Russian cyber-security experts have scaled back
cooperation with Western contacts after one of their number was
arrested in Moscow on treason charges, making it harder to fight
global online crime, U.S. law-enforcement and industry sources
Despite acrimonious relations between Russia and the United
States in recent years, experts on cyber security in both
countries say their law enforcement agencies and private firms
had been working together more closely behind the scenes to
fight financial fraud and other crimes committed online.
But at least some of that cooperation appears to have come
to a sudden halt since Ruslan Stoyanov, head of the computer
incidents investigation team at Russian cyber security firm
Kaspersky Lab, was arrested in December on suspicion of treason.
Two officers from Russia's Federal Security Service (FSB)
were also arrested, identified by a Western security source as
Sergei Mikhailov and Dmitry Dokuchayev, both from the FSB's
Information Security Centre.
Five experts at U.S. or other Western cyber firms all told
Reuters their communication with contacts in Russia had been
scaled back since the arrests, either because the Russians had
stopped replying or because the Westerners had decided it was
better not to contact them for now.
"Everybody has clammed up," said John Bambenek, a manager of
threat research at Fidelis Cybersecurity.
The arrests send a message that "even an informal
information-sharing relationship with trusted Russian
intelligence and law enforcement officers might be considered
treason,” said Vitali Kremez, director of research at American
security firm Flashpoint.
While no charges have been officially announced, the three
arrests came after U.S. intelligence agencies publicly accused
Russia of interfering in the U.S. presidential election through
computer hacking, an allegation Moscow denies.
Ivan Pavlov, an attorney representing one of the suspects,
although he did not identify which, said the charges were for
treason, related to allegations the men had provided information
to U.S. spy services.
Some American cyber-security experts now think the arrests
could be a rebuke to the United States or warning to Russians
not to aid U.S. investigations into the election or other major
“This sends a shiver down everybody’s spine,” said a senior
U.S. law enforcement official. “We were getting some headway
over there” with arrests last year of suspects accused of using
sophisticated software programs to steal from bank accounts in
multiple countries, the official said.
DO THE RIGHT THING
The official said Kaspersky, which sells cyber security
software and advice, was one of the Russian firms seen in the
West as "trying to do the right thing" in cooperating with
Western law enforcement agencies to help fight cyber crime.
Russia's FSB did not respond to Reuters requests for
comment, and no official bodies in Russia have commented about
the case. A Kremlin spokesman said only that President Vladimir
Putin was aware of media reports about the arrests but the
Kremlin could not confirm anything about them.
Stoyanov could not be reached for comment. Reuters was
unable to find a lawyer representing him or get in touch with
Kaspersky said the charges against Stoyanov related to a
period before he joined the company and that it was not aware of
all of his prior activities.
“The computer incidents investigation team, headed by Mr.
Stoyanov, hasn’t had any U.S. projects, as the unit primarily
investigates cyber attacks on Russian companies,” the company
told Reuters by email.
Stoyanov's team provides "technical assistance" to foreign
law enforcement agencies, it said, but it was "not aware of any
activities where Mr Stoyanov would have shared information with
any organization that wasn’t specifically tied to an active
Russia's Interfax news agency cited an unnamed source last
week as saying a fourth person had been arrested and up to eight
people could be implicated in the case. Reuters was not able to
confirm this report.
Cyber crime ignores borders by its nature, and fighting it
requires an unusually high level of cooperation between the
companies under attack, the private security firms they hire for
protection and investigations, and the law enforcement agencies
in multiple countries that try to track hackers down.
Some of the best firms that sell cyber security services to
private clients also perform work as government contractors and
employ law enforcement veterans for their expertise.
Since Russia is one of the major sources of cyber attacks,
firms particularly prize communication with Russian contacts. In
the past, communication with Russian sources has depended on
what people with such contacts describe as an understanding that
authorities on both sides would not interfere as long as experts
steered clear of classified information.
The senior U.S. official and the five experts from the
private sector all said that the arrest of Stoyanov had thrown
that basic assumption into doubt.
One of the private sector experts, who has extensive Moscow
dealings, said his Russian contacts had stopped talking to him
about anything related to the Stoyanov case. Another said a
friend at a security firm in Russia was no longer talking to him
about cyber crime at all, because "he has real reasons to be
worried". He did not give further details.
Three other Western private sector experts said they had
stopped or curtailed contacts with Russian sources from their
own side, on the understanding that the Russians would no longer
POINTING OUT BOUNDARIES
Stoyanov worked for the cyber crime unit at Russia's
Interior Ministry from 2001-2006 before leaving law enforcement
for the private sector, first for a large Internet service
provider and then for Indrik, a small Russian internet security
firm. He joined Kaspersky when it bought Indrik in 2012.
Before and after he left the Russian Interior Ministry, he
had an unusually high profile abroad, attending conferences in
the United States and Germany and making contact with Western
government officials and people in private industry, according
to people who knew him and saw him at international events.
While working for Indrik, before it was bought by Kaspersky,
Stoyanov shared information about Russian criminal hacking gangs
with American companies, including at least three firms that had
contracts to provide services to U.S. spy agencies, people who
had worked for each of those three companies said.
The sources identified one of those companies as Internet
infrastructure and security company Verisign. Verisign said in
an email to Reuters that its research products do not include
"any information that would be classified as state secrets".
Several sources recalled that Stoyanov was careful to make
sure any collaboration covered only crime-fighting and did not
veer towards the taboo subjects of state-supported hacking.
“When we were learning how to work in Russia, he was
pointing out to us what the boundaries of danger would be,” said
a Western researcher who collaborated informally with Stoyanov
for years before Stoyanov joined Kaspersky.
“He was always super-clear, whenever it came to anything
dealing with the state’s interests, don’t even drift that way,”
said the researcher.
(Additional reporting by Svetlana Reiter in Moscow and Mark
Hosenball in Washington)