Russia arrests top cybersecurity executive in treason case

By Tom Balmforth and Anton Zverev

MOSCOW (Reuters) -Russian authorities have arrested the chief executive of a leading Russian cybersecurity company on suspicion of state treason, a court said on Wednesday, sending a chill through Russia’s IT and business sectors.

Ilya Sachkov, 35, who founded Group IB, one of Russia’s most prominent cyber security firms, was arrested on Tuesday, the RTVI TV channel reported as law enforcement officers carried out searches at the Moscow offices of the firm.

State news agency TASS cited an unnamed security source as saying Sachkov was accused of working with unspecified foreign intelligence services and of treason that hurt Russia’s national interests. He denied both allegations, it said.

Group IB said in a statement it was sure Sachkov was not guilty of the allegations, but that it was unable to comment further on them. There was no official comment about the case from the security services.

Moscow’s Lefortovo district court said it had ordered Sachkov to be held in custody for two months.

State treason is punishable by up to 20 years in jail. The details of such cases seldom come to light in full because of their classified nature.

Global IB focuses on investigating high-tech crimes and online fraud, with a global client base that includes banks, energy companies, telecoms firms and Interpol.

More searches took place at the St Petersburg offices of Group IB and other unnamed companies on Wednesday, the RIA news agency cited a security source as saying.

Sachkov is a well-known figure in the business and IT sectors and has also met President Vladimir Putin at least once.

He is the latest in a long series of people, including scientists, soldiers, officials and a former journalist, to be accused of treason in recent years.

Boris Titov, presidential commissioner for entrepreneurs’ rights, called on investigators to disclose information about the case against Sachkov.

The Kremlin rejected the idea the case could hurt Russia’s business climate during a conference call and said it was linked to state treason, not business.

Group IB said the searches at its offices had begun on Tuesday morning, with law enforcement officials leaving that same evening. It said it had no information about why the searches were being conducted.

The RTVI TV channel said Sachkov had been detained on Tuesday, citing a source in law enforcement. An RTVI correspondent also reported that men were dragging things from Group IB’s office to a van parked outside.

Group IB said all services were still running as normal and that the security of client data was ensured by the company’s geographically distributed infrastructure.

(Reporting by Anton Kolodyazhnyy, Anton Zverev, Alexander Marrow; Writing by Tom Balmforth; Editing by Andrew Osborn and Nick Macfie)

WannaCry attack is good business for cyber security firms

FILE PHOTO: A hooded man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel/Illustration

By Joseph Menn

SAN FRANCISCO (Reuters) – For Kris Hagerman, chief executive of UK-based cyber security firm Sophos Group Plc <SOPH.L>, the past week could have been bad. The WannaCry “ransomware” attack hobbled some of its hospital customers in Britain’s National Health Service, forcing them to turn away ambulances and cancel surgeries.

The company quickly removed a boast on its website that “The NHS is totally protected with Sophos.” In many industries, that sort of stumble would likely hit a company’s reputation hard.

Yet on Monday, three days after the global malware attack was first detected, Sophos stock jumped more than 7 percent to set a record high and climbed further on Wednesday after the company raised its financial forecasts.

As for most other cyber security firms, highly publicized cyber attacks are good for business, even though experts say such attacks underscore the industry’s failings.

“We are making good progress and are doing a good job,” Hagerman said in an interview this week. “People ask ‘How come you haven’t solved the cyber crime problem?’ and it’s a little like saying ‘You human beings have been around for hundreds of thousands of years, how come you haven’t solved the crime problem?'”

Hagerman pointed out that his company only claimed to protect 60 percent of NHS affiliates and that other factors contributed to the disaster at the hospitals.

“They have their own budgets. They have their own approach to IT generally and IT security,” Hagerman said of individual hospitals, which pick their own operating systems, patching cycles and network setups. Microsoft Corp <MSFT.O> had issued a patch in March for the flaw WannaCry exploited in Windows operating systems.

Yet Hagerman acknowledged that Sophos did not update its basic antivirus software to block WannaCry until hours after it hit customers.

HIGH STAKES

Security experts say hospitals, where the stakes are especially high, represent a case study in how legacy industries need to up their cyber security game.

“We’ve tolerated a pretty poor level of effectiveness, because so far the consequences of failure have been acceptable,” said Josh Corman, a cyber security industry veteran now working on related issues at the Atlantic Council and a member of a healthcare security task force established by the U.S. Congress.

“We are going to see failure measured in loss of life and a hit to GDP, and people will be very surprised.”

Some long-lived medical devices have more than a thousand vulnerabilities, Corman said, and perhaps 85 percent of U.S. medical institutions have no staff qualified for basic cyber security tasks such as patching software, monitoring threat advisories and separating networks from one another.

Increasingly serious cyber security problems are partly an inevitable consequence of the growing complexity of digital technology.

But there are other causes too, including a lack of accountability that stems from the wide range of technology handlers: computer software vendors, antivirus suppliers, in-house professionals, consultants and various regulators.

Ultimately, Corman said, hospitals need to hire solid cyber security people instead of another nurse or two.

GOOD FOR BUSINESS

“What’s needed is punishment of the negligent,” said Ross Anderson, a University of Cambridge pioneer in studying the economics of information security, referring to the hospitals that did not stop WannaCry.

“This is not about technology. This is about people fouling up in ways people would get a pink slip for” in less-insulated environments, he said, meaning they would lose their jobs.

For now, though, there are few signs of any revamp in large institutions’ approach to cyber security – and little incentive for contractors in the cyber security industry to change.

Sophos was not the only company whose stock rose on Monday, as the global scale of WannaCry became apparent. Shares of U.S.-based FireEye Inc <FEYE.O> and Qualys Inc <QLYS.O> both rose more than 5 percent.

But Sophos stood out, aided by higher expectations for a product the company introduced last year to fend off ransomware – so called because the authors of the malware demand a ‘ransom’ to restore a user’s infected computer – which worked at the hospitals that had installed it.

“It’s good news for our business,” one Sophos employee, who asked not to be named, told Reuters this week. “We were so inundated with people calling us.”

(Reporting by Joseph Menn; Editing by Jonathan Weber and Bill Rigby)