A top Russian computer security researcher has been arrested and charged with treason, Russian media has reported. Ruslan Stoyanov, Head of the Computer Incidents Investigation Team at respected security firm Kaspersky Labs, is under investigation, Kaspersky confirmed to me in an email.
The timing of the arrest is curious, as it involves an incident that predates Stoyanov’s time at Kaspersky, the firm says. Stoyanov has been at Kaspersky since 2012. It’s unclear if the arrest has anything to do with alleged Russian meddling in the recent U.S. election.
The incident raises questions about the relationship between private security experts and government investigators in Russia — and perhaps in other nations, too.
Stoyanov has investigated cybergang bank hacking at Kaspersky, according to blog posts he has written for Securelist.com, a Kaspersky publication. In 2015, he penned, “Russian financial cybercrime: How it Works. ” He also wrote as detailed account called “The Hunt for Turk,” a Russian criminal gang accused of stealing three billion rubles.
“We are pleased that the police authorities were able to put the wealth of information we accumulated to good use: to detain suspects and, most importantly, to put an end to the theft,” he wrote.
Somehow, Stoyanov went from law enforcement ally to enemy in Russia.
“The case against this employee does not involve Kaspersky Lab. The employee, who is Head of the Computer Incidents Investigation Team, is under investigation for a period predating his employment at Kaspersky Lab. We do not possess details of the investigation. The work of Kaspersky Lab’s Computer Incidents Investigation Team is unaffected by these developments,” Kaspersky said in a statement.
According to Stoyanov’s LinkedIn page, he worked for the Ministry of Interior/Moscow Cyber Crime Unit from 2000 – 2006.
The arrest is sure to make the relationship between security researchers and law enforcement more complicated. The Associated Press quoted Russian journalist Andrei Soldatov, who put the arrest into context.
“It destroys a system that has been 20 years in the making, the system of relations between intelligence agencies and companies like Kaspersky,” he said. “Intelligence agencies used to ask for Kaspersky’s advice, and this is how informal ties were built. This romance is clearly over.”
Morey Haber, vice president of technology at U.S.-based security firm Beyond Trust, cautioned against jumping to conclusions.
“Speculation from incident this won’t help anybody,” he said. “What was his role in the Russian government before he was hired by Kaspersky? Was he a white hat, a black hat, or a grey hat? Could he have provided techniques (to other hackers)? We just don’t know.”
Haber added that many security companies hire security experts who have worked in the government, or as black hat hackers, in the past, and that can create complicated situations.
“His former life is coming back and causing trouble for his current employer,” he said, stressing that Kaspersky is an “exceptional” antivirus company. “Any time you take someone from high risk area you assume the risk.”
This is a developing story; I’ll be updating as more information comes in.
If you’ve read this far, perhaps you’d like to support what I do. That’s easy. Sign up for my free email list, click on an advertisement, or just share the story.