Skip to main content

Russia arrests Kaspersky Labs security investigator on treason charges

A hand on a laptop in a dark surrounding.
Safe computing requires the involvement of people in all industries, locations, and fields of expertise. Normally, that’s not a problem, as most people are willing and able to provide whatever input is necessary to help alleviate security risks in the technology we all use.

Some regions of the world are not as free and open as others, however, and so not all professionals as able to participate without concern for their own safety. Such could be the case with a Kaspersky Lab investigator who was arrested on treason charges in Russia, as Ars Technica reports.

Kaspersky Labs was quick to disassociate itself from the incident, saying, “The case against this employee does not involve Kaspersky Lab. The employee, who is Head of the Computer Incidents Investigation Team, is under investigation for a period predating his employment at Kaspersky Lab. We do not possess details of the investigation. The work of Kaspersky Lab’s Computer Incidents Investigation Team is unaffected by these developments.”

Details are sketchy as to why the investigator, Ruslan Stoyanov, was arrested. Stoyanov was in charge of Kaspersky Lab’s investigations unit, in addition to serving in Russia’s Ministry of Interior in charge of cybercrime. As Forbes reports, Stoyanov’s arrest might be related to an investigation involving Sergei Mikhailov, deputy head of the information security department of the FSB, involving monies paid by foreign companies.

However, Stoyanov recently contributed to the Kaspersky Lab Securelist blog, posting on cybercrime in Russia, and the Lawfare Blog has speculated — perhaps erroneously — that Stoyanov might have been a source of information leading to the conclusion that Russia sponsored hacking efforts aimed at interfering with the 2016 presidential election in the U.S. While nobody can be certain of the reasons for Stoyanov’s arrest, one general concern is that anyone who participates in efforts to fight cybercrime can come under political fire.

As Jake Williams of security firm Rendition Software put it, “For those living and working under oppressive regimes, keep up the good fight. But also remember that no incident response report or conference talk is worth jail time (or worse). I think that these charges will cause security researchers, particularly those in states with oppressive governments, to carefully consider the weight of reporting details of security incidents.”

Stoyanov’s arrest was filed under Article 275 of the Russian criminal code, which can impose treason charges on anyone who provides financial, technical, advisory, or other assistance to foreign states or organizations that are not friendly to Russia. This means that, as Forbes indicated in its coverage, merely providing the U.S. FBI with insights on malware such as botnets could run someone afoul of government agencies.

Nevertheless, the chilling effect on cybercrime research and mitigation could be significant if Stoyanov’s arrest indicates a trend of penalizing researchers and others for international cooperation. Even if Stoyanov’s arrest was for unrelated reasons, anyone involved with researching security in countries with oppressive governments might now think twice before working with foreign entities on resolving information security concerns.

Editors' Recommendations

Mark Coppock
Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…
Powerful malware infected governments in Russia, Iran, and Rwanada, stayed hidden for five years
akarnai ssh report brute force credential stuffing internet devices data center feat

An incredibly sophisticated piece of malware infected government computers in Russia, Iran, and Rwanda, and evaded detection for five years. The malware, called "ProjectSauron" by Kaspersky and "Remsec" by Symantec, has been active since 2011, or longer, infecting computers on the computers of government entities, military operations, research institutions, banks, and telecommunication companies.

The malware used all kinds of tricks to stay hidden, including living mostly in system memory. But a huge part of ProjectSauron's success, Ars Technica is reporting, is the virus' ability to avoid leaving patterns.

Read more
No More Ransom: Europol launches advice site for victims of ransomware
europol ransomware advice feat

Europol, the EU law enforcement agency, has launched a new scheme in partnership with cybersecurity companies and national police forces to help people infected with ransomware.

The No More Ransom Project provides consumers with information on known decryption keys and data recovery options. Given the ever-evolving strains of ransomware, the site’s aim is to spread awareness about security best practices, maintaining backups, and encouraging victims to report their cases to police.

Read more
Security researchers find several high-risk bloatware bugs on popular laptops
HP Elite X3

Laptops made by five of the world’s biggest computer manufacturers are vulnerable to dangerous hacking thanks to flawed pre-installed software.

Security firm Duo Security has today published a new report from its Duo Labs division into pre-installed software, or bloatware, on laptops made by HP, Dell, Lenovo, Asus, and Acer. The security issues found with these original equipment manufacturers (OEMs) are mostly rooted in buggy updater software for pre-installed programs.

Read more