Russia Arrests Kaspersky Exec and FSB Spook

Ruslan_Stoyanov.jpgRussian authorities have arrested Sergei Mikhailov, deputy chief at the FSB's Information Security Center (CDC), and Kaspersky exec Ruslan Stoyanov on charges of treason.

Mikhailov has been accused of receiving money from "foreign organizations," Russian daily newspaper Kommersant reports, citing unnamed FSB sources.

Mikhailov was reportedly arrested in December. His department is responsible for monitoring the Russian internet as well as investigating data leaks, although some security experts say it may also be used for offensive operations.

Russian authorities also arrested Ruslan Stoyanov (see picture), who heads the computer incidents investigations team at Moscow-based Kaspersky Lab, and who has reportedly also served as a liaison between the company and Russian security services.

Kaspersky Lab Confirms Employee's Arrest

Kaspersky Lab has confirmed Stoyanov's arrest, but emphasized that the investigation focuses on Stoyanov as a private individual and has nothing to do with the company. "The employee ... is under investigation for a period predating his employment at Kaspersky Lab," the company says in a statement. "We do not possess details of the investigation."

Stoyanov's LinkedIn profile shows he joined Kaspersky Lab in July 2012. Prior to that, he worked as deputy director at a firm called Indrik - from 2010 to 2012; as head of network security for internet access service provider RTComm.RU from 2006 to 2010; and was a major in the Ministry of Interior's Moscow cybercrime unit from 2000 to 2006. 

Head of CDC May Be Fired

The report that Mikhailov and Stoyanov and were arrested in December follows a Jan. 13 report in Kommersant suggesting that Andrei Gerasimov, who has led the FSB's Information Security Center (CDC) since 2009, might soon be fired in relation to an ongoing investigation involving one of his deputies. The report cited only unnamed sources. It's not clear if the treason charges are legitimate, "charges of corruption in Russia do not necessarily mean corruption was the cause of a dismissal." 


Picture: The FSB Headquarters at Lubyanka Square in Moscow which used to be the feared KGB interrogation central. Photo: NVO (Flickr/CC)

But the timing of Gerasimov's impending dismissal - according to news reports he was already set to retire soon - has some Kremlin watchers, including Dmitry Zaks, a reporter for Agence France-Press, questioning whether it's retaliation for the alleged Russian kompromat on Trump coming to light.

Likewise, it's not clear if Kaspersky Lab's Stoyanov, who is one of the country's top cybersecurity investigators, and who has actively worked to help put Russian hackers behind bars, might have clashed with the FSB or GRU.

Security experts say Russian security services have long hired known criminals and turned a blind eye to their hacking activities, so long as they don't target Russia, and assist the government upon request (see Russian Cybercrime Rule No. 1: Don't Hack Russians).

Writing on the blog Lawfare, Paul Rosenzweig of Red Branch Consulting, said that the arrests may be the result of declassified intelligence reports that were made public. Details in those reports on the Russian hacking campaign could have tipped off Russian authorities.

“The public report …offers many striking conclusions and the Russians would, properly, surmise that there were underlying details in the classified version of the report supporting the conclusions,” he wrote.

if you are not a KnowBe4 customer yet, at times like this, it is very good to know what percentage of your users are vulnerable to social engineering attacks like described above. We recommend you do your free Phishing Security Test and find out what your phish-prone percentage of your users is. 

Get My Free Phishing Security Test Now!

PS, if you do not like to click on buttons with redirects, here is a URL you can cut/paste:

Let's stay safe out there.

Warm regards,

Stu Sjouwerman

Founder and CEO, KnowBe4, Inc.




(Hat Tip to GovInfoSec)

Topics: Russia

Subscribe To Our Blog

Ransomware Has Gone Nuclear Webinar

Get the latest about social engineering

Subscribe to CyberheistNews