Kislitsin was not an employee of IB-Group at the time the crimes described in the recently unsealed indictment were committed. He worked as the editor-in-chief of Hacker magazine from 2006-2012, and only in 2013 joined Group-IB, where he focuses on cybersecurity matters.
The US court’s indictment was issued in 2014 but the document was made public only on Thursday.
"Beginning on a date unknown to the grand jury and continuing to on or about May 31, 2013, in the Northern District of California, and elsewhere, the defendant, NIKITA KISLITSIN, did knowingly and willfully conspire with others known and unknown to the grand jury to commit offense against the United States, that is, KISLITSIN conspired to knowingly and with intent to defraud traffic in unauthorized access devices, that is, user names, e-mail addresses, and passwords, belonging to customers of Formspring, INC., and other companies, and by such obtain $1,000 or more in any one-year period, and said trafficking would have affected interstate and foreign commerce, in violation of Title 18, United States Code Section 1029(a)(2)," the court said.
Kislitsin is also said to have "knowingly and with intent to defraud, trafficked in unauthorized access devices, that is, user names, e-mail addresses, and passwords, belonging to customers of Formspring, Inc., and by such conduct from on or about June 1, 2012, and ending on or about May 31, 2013, obtained $1,000 or more, said trafficking affecting interstate and foreign commerce, in violation of Title 18, United States Code Section 1029(a)(2) and (c)(1)(A)(i)."
If found guilty of the first crime, Kislitsin may face up to 10 years in jail, while for the second one he may be sentenced to five years and issued a $250,000 fine.
The indictment also mentioned that Kislitsin had three accomplices, but did not provide their names.
Group-IB issued late on Thursday a statement in support of Kislitsin.
"At current, neither Group-IB, nor Nikita Kislitsin have received any official subpoenas, notifications or invitations to the upcoming trial relating to Case No. CR 16-00440 USA v. Yevgeniy Nikulin which will take place on March 9, 2020. We consider these actions unacceptable and a violation of the rights of our employee," the statement said.
The company said that the issued indictment contained only allegations and no proof that Kislitsin was engaged in any wrongdoing.
"We would like to make public the fact that Group-IB ’s representatives and Nikita Kislitsin, himself, met a DOJ employee at their own initiative in 2013 to inform them of research relating to the underground, which was conducted by Kislitsin in 2012, at the time when he was not a Group-IB staff member. After this meeting, neither Group-IB nor Nikita Kislitsin have been officially approached with any additional questions," the statement said.
Group-IB admitted, however, that the accusations against Kislitsin threatened to harm the company's reputation.
"We will remain committed to collaborating with international law enforcement in the fight against cyber crime and would like to stress that we always adhere to high moral and ethical values that are part of our company and are a must for every one of us. Meanwhile, we believe that research focused on combatting cybercrime in compliance with the international law is an inherent right of every cybersecurity specialist," the company added.
Under the case mentioned by Group-IB, the United States accuses another Russian citizen, Yevgeniy Nikulin, of hacking into computers belonging to the online services LinkedIn, Dropbox and Formspring.
Nikulin was arrested in the Czech Republic in 2016. As he was charged with Internet fraud in Russia in 2009, Moscow requested his extradition from the Czech Republic. The demand was submitted on the same day as Washington's, but Prague granted the US' request. Nikulin has pleaded not guilty to the charges laid against him.