Kazakhstan to Extradite Russian Hacker to Moscow

A Russian man accused by the United States of trafficking in a hacked database of online credentials will apparently evade American courts after the Russian government said it had succeeded in extraditing him.

See Also: OnDemand | Understanding Human Behavior: Tackling Retail’s ATO & Fraud Prevention Challenge

Russian prosecutors said authorities in Kazakhstan will transfer the man, Nikita Kislitsin, to face charges related to an October 2022 hacking incident at an unidentified business. Russian newspaper Kommersant reported that the hackers behind the incident had issued an extortion demand of 550,000 rubles or approximately $6,000.

Kazakhstan has not confirmed the extradition and a government spokesperson did not respond to Information Security Media Group’s request for comment. Russia state-owned news agency Tass reported that Kazak authorities had arrested Kislitsin at Almaty International Airport on June 22 through an Interpol request initiated by the U.S.

The case highlights a tug of war between Washington and Moscow over Russian cybercriminals. Because Russia does not extradite its nationals, the U.S. government relies on authorities in third countries to detain indicted hackers. Many Russian nationals are wise to the tactic – but officials at the U.S. Department of Justice have said that even restricting suspects’ movements to inside Russia is a victory.

Washington has recently extradited and prosecuted several Russian cybercriminals, including Vladimir Dunaev, who pleaded guilty to developing the TrickBot malware after being extradited from South Korea in 2021 (see: TrickBot Developer Pleads Guilty in US Court).

Kislitsin has faced charges in the U.S. since 2013, when a Nevada grand jury indicted him on four criminal hacking counts. A California grand jury indicted him the next year for brokering a 2012 sale of online credentials illegally obtained from now-defunct social media site Formspring, which became a magnet for cyber bullying of teenagers. U.S. authorities deported Formspring hacker Yevgeniy Nikulin to Russia after he completed a seven-year prison sentence in February (see: Russian Gets 7-Year Sentence for Hacking LinkedIn, Dropbox).

Kislitsin is an executive at F.A.C.C.T., a Moscow spinoff of cybersecurity firm Group-IB, which concluded its relocation from Russia to Singapore in April. Kislitsin previously was Group-IB’s head of network security, coming to the firm shortly after a six-year run at editing “Hacker,” a Russian monthly magazine, Group-IB said in 2020.

Group-IB co-founder Ilya Sachkov received a 14-year prison sentence in July on undisclosed charges of treason, which he denies (see: Moscow Court Convicts Former Group-IB Chief for Treason).