Russian President-elect Dmitry Medvedev, right, speaks with Yevgeny Kaspersky, head of the Kaspersky Lab company, at the 2008 Internet Forum outside Moscow, Thursday, April 3, 2008. (AP Photo/RIA-Novosti, Mikhail Klimentyev, Pool)
Forbes: One of Russia’s most successful cybercrime investigators and hacker hunter at one of the world’s biggest security companies, Kaspersky Lab, has been arrested by Russian law enforcement as part of a probe into possible treason, according to reports. Kaspersky has confirmed that its incident response chief Ruslan Stoyanov was at the center of an investigation, but could not offer more details.
“This case is not related to Kaspersky Lab. Ruslan Stoyanov is under investigation for a period predating his employment at Kaspersky Lab,” a Kaspersky spokesperson said in an emailed statement. “We do not possess details of the investigation. The work of Kaspersky Lab’s Computer Incidents Investigation Team is unaffected by these developments.”
Reports of the arrest landed today from national paper Kommersant, which said Stoyanov’s arrest may be tied to an investigation into Sergei Mikhailov, deputy head of the information security department of the FSB, Russia’s national security service. Both men were said to have been arrested in December. Kommersant cited sources who claimed the investigation was exploring the receipt of money from foreign companies by Stoyanov and his links to Mikhailov.
A Russia-based information security source told FORBES the details of the case were likely to remain private. The case has been filed under article 275 of Russia’s criminal code, the source said, meaning it should result in a secret military tribunal. Article 275 allows the government to prosecute when an individual provides assistance to a foreign state or organization regarding “hostile activities to the detriment of the external security of the Russian Federation” (translation from source). According to the source, this can be applied broadly. For instance, furnishing the FBI with information on a botnet may amount to treason.The FBI consistently investigates Russian cybercrime operations, the best-known case being the alleged 2016 hacks of the U.S. election, following a breach at the Democratic National Committee.
Major player in fighting Russian cybercrime
In his role at Kaspersky, Stoyanov was in charge of incident response, the group that helped organizations investigate and recover from breaches or other security events. According to his LinkedIn profile, prior to his 2012 move to Kaspersky, he spent six years as a major in the Ministry of Interior’s cybercrime unit between 2000 and 2006 before moving into the private sector.
A source familiar with Stoyanov’s past work told FORBES that during his time chasing cybercriminals for the Russian government, he was the lead investigator into a hacker crew that was launching denial of service attacks on U.K. betting shops, extorting them for a total of $4 million. Three individuals were arrested and each sentenced in 2006 to eight years in prison.
In recent years, Stoyanov has assisted Russian authorities in some major investigations into cybercrime, including one that led to arrests of 50 individuals involved in the Lurk gang, which stole as much as $45 million from local banks.
“Stoyanov was involved in every big arrest of cybercriminals in Russia in past years,” the source added.
Kaspersky has repeatedly aroused suspicion in the U.S. for its ties to the Kremlin, thanks to articles alleging CEO Eugene Kaspersky’s ties with the state. The firm has denied any collusion with the government, however. The charismatic chief wrote in FORBES in 2015 that he had never worked for the FSB and his companies had no ties to Russia or any other government. He wrote: “A few reporters who seem to be openly hostile to Kaspersky Lab will no doubt be planning their next fictional installment.”
**** Was this because Kaspersky blew the whistle on the hack of the NSA which maybe had Russian fingerprints? Let’s see…
In part from Motherboard: A mysterious hacker or hackers going by the name “The Shadow Brokers” claims to have hacked a group linked to the NSA and dumped a bunch of its hacking tools. In a bizarre twist, the hackers are also asking for 1 million bitcoin (around $568 million) in an auction to release more files.
“Attention government sponsors of cyber warfare and those who profit from it!!!!” the hackers wrote in a manifesto posted on Pastebin, on GitHub, and on a dedicated Tumblr. “How much you pay for enemies cyber weapons? […] We find cyber weapons made by creators of stuxnet, duqu, flame.”
The hackers referred to their victims as the Equation Group, a codename for a government hacking group widely believed to be the NSA.
”We find cyber weapons made by creators of stuxnet, duqu, flame.”
The security firm Kaspersky Lab unmasked Equation Group in 2015, billing it as the most advanced hacking group Kaspersky researchers had ever seen. While Kaspersky Lab stopped short of saying it’s the NSA, its researchers laid out extensive evidence pointing to the American spy agency, including a long series of codenames used by the Equation Group and found in top secret NSA documents released by Edward Snowden. The Equation Group, according to Kaspersky Lab, targeted the same victims as the group behind Stuxnet, which is widely believed to have been a joint US-Israeli operation targeting Iran’s nuclear program, and also used two of the same zero-day exploits.
The Shadow Brokers claimed to have hacked the Equation Group and stolen some of its hacking tools. They publicized the dump on Saturday, tweeting a link to the manifesto to a series of media companies.
The dumped files mostly contain installation scripts, configurations for command and control servers, and exploits targeted to specific routers and firewalls. The names of some of the tools correspond with names used in Snowden documents, such as “BANANAGLEE” or “EPICBANANA.” Read more here from Motherboard.
Pingback: Best Writing Service