On December 21, the Prosecutor-General’s Office of Russia announced that Nikita Kislitsin, a cybersecurity expert from Russia, would be extradited to Moscow by the Kazakh authorities. However, Kislitsin is also wanted in the United States for allegedly purchasing personal data that was obtained illegally.
As of late June, the Kazakh government claimed that Kislitsin was detained at the US request. Additionally, Moscow reportedly urged the Kazakh authorities not to rush Kislitsin’s transfer to the United States and requested his extradition to Russia.
Kislitsin is allegedly suspected in Russia of extortion and gaining unauthorized access to information on the internet that is protected by Russian law, according to the Prosecutor-General’s Office.
Kislitsin holds a senior executive position at FACCT, a Russian spinoff company that was established in April after Group-IB, a leading cybersecurity firm in Russia, left the country in response to Moscow’s invasion of Ukraine, and sold its assets to FACCT.
Before moving to FACCT, Kislitsin was the head of network security for Group IB.
Kislitsin is wanted in the US for allegedly purchasing personal information that was obtained from servers of Dropbox, a defunct social media platform that let users ask questions, and LinkedIn in 2012.
Yevgeny Nikulin, the mastermind of the U.S. company hacks and a friend of Kislitsin’s, was extradited to the United States from the Czech Republic in 2018 and given a sentence of more than seven years in prison. He was deported to Russia after being freed from prison earlier this year.
Ilya Sachkov, the founder of Group-IB, was sentenced to 14 years in prison by the Moscow City Court in July after being found guilty of high treason.
On July 26, the court delivered the decision and punishment without giving any background information about the case. Since the trial took place behind closed doors due to the court’s declaration that the case materials were classified, it is unclear precisely what Sachkov was accused of.
Sachkov is among several well-known individuals who have been detained in Russia on treasonous charges in recent years, including scientists and cybersecurity officials. Moscow has repeatedly refuted accusations that it is the mastermind of cyberattacks against Western nations.
Sachkov was allegedly suspected by investigators of giving classified material to a foreign government.
Extradition to Kazakhstan Moscow receives a Russian cyber expert despite US requests
According to reports, Kazakhstan declined to send a well-known cybersecurity expert from Russia to the United States and will instead extradite him to Moscow.
The Moscow Prosecutor General’s Office said that Nikita Kislitsin, who was arrested in Kazakhstan earlier in June at the request of the United States, will be prosecuted in his native country for extortion and hacking.
As of the time of writing, Kazakhstan had not provided an official confirmation. The decision regarding Kislitsin’s extradition could take up to a year, according to a statement made in October by the prosecutor’s office in Kazakhstan. A request for comment from the agency has not received a response.
At the cybersecurity firm Group-IB and its Russia-based spinoff F.A.C.C.T., Kislitsin held the position of head of network security. In addition, he edited the well-known Russian magazine Hacker.
In October of last year, Kislitsin and his accomplices “unlawfully gained access to the server data of one of the commercial organizations and copied it,” according to a statement released by Russian authorities on Thursday.
The Russian investigation claimed that after receiving the data, they demanded a cryptocurrency ransom worth close to $6,000 to stop this information from being published.
The United States, however, had another reason for wanting Kislitsin extradited at the same time. The U.S. Department of Justice claims that Kislitsin was connected to a 2012 cyberattack on the now-defunct social media company Formspring, in which hackers were able to obtain and sell usernames and passwords belonging to American customers, according to an indictment made public in 2020.
Yevgeniy Nikulin, a fellow Russian national, is the primary offender in this case. He was convicted in the United States of allegedly stealing about 117 million usernames and passwords from Dropbox, LinkedIn, and Formspring.
The U.S. indictment, according to Group-IB at the time, merely contains accusations, “and no findings have been made that Kislitsin has engaged in any wrongdoing.” The business added that Kislitsin’s indictment was based only on his purported involvement in one of the incidents in Nikulin’s case.
Following his detention in Kazakhstan, Kislitsin declared his intention to return home and that he had no intention of exploring any other options, including applying for asylum there.
The case of Kislitsin represented the most recent conflict between Washington and Moscow concerning alleged Russian cybercriminals and spies detained abroad at the behest of American authorities.
According to reports, Russia urged Kazakhstan’s Foreign Ministry not to extradite Kislitsin to the United States in a letter. Kislitsin could avoid being transferred to the United States once he was in Russia, a strategy Moscow has previously used.
It is unclear if Kislitsin disputes the accusations made against him, but he could spend up to seven years in prison in Russia.
Co-founder of Group-IB Ilya Sachkov received a 14-year prison sentence in a Russian prison colony in July after being found guilty of treason on top-secret charges. Sachkov refutes the charges.