Nikulin targeted an employee at LinkedIn and was able to install a Remote Access Trojan (RAT) on the employee’s workstation to gain access to the corporate Virtual Private Network (VPN). Once he had access to LinkedIn’s corporate systems, Nikulin stole a database containing LinkedIn user information, including encrypted passwords. Password theft is an extremely common tactic of threat actors because stolen passwords can be used to take over many accounts, including accounts for unrelated services such as email, banking, or social media if people use the same or similar passwords for more than one account. Using a password manager to maintain unique and complex passwords that cannot be guessed for every account. Enabling Multi-Factor Authentication (MFA) is an even more important control to keep attackers from taking over accounts using stolen or guessed passwords. The Computer Fraud and Abuse Act (CFAA) was enacted in 1986 by congress to combat various forms of computer crime. It is codified by 18 U.S. Code § 1030. The CFAA has been amended several times since 1986 to cover a broad range of conduct. The CFAA prohibits intentionally accessing a computer without authorization. The CFAA carries harsh penalties that can include up to a 20-year sentence depending on the offense. Even when threat actors are located overseas, US law enforcement can pursue justice through international cooperation with organizations such as Interpol coordinating legal action between cooperating countries. For justice outcomes to be possible, companies that are targeted by cybercriminals must be willing to share relevant evidence information with law enforcement authorities.

Sources: https://thehackernews.com/2020/10/russian-linkedin-hacker.html

https://www.justice.gov/usao-ndca/pr/russian-hacker-sentenced-over-7-years-prison-hacking-three-bay-area-tech-companies