Nikita Kislitsin, a former head of network security at a top cybersecurity firm in Russia, was recently arrested in Kazakhstan in response to hacking charges from the U.S. Department of Justice dating back 10 years. The arrest has put the Kazakhstan government in a delicate diplomatic situation, as Russia has indicated that it will block Kislitsin’s extradition to the United States.
Kislitsin is accused of hacking into the now-defunct social networking site Formspring in 2012, and allegedly conspiring with another Russian man who was convicted of stealing millions of usernames and passwords from LinkedIn and Dropbox that same year. The U.S. Department of Justice unsealed two criminal hacking indictments against Kislitsin in March 2020. He was indicted in Northern California in 2014 for his alleged involvement in stealing account data from Formspring. Kislitsin was also indicted in Nevada in 2013, but the victims in that case were not named in the indictment.
Documents unsealed in the California case indicate that Kislitsin conspired with Yevgeniy Nikulin, a Russian man who was convicted in 2020 of stealing 117 million usernames and passwords from Dropbox, Formspring, and LinkedIn in 2012. Nikulin is currently serving a seven-year sentence in the U.S. prison system. A trial brief in the California investigation identified Kislitsin, Nikulin, and two other alleged cybercriminals as being present at a meeting in Moscow in 2012, where they allegedly discussed starting an internet café business.
Kislitsin was hired by Group-IB, a cybersecurity company founded in Russia in 2003, in January 2013, nearly six months after the Formspring hack. Group-IB has since moved its headquarters to Singapore and announced in April 2023 that it had fully exited the Russian market. In a statement, Group-IB confirmed that Kislitsin is no longer an employee and now works for a Russian organization called FACCT, which stands for “Fight Against Cybercrime Technologies.”
FACCT is a Russian developer of technologies for combating cybercrime. In a statement, the organization said that Kislitsin is responsible for developing its network security business and that he remains under temporary detention in Kazakhstan while the basis for extradition arrest is being studied at the request of the United States. FACCT emphasized that the claims against Kislitsin are not related to his work at the organization but are instead related to a case from more than 10 years ago when Kislitsin worked as a journalist and independent researcher.
The Russian government has claimed that Kislitsin is wanted on criminal charges in Russia and should be repatriated instead of being extradited to the United States. FACCT indicated that the Russian government has already intervened in the case. The Kremlin has previously fought the extradition of other Russian cybercriminals, such as Aleksei Burkov, who was ultimately sent to the United States and sentenced to nine years in prison.
Legal experts believe that the Kislitsin case could become a diplomatic headache for Kazakhstan, as the country shares a border and cultural ties with Russia. The government may be forced to choose between aligning with Russia or siding with the West. This situation could lead Kazakhstan to make difficult decisions that could have major diplomatic ramifications.
Group-IB’s departure from Russia comes as its former founder and CEO, Ilya Sachkov, remains in a Russian prison, awaiting trial on treason charges. Sachkov’s pending trial has sparked speculation among Russian cybercrime forums, with many believing that Sachkov and Group-IB were seen as too helpful to the U.S. Department of Justice in its investigations into Russian hackers. Group-IB has been known for identifying and disrupting high-profile Russian hackers, some of whom were caught after years of criminal activity.
When Kislitsin’s indictments were unsealed in 2020, Group-IB issued a statement vouching for his character and promising to assist with his legal defense. The statement also mentioned that representatives from Group-IB, including Kislitsin, had voluntarily met with employees from the U.S. Department of Justice in 2013 to inform them about research related to the underground conducted by Kislitsin in 2012.
As the case of Nikita Kislitsin unfolds, it remains to be seen how the diplomatic tensions between Russia and Kazakhstan will play out. The outcome could have far-reaching implications for both countries and their relationship with the international cybersecurity community.