Russian President-elect Dmitry Medvedev, right, speaks with Yevgeny Kaspersky, head of the Kaspersky Lab company, at the 2008 Internet Forum outside Moscow, Thursday, April 3, 2008. (AP Photo/RIA-Novosti, Mikhail Klimentyev, Pool)
One of Russia’s most successful cybercrime investigators and hacker hunter at one of the world’s biggest security companies, Kaspersky Lab, has been arrested by Russian law enforcement as part of a probe into possible treason, according to reports. Kaspersky has confirmed incident response chief Ruslan Stoyanov was at the center of an investigation, but could not offer more details.
“This case is not related to Kaspersky Lab. Ruslan Stoyanov is under investigation for a period predating his employment at Kaspersky Lab,” a Kaspersky spokesperson said in an emailed statement. “We do not possess details of the investigation. The work of Kaspersky Lab’s Computer Incidents Investigation Team is unaffected by these developments.”
Reports of the arrest landed today from national paper Kommersant, which said Stoyanov’s arrest may be tied to an investigation into Sergei Mikhailov, deputy head of the information security department of the FSB, Russia’s national security service. Both men were said to have been arrested in December. Kommersant cited sources who claimed the investigation was exploring the receipt of money from foreign companies by Stoyanov and his links to Mikhailov.
A Russia-based information security source told FORBES the details of the case were likely to remain private. The case has been filed under article 275 of Russia’s criminal code, the source said, meaning it should result in a secret military tribunal. Article 275 allows the government to prosecute when an individual provides assistance to a foreign state or organization regarding “hostile activities to the detriment of the external security of the Russian Federation” (translation from source). According to the source, this can be applied broadly. For instance, furnishing the FBI with information on a botnet may amount to treason.
The FBI consistently investigates Russian cybercrime operations, the best-known case being the alleged 2016 hacks of the U.S. election, following a breach at the Democratic National Committee.
Major player in fighting Russian cybercrime
In his role at Kaspersky, Stoyanov was in charge of incident response, the group that helped organizations investigate and recover from breaches or other security events. According to his LinkedIn profile, prior to his 2012 move to Kaspersky, he spent six years as a major in the Ministry of Interior’s cybercrime unit between 2000 and 2006 before moving into the private sector.
A source familiar with Stoyanov’s past work told FORBES that during his time chasing cybercriminals for the Russian government, he was the lead investigator into a hacker crew that was launching denial of service attacks on U.K. betting shops, extorting them for a total of $4 million. Three individuals were arrested and each sentenced to eight years in prison.
In recent years, he’s assisted Russian authorities in some major investigations into cybercrime, including one that led to arrests of 50 individuals involved in the Lurk gang, which stole as much as $45 million from local banks.
“Stoyanov was involved in every big arrest of cybercriminals in Russia in past years,” the source added.
Kaspersky has repeatedly aroused suspicion in the U.S. for its ties to the Kremlin, thanks to articles alleging CEO Eugene Kaspersky’s ties with the state. The firm has denied any collusion with the government, however. The charismatic chief wrote in FORBES in 2015 that he had never worked for the FSB and his companies had no ties to Russia or any government. He wrote: “A few reporters who seem to be openly hostile to Kaspersky Lab will no doubt be planning their next fictional instalment.”
Got a tip? Email at TFox-Brewster@forbes.com or email@example.com for PGP mail. Get me on Signal on +447837496820 or firstname.lastname@example.org on Jabber for encrypted chat.