Allegations Related to Previous WorkAt Kaspersky Labs, however, it is business as usual as they try to distance themselves from Stoyanov. They have issued a public statement through CNBC indicating that the company is not associated with any of the allegations, saying, “This case is not related to Kaspersky Labs. Ruslan Stoyanov is under investigation for a period predating his employment at Kaspersky Labs. We do not possess details of the investigation. The work of Kaspersky Lab’s Computer Incidents Investigation Team is unaffected by these developments.” It appears the allegations are related to Stoyanov’s previous work at the Russian Interior Cyber Crime Unit. And, at Kaspersky, their daily email blast is peddling security solutions as usual (see below).
What This Could Mean for the Security IndustrySo what does this mean for the security industry? Pure uncertainty. We can only assume based on Stoyanov’s current position that he acted as a white hat as Kaspersky. Based on his previous position with the Russian government, a grey hat (probably more black than grey, however). In November, SC Magazine had an in-depth article on the ramifications of hiring black hat employees as white hats within an organization. It appears that this arrest falls into this category based on the transition and now is a media problem for both Kaspersky and the Russian government. The uncertainly now revolves around the details of the arrest. What crime was actually committed? What data was stolen or leaked? What malware was created? What hacking was conducted? And the million-dollar question: Was any of it related to the United States election? As a noted, respected person in the malware community, Ruslan Stoyanov is in a position of early discovery, early disclosure, and is likely often tapped for leading “world scale” cyber security research. His getting arrested could send emotional shockwaves through the community because if he can get arrested, other researchers and those who might disclose could be arrested, too. Take this as a shot over the bow. What could this mean for the world of malware research, even if we know nothing?
- Automated attacks will continue, but authors of attacks and researchers will go further underground
- There will be a hardened line drawn between “pure research” and “criminal investigations” and people will be seeking “free from prosecution” clauses in their employment contracts
- Fewer bugs and attacks will be reported with attribution, increasing the anonymity
Morey J. Haber, Chief Technology Officer and Chief Information Security Officer at BeyondTrust
Morey J. Haber is Chief Technology Officer and Chief Information Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored four Apress books: Privileged Attack Vectors (2 Editions), Asset Attack Vectors, and Identity Attack Vectors. In 2018, Bomgar acquired BeyondTrust and retained the BeyondTrust name. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition. Morey currently oversees BeyondTrust strategy for privileged access management and remote access solutions. In 2004, he joined eEye as Director of Security Engineering and was responsible for strategic business discussions and vulnerability management architectures in Fortune 500 clients. Prior to eEye, he was Development Manager for Computer Associates, Inc. (CA), responsible for new product beta cycles and named customer accounts. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.