SAN FRANCISCO — Ruslan Stoyanov, the Russian cybersecurity researcher arrested in December under treason charges, wrote a number of influential papers examining Russia’s cybercriminal underground, including one where he highlighted his work alongside Russian police.
Stoyanov, who has not spoken to the press since his arrest, was a well-respected researcher, and had published a number of research papers on cybercrime in Russia, such as a November 2015 paper entitled “Russian financial cybercrime: how it works.” In an August 2016 paper, Stoyanov detailed how he had worked with Russian police, to arrest members of a cybercriminal group known as Lurk.
“For Kaspersky Lab, these arrests marked the culmination of a six-year investigation by the company’s Computer Incidents Investigation team. We are pleased that the police authorities were able to put the wealth of information we accumulated to good use,” wrote Stoyanov.
in his 2015 paper, Stoyanov recounted how Kaspersky had been monitoring Russian cybercriminal networks for years, and had watched them evolve into financial attacks with an ever-increasing level of sophistication. The paper also examined how the organizations backing cybercriminals had expanded in recent years, and tracked the exponential growth in profit made through cybercrimes.
Russian cybersecurity experts who spoke to BuzzFeed News said it was “not unusual” for Stoyanov to have worked with Russian authorities, and noted that his LinkedIn page lists his previous employer as the Ministry of the Interior’s Cyber Crime Unit. Kaspersky Lab confirmed that Stoyanov was under investigation for activity during a period predating his employment at the company and added, in a public statement, “We do not possess details of the investigation. The work of Kaspersky Lab’s Computer Incidents Investigation Team is unaffected by these developments.”
Treason charges were first brought against Stoyanov in December, along with two other Russian state security officers. A report in Reuters last month claimed that the treason charges brought against the men stemmed from allegations made by a Russian businessman seven years ago that the suspects passed state secrets to US cybersecurity firms, including Verisign.
A spokesperson from Verisign, the only American firm identified, denied that it had been given any secret information.
Sheera Frenkel is a cybersecurity correspondent for BuzzFeed News based in San Francisco. She has reported from Israel, Egypt, Jordan and across the Middle East. Her secure PGP fingerprint is 4A53 A35C 06BE 5339 E9B6 D54E 73A6 0F6A E252 A50F
Got a confidential tip? Submit it here.