A Aggravated Identity Theft)

26. The factual allegations contained in Paragraphs Three, Four, and Thirteen through
Nineteen are realleged and incorporated herein.

27. Beginning on approximately June 13, 2012, and continuing to approximately June 29,
2012, within the Northern District of California and elsewhere, the defendant,

YEVGBNIY NIKULIN,
did knowingly possess and use, without lawful authority, a means of identi?cation of another person,
that is, the user name and password assigned to employee .15., during and in relation to
violations of Title 18, United States Code, Section 1030(a)(2)(C) and and all in
violation of Title 18, United States Code, Section 1028A(a)(1).
FORFEITURE ALLEGATION: (18 U.S.C. 1029(c)(1)(C), and 1030(i) and 

28. The allegations contained in this Indictment are hereby realleged and incorporated by
reference for the purpose of alleging forfeiture pursuant to Title 18, United States Code, Sections
982(a)(2)(B) and 1029(c)(1)(C).

29. Upon conviction of the offenses in violation of Title 18, United States Code, Section
1030(a) set forth in Counts One, Two, Four, Seven, and Eight of this Indictment, the defendant,

YEVGBNIY NIKULIN,
shall forfeit to the United States of America, pursuant to Title 18, United States Code, Section 1030(i)
and any personal property used or intended to be used to commit or to facilitate the commission of
said violation or a conspiracy to violate said provision, and any property, real or personal, which
constitutes or is derived from proceeds traceable to the offenses, including but not limited to, a sum of
money equal to the total amount of proceeds defendant obtained or derived, directly or indirectly, from
the violation.

30. Upon conviction of any of the offenses set forth in Counts Five and Six of this

Indictment, defendant,

YEVGBNIY NIKULIN,

INDICTMENT

 

p?I

Case Document 4 Filed 10/20/16 Page 11 of 11

shall forfeit to the United States of America, pursuant to Title 18, United States Code, Section
any property constituting, or derived from, proceeds obtained, directly or indirectly, as a

result of such violation, and, pursuant to Title 18, United States Code, Section 1029(c)(1)(CU.) 

 

 

personal property used or intended to be used to commit the offense.

31. If any of the property described above, as a result of any act or omission
of the defendant:
a. cannot be located upon the exercise of due diligence;
b. has been transferred or sold to, or deposited with, a third party;
0. has been placed beyond the jurisdiction of the court;
d. has been substantially diminished in value; or
e. has been commingled with other property which cannot be divided without
dif?culty,

the United States of America shall be entitled to forfeiture of substitute property pursuant to Title 21,
United States Code, Section 853(p), as incorporated by Title 18, United States Code, Sections 982(b)(1),
1029(c)(2), and 1030(i)(2). All pursuant to Title 18 United States Code, Sections 

1029(c)(1)(C), and 1030.

Dated:

BRIAN J. STRETCH
United States Attorney

TRUE BILL.

 

FOREPERSON 

   

 

MATTHEW A. PARRELLA

Chief, CHIP Unit

(Approved as to form:

INDICTMENT

M. KANE