Network security guy in extradition tug of war between US and Russia
Group-IB spinout confirms Kislitsin is wanted by both Washington and Moscow
A Russian network security specialist and former editor of Hacker magazine who is wanted by the US and Russia on cybercrime charges has been detained in Kazakhstan as the two governments seek his extradition.
Nikita Kislitsin, an employee of Russian infosec shop FACCT, was detained on June 22 at the request of the US, according to a statement by his employer.
"According to the information we have, the claims against Kislitsin are not related to his work at FACCT, but are related to a case more than ten years ago when Nikita worked as a journalist and independent researcher," the statement reads.
"We are convinced that there are no legal grounds for detention on the territory of Kazakhstan."
FACCT is not under investigation and has not been charged with any wrongdoing, the org added. It has has hired lawyers to defend Kislitsin, and has also sent an appeal to the Consulate General of the Russian Federation in Kazakhstan "to assist in protecting our employee," according to the statement.
Maybe the second part wasn't such a good idea after all – an update to the statement notes that Kislitsin is, in fact, also wanted by Russia.
"FACCT emphasizes that the announcement of Nikita Kislitsin on the wanted list in the territory of the Russian Federation became known only today, June 28," it says. "The company is monitoring developments."
The Russia-based firm did not immediately respond to The Register's inquires.
FACCT was spun out from Group-IB last year – likely in response to the Russian invasion of Ukraine. Group-IB was founded in Moscow before moving its headquarters to Singapore in 2018. FACCT would tout Group-IB's products and services in Russia as a separate entity, allowing Group-IB to have no direct presence in the country.
Before the security firm split into two entities, Kislitsin worked as the network security lead at Group-IB.
- Security vendor splits – not quits – to address Russia's invasion of Ukraine
- Russian hacker, described as 'brilliant' by judge, gets seven years in a US clink for raiding LinkedIn, Dropbox
- US government hit by Russia's Clop in MOVEit mass attack
- Kremlin claims Apple helped NSA spy on diplomats via iPhone backdoor
The US extradition request seems to be related to earlier charges against Kislitsin, who is accused of ransacking social networking service Formspring in 2012, stealing usernames, email addresses, and passwords, and then trying to sell the stolen database for 5,000 euros a pop, according to a 2014 indictment [PDF] against him.
That indictment was kept sealed by the US until years later, as it was linked to the prosecution of another Russian – Yevgeniy Nikulin, who was found guilty in July 2020 of compromising LinkedIn, Dropbox, and Formspring, and stealing data on 213 million user accounts.
In March 2020, Group-IB issued a statement about then-employee Kislitsin, who the security firm said was "mentioned" by the US Justice Department in relation to the Nikulin case.
According to that 2020 Group-IB statement:
We would like to highlight that, when joining Group-IB, Nikita Kislitsin never concealed his earlier research and journalism experience in the capacity of an independent analyst and as an editor-in-chief of Hacker magazine. Moreover, we would like to make public the fact that Group-IB's representatives and Nikita Kislitsin, himself, met a DOJ employee at their own initiative in 2013 to inform them of research relating to the underground, which was conducted by Kislitsin in 2012, at the time when he was not a Group-IB staff member. After this meeting, neither Group-IB nor Nikita Kislitsin have been officially approached with any additional questions.
Nikulin, who was ultimately sentenced to 88 months in an American prison for his role in the LinkedIn, Dropbox and Formspring data theft, also experienced dueling extradition requests from the US and Russia before ultimately being sent stateside to stand trial. ®