Huntress CEO defends threat researcher at the heart of firm's “insider threat” allegations


"Keep your friends close, but your enemies closer," as that oft-quoted line from Godfather II goes. But should a threat hunter employed by a major US security firm really have informed a criminal gang that the FBI was onto them? That's the question at the heart of a drama that has played out very publicly on social media following allegations that Huntress, the multibillion-dollar cybersecurity firm, harbors an insider threat.

Key takeaways:

Now, the firm’s CEO, Kyle Hanslovan, has taken the unusual step of writing a blog post in defense of the employee who allegedly tipped off a ransomware gang under FBI investigation.

ADVERTISEMENT

Former NSA operative Hanslovan – who is also one of the firm's co-founders – wrote that the incident had been investigated, and that while the disclosure to the threat actor was not illegal, it did reflect poor judgment.

"We are aware of separate, questionable, long-term threat actor communications from both our current teammate and a now-former employee."

"Huntress permits threat researchers to occasionally engage with threat actors when it's beneficial for proactive R&D and/or to support active investigations.

"In one particular exchange, our current teammate disclosed to a threat actor that law enforcement had reached out to them about the threat actor. While this disclosure was not illegal, it reflected poor judgment."

Devman communications

Hanslovan's response comes after former threat researcher Ben Folland very publicly blew the whistle on his former coworker, whom he alleged was an "insider threat" at the company.

ADVERTISEMENT

In a series of posts on X, Folland alleged that "a Huntress employee passed communications from US law enforcement to a member of ransomware operator Devman."

Folland's reaction to a completely different incident triggered the "insider problem" allegations

Devman, which has been described as Russia-linked, was formerly an affiliate of several ransomware-as-a-service programs, including Dragon Force, before growing into a more independent criminal operation using its own ransomware, also branded DevMan.

An X poster shares Folland's allegations

Folland's response to Huntress post

Responding to Hanslovan's blog, Folland argued the conduct went well beyond "poor judgment."

"This was a Huntress employee taking sensitive knowledge about a law enforcement approach and passing it directly to the person being investigated."

"She immediately forwarded the exact FBI communications to the threat actor, including screenshots containing FBI agent names," Folland claimed in a LinkedIn post.

"She informed Devman that law enforcement was actively looking into him. She also refused to cooperate because they wanted Devman."

“If someone inside a bank warns a fraudster that police are investigating them, nobody would describe that as merely 'poor judgment.’ They would call it what it is — an insider threat.”

ADVERTISEMENT

Hush up?

In an earlier LinkedIn post, Folland added that Devman was now "actively and publicly targeting" himself and his family – a fact which he claims Huntress and the employee in question were both aware of.

He claims this was one of the reasons he left from the company in February, sharing his resignation message in the post.

resignationletterhuntress
Copy of Folland's resignation message, shared as an attachment on LinkedIn

Folland also alleged the company hushed up the incident out of fear it might harm its Initial Public Offering – although to date, Huntress remains a privately held company.


Unlock more exclusive Cybernews content on YouTube.