Allegations Related to Previous WorkAt Kaspersky Labs, however, it is business as usual as they try to distance themselves from Stoyanov. They have issued a public statement through CNBC indicating that the company is not associated with any of the allegations, saying, “This case is not related to Kaspersky Labs. Ruslan Stoyanov is under investigation for a period predating his employment at Kaspersky Labs. We do not possess details of the investigation. The work of Kaspersky Lab’s Computer Incidents Investigation Team is unaffected by these developments.” It appears the allegations are related to Stoyanov’s previous work at the Russian Interior Cyber Crime Unit. And, at Kaspersky, their daily email blast is peddling security solutions as usual (see below).
What This Could Mean for the Security IndustrySo what does this mean for the security industry? Pure uncertainty. We can only assume based on Stoyanov’s current position that he acted as a white hat as Kaspersky. Based on his previous position with the Russian government, a grey hat (probably more black than grey, however). In November, SC Magazine had an in-depth article on the ramifications of hiring black hat employees as white hats within an organization. It appears that this arrest falls into this category based on the transition and now is a media problem for both Kaspersky and the Russian government. The uncertainly now revolves around the details of the arrest. What crime was actually committed? What data was stolen or leaked? What malware was created? What hacking was conducted? And the million-dollar question: Was any of it related to the United States election? As a noted, respected person in the malware community, Ruslan Stoyanov is in a position of early discovery, early disclosure, and is likely often tapped for leading “world scale” cyber security research. His getting arrested could send emotional shockwaves through the community because if he can get arrested, other researchers and those who might disclose could be arrested, too. Take this as a shot over the bow. What could this mean for the world of malware research, even if we know nothing?
- Automated attacks will continue, but authors of attacks and researchers will go further underground
- There will be a hardened line drawn between “pure research” and “criminal investigations” and people will be seeking “free from prosecution” clauses in their employment contracts
- Fewer bugs and attacks will be reported with attribution, increasing the anonymity