FBI accuses Yevgeniy Nikulin of hacking LinkedIn, Formspring and Dropbox, and Russia has also filed extradition request
A Russian suspected hacker has moved a step closer to being sent to the US as a Czech judge gave tentative approval for an extradition to go ahead, during a court hearing held inside a high-security prison in Prague.
Yevgeniy Nikulin, who was arrested at a restaurant in the Czech capital last October and is accused by the FBI of massive hacks of US companies, appeared at the hearing pale and emaciated after eight months in solitary confinement.
The murky case has so far thrown up far more questions than answers, but one thing is clear: US authorities are determined to extradite the 29-year-old Muscovite, who drove a Lamborghini and socialised with the children of top Russian officials, and Moscow is determined to get him back, filing its own extradition request.
The FBI accused Nikulin of responsibility for huge password hacks on LinkedIn, Dropbox and Formspring, in 2012. Nikulins arrest last October came three days before the Obama administration officially accused Russia of hacking the Democratic National Committee and interfering in the election.
During the election campaign, Trump called on Russia to hack Hillary Clintons emails. After the election, he initially dismissed US intelligence agencies findings that Russia had interfered in the electoral process, before eventually grudgingly accepting them.
Nikulins lawyers say the case is a set-up. They say Nikulin was not a hacker and that his life revolved around buying and selling luxury cars, as evidenced by a 2015 interview to a Russian automobile website in which he talked about his love for Lamborghinis.
Nikulin took part in street races on the outskirts of Moscow where he would fraternise with the children of Russian oligarchs and politicians. His lawyers say this explains why Nikulins Instagram account featured photographs of him with the children of high-ranking officials, including the daughter of the defence minister, Sergei Shoigu, one of Putins closest confidants. The account was taken offline shortly after Nikulin was arrested.
Nikulins Russian lawyer, Vladimir Makeyev, said Nikulin was useless with computers and, far from being a super-hacker, was capable of checking his email and no more.
Special agent Jeffrey Miller, of the San Francisco office of the FBI, appears to believe otherwise. A 17-page affidavit by Miller, seen by the Guardian, outlines the evidence against Nikulin to the Czech court. The affidavit lists some of the aliases Nikulin is alleged to have used, including Chinabig01, Eugene, Uarebeenhacked, John Pattison and itBlackHat.
According to Millers affidavit, the FBI evidence is based on witness interviews including confidential sources, ISP records, court-authorised electronic interceptions, and other sources. Some of the electronic intercepts were emails from the Gmail account of Alexei Belan, a hacker on the FBI wanted list for allegedly conspiring with Russian FSB agents to perpetrate a huge hack on Yahoo in 2014. Belan is on the FBIs cyber top 10 most wanted list. None of the raw evidence was provided to the court.
The affidavit relates solely to the hacking of LinkedIn, Dropbox and Formspring in 2012, and does not mention any election hacking.
However, Nikulin wrote in a letter from prison that Miller had interrogated him in Prague on 7 February and raised the election hacking. Excerpts of the letter were provided to the Guardian by Nikulins lawyers, but there is no way of substantiating the claims he made.
Nikulin claimed Miller demanded he admit to hacking the DNC servers as part of what the FBI is said to have claimed was a nefarious plot ultimately ordered by Trump, and promised him good treatment in the US if he cooperated. Nikulin wrote that he rejected the offer.
A document among the court papers detailing the interrogation on 7 February confirms Miller and assistant US attorney Michelle J Kane were present in person along with four Czech intelligence officials identified only by their initials.
The document states that Nikulin was read his rights, insisted he was not guilty of the charges, and that the interrogation was concluded after just 29 minutes.
Nikulins lawyer suggested the record of the interrogation was incomplete and that his client had fallen victim to an FBI plot. Do you really imagine that a high-ranking FBI agent is going to travel all the way from San Francisco just to read this guy his rights?
Others close to the case dismissed the idea of an overarching conspiracy, but conceded there were many unusual elements to the case.
One theory is that the FBI is rounding up Russian hackers in the hope they may know others who were involved in the election hacking. A Russian computer programmer was arrested in Barcelona in April.
My guess in both of these cases is that US intelligence has only now started gathering intelligence about Russian hackers and how they work with the security services, and they want to use these guys to extract info out of them, said Andrei Soldatov, a specialist on the Russian security services.
Mark Galeotti, senior researcher at the Institute of International Relations Prague, said the presence of Miller in Prague at least suggested that the case was no ordinary one. An FBI agent travelling from the US to a third country as part of an extradition request is extremely unusual and highlights that the case is seen as significant, he said.
The US embassy in Prague, the Department of Justice and the FBI all refused requests for comment on the case. A number of Czech officials declined to comment or claimed no knowledge, and a source close to Czech intelligence said only a very limited number of people inside the service had been briefed on the details of the case.
According to Millers testimony, Nikulin crossed into the Schengen zone at the Belarus-Poland border in a black Mercedes on 1 October. He posted a photograph on Instagram from Warsaw on 3 October, and was arrested while sitting down to dinner with his female travelling companion in Pragues touristy old town on 5 October.
Immediately afterwards, Russia filed its own extradition request over a minor 2009 electronic theft. Nikulins lawyers admit the Russian request is unconvincing, but say he is willing to be extradited to Russia. The request appears to be a thinly veiled attempt to keep Nikulin out of US hands.
Russian journalists have found details of the 2009 case in a legal database, but note that it appears not to have been acted on by authorities, leading to suspicions that Nikulin may have done a deal back then. There are frequent reports that Russian authorities waive criminal charges against hackers in return for cooperation with the security agencies.
Both Russia and the US have reportedly put diplomatic pressure on Prague to have Nikulin extradited. The Czech weekly Respekt cited diplomatic sources suggesting that Russia had informally offered to swap Nikulin for a number of Czech citizens wanted by Prague for financial crimes.
Tuesdays hearing was held in a tiny room inside the prison, an unprecedented measure which was ostensibly for security reasons but also meant only four journalists could access the room. In all my 25 years as a lawyer, I dont remember any cases being tried inside the prison, including serial killers or organised crime cases, said Martin Sadilek, Nikulins Czech lawyer.
Nikulins mother, who attended the hearing, declined to comment except to say she was worried that her son looks like skin and bones and that she believed the case was political.
The judge Jaroslav Pytloun ruled that the requests from both countries met legal requirements, and Nikulins lawyers said they would appeal against only the US extradition. After the appeals process is concluded, the Czech justice minister, Robert Pelikan, will make the final decision on where to send Nikulin.
Informed sources in Prague said he was expected to send him to the US. An aide to Pelikan said the minister could not comment on the case for now.