Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Incident & Breach Response
Top Russian Cybersecurity CEO Charged with Treason
Group-IB's Ilya Sachkov Arrested on Treason Charges; Cybersecurity Leaders Speak OutStay tuned for updates on this developing story.
The founder of Group-IB, one of Russia's largest cybersecurity companies, has been detained on state treason charges and will be held in custody for two months, with alleged crimes punishable by up to 20 years in prison, according to several news wire reports.
See Also: Gartner Guide for Digital Forensics and Incident Response
Group-IB's Ilya Sachkov, 35, has reportedly denied passing on information to foreign intelligence services, according to Ars Technica, which cites several reports from Russian news services.
Representatives from Group-IB did not immediately return Information Security Media Group's request for additional information.
In an earlier statement on its website, however, Group-IB said its "communications team refrains from commenting on the charges brought and the circumstances of the criminal case due to the ongoing procedural activities."
Further updates posted to Group-IB's site confirm that "a search had been carried out at its Moscow office on Sept. 28."
Group-IB, which is headquartered in Singapore and works to prevent high-tech crimes and cyberattacks, says in the statement: "Law enforcement officers left Group-IB's office at night the same day. Group-IB's communication teams also said that the reason for the search was not year clear."
The firm says it continues to work without interruption across its offices in Russia and abroad, and that its "top management and lawyers are assessing the situation."
"I always wondered why it hadn’t happened before, since Group-IB does good work and plays straight," James A. Lewis, a cybersecurity researcher at the Center for Strategic and International Studies, tells ISMG. "This could be a pressure tactic to get him to play ball with the services. That’s standard."
Rick Holland, a former intelligence analyst for the U.S. Army and current CISO for the security firm Digital Shadows, says, "This arrest will send chills throughout the Russian and broader cybersecurity community."
Opposition Leader Criticizes Move
In its update Wednesday, Group-IB writes it is "confident in the innocence of Ilya Sachkov," adding that co-founder and head of threat intelligence, Dmitry Volkov, will assume leadership of the company in Sachkov's absence.
"The lawyers of Group-IB … are examining the statement by Moscow's Lefortovo court of Sept. 28, 2021. … [We are] confident in the innocence of the company's CEO and his business integrity," the firm continues.
Group-IB, a member of the World Economic Forum, partners with international law enforcement agencies such as Interpol and Europol, and its clients include BP, DHL, Microsoft, Toyota, UFC and other Russian companies, according to its site.
The Eastern European news site UAWire says Boris Titov, Russia's presidential commissioner for the protection of entrepreneurs' rights, and a former presidential candidate, told one of the nation's news services, Interfax, that Sachkov's arrest will affect investment in Russia's IT sector.
The politician reportedly said, "The investigators need to explain themselves. Otherwise, the sector and its investment attractiveness will be dealt a critical blow. IT companies will flee the country."
And Dmitry Peskov, spokesman for Russian President Vladimir Putin, reportedly told reporters Wednesday that the arrest had no relation to the country's business and investment climate, according to Interfax.
Russia's FSB Activity
A well-known business figure in Russia, Sachkov has reportedly met Putin at least once, according to Reuters.
It's not the first arrest of a prominent official by the country's Federal Security Service, or FSB, the principal successor to the Soviet Union's KGB - other arrests have included scientists, soldiers and a journalist. The security agency is charged with counterintelligence, internal and border security, counterterrorism and surveillance, among other investigatory powers.
In 2019, Sergei Mikhailov, a former state cybersecurity official, was given a 22-year sentence on treason charges for reportedly corresponding with the U.S. And, Ruslan Stoyanov, who worked in the computer incident investigation department of Kaspersky Labs, Russia's largest cybersecurity company, was sentenced to 14 years in prison after being accused of passing along state secrets to the FBI.
'Collaboration With Foreign Services'
Jake Williams, a former member of the National Security Agency's elite hacking team and current CTO of the firm BreachQuest, tells ISMG, "It wouldn't be surprising to [now] see other Russian firms being a bit more careful in what they share publicly about threat actors. This is especially likely if they attribute the threat activity to the Russian government."
And Digital Shadows' Holland says, "Russian officials could see any cooperation with foreign law enforcement agencies as 'collaboration with foreign intelligence services.' … Russia's judicial system isn't known for its due process, so it is unlikely we will ever know the true story behind these allegations."
Erich Kron, a former security manager for the U.S. Army’s 2nd Regional Cyber Center, and security awareness advocate for the firm KnowBe4, adds, "This action will have the most significant impact on security researchers and organizations within Russia. However, the entire industry will be watching to see how this plays out. At the very least, this will raise questions about trusting sensitive data to organizations in countries such as Russia."