Here Are Some Papers Written By An Arrested Russian Cyber Security Researcher

Ruslan Stoyanov was an influential investigator of Russia cybercrime before his December arrest by the Russian government on charges of treason.

Kirill Kudryavtsev / AFP / Getty Images

An employee walks behind a glass wall at Kaspersky Lab's headquarters in Moscow.

SAN FRANCISCO — Ruslan Stoyanov, the Russian cybersecurity researcher arrested in December under treason charges, wrote a number of influential papers examining Russia’s cybercriminal underground, including one where he highlighted his work alongside Russian police.

Stoyanov, who has not spoken to the press since his arrest, was a well-respected researcher, and had published a number of research papers on cybercrime in Russia, such as a November 2015 paper entitled “Russian financial cybercrime: how it works.” In an August 2016 paper, Stoyanov detailed how he had worked with Russian police, to arrest members of a cybercriminal group known as Lurk.

“For Kaspersky Lab, these arrests marked the culmination of a six-year investigation by the company’s Computer Incidents Investigation team. We are pleased that the police authorities were able to put the wealth of information we accumulated to good use,” wrote Stoyanov.

in his 2015 paper, Stoyanov recounted how Kaspersky had been monitoring Russian cybercriminal networks for years, and had watched them evolve into financial attacks with an ever-increasing level of sophistication. The paper also examined how the organizations backing cybercriminals had expanded in recent years, and tracked the exponential growth in profit made through cybercrimes.

Russian cybersecurity experts who spoke to BuzzFeed News said it was “not unusual” for Stoyanov to have worked with Russian authorities, and noted that his LinkedIn page lists his previous employer as the Ministry of the Interior’s Cyber Crime Unit. Kaspersky Lab confirmed that Stoyanov was under investigation for activity during a period predating his employment at the company and added, in a public statement, “We do not possess details of the investigation. The work of Kaspersky Lab’s Computer Incidents Investigation Team is unaffected by these developments.”

Treason charges were first brought against Stoyanov in December, along with two other Russian state security officers. A report in Reuters last month claimed that the treason charges brought against the men stemmed from allegations made by a Russian businessman seven years ago that the suspects passed state secrets to US cybersecurity firms, including Verisign.

A spokesperson from Verisign, the only American firm identified, denied that it had been given any secret information.

  • Sheera Frenkel

    Sheera Frenkel is a cybersecurity correspondent for BuzzFeed News based in San Francisco. She has reported from Israel, Egypt, Jordan and across the Middle East. Her secure PGP fingerprint is 4A53 A35C 06BE 5339 E9B6 D54E 73A6 0F6A E252 A50F

    Contact Sheera Frenkel at

    Got a confidential tip? Submit it here



A BuzzFeed News investigation, in partnership with the International Consortium of Investigative Journalists, based on thousands of documents the government didn't want you to see.