Nikita Kislitsin, a former leading figure in Russian cybersecurity, was recently arrested in Kazakhstan following hacking charges from the U.S. Department of Justice that date back a decade. Kislitsin’s arrest could potentially put the Kazakhstan government in a difficult diplomatic situation, as Russia has already indicated its intention to prevent his extradition to the United States.
Kislitsin is accused of hacking into the now-defunct social networking site Formspring in 2012, and of conspiring with another Russian individual convicted of stealing a massive amount of usernames and passwords from LinkedIn and Dropbox in the same year.
In March 2020, the DOJ revealed two criminal hacking indictments against Kislitsin, who was then serving as the head of security at Group-IB, a cybersecurity company that was established in Russia in 2003 and operated there for over a decade before moving to Singapore.
Kislitsin was indicted in Northern California in 2014 for his alleged involvement in stealing account data from Formspring. He was also indicted in Nevada in 2013, although the victim(s) in that case have not been named.
Documents from the California case suggest that Kislitsin allegedly conspired with Yevgeniy Nikulin, a Russian individual convicted in 2020 of stealing 117 million usernames and passwords from Dropbox, Formspring, and LinkedIn in 2012. Nikulin is currently serving a seven-year sentence in the U.S. prison system.
According to a trial brief from the California investigation, Nikulin, Kislitsin, and two alleged cybercriminals were present at a 2012 meeting at a Moscow hotel, where they reportedly discussed starting an internet café business.
Kislitsin joined Group-IB in January 2013, nearly six months after the Formspring hack. Group-IB has since relocated its headquarters to Singapore, and in April 2023, the company announced its complete exit from the Russian market.
Group-IB stated that Kislitsin is no longer an employee and that he now works for a Russian organization called FACCT, which stands for “Fight Against Cybercrime Technologies.”
FACCT describes itself as a “Russian developer of technologies for combating cybercrime,” and works with clients to combat targeted attacks, data leaks, fraud, phishing, and brand abuse. According to a statement published online, FACCT said Kislitsin is responsible for developing its network security business, and that he remains under temporary detention in Kazakhstan “to study the basis for extradition arrest at the request of the United States.”
From 2006 to 2012, Kislitsin served as the editor-in-chief of “Hacker,” a popular Russian-language monthly magazine that includes articles on information and network security, programming, and frequently features interviews with and articles penned by notable or wanted Russian hackers.
FACCT has stated that the Kremlin has already intervened in the case, and the Russian government claims Kislitsin is wanted on criminal charges in Russia and must instead be repatriated to his homeland.
The case of Kislitsin follows a similar pattern to that of Aleksei Burkov, a cybercriminal who operated two of Russia’s most exclusive underground hacking forums. Burkov was arrested in 2015 by Israeli authorities, and the Russian government fought Burkov’s extradition to the U.S. for four years.