Huntress CEO defends threat researcher at the heart of firm's “insider threat” allegations

"Keep your friends close, but your enemies closer," as that oft-quoted line from Godfather II goes. But should a threat hunter employed by a major US security firm really have informed a criminal gang that the FBI was onto them? That's the question at the heart of a drama that has played out very publicly on social media following allegations that Huntress, the multibillion-dollar cybersecurity firm, harbors an insider threat.
-
Threat hunter allegedly warned Devman about FBI interest: A Huntress employee is accused of passing FBI outreach to ransomware actor Devman, including warning them law enforcement was looking into them.
-
Huntress says poor judgment, not illegality: CEO Kyle Hanslovan said the conduct was investigated and not illegal, but admitted it showed poor judgment.
-
Former employee says this was an insider threat: Ben Folland argues Huntress downplayed a serious breach and alleges the company avoided stronger action to protect IPO plans.
Now, the firm’s CEO, Kyle Hanslovan, has taken the unusual step of writing a blog post in defense of the employee who allegedly tipped off a ransomware gang under FBI investigation.
Stay updated with our latest stories and follow us on social media
Be the first to discover new stories, ideas, and updates from our team.
Former NSA operative Hanslovan – who is also one of the firm's co-founders – wrote that the incident had been investigated, and that while the disclosure to the threat actor was not illegal, it did reflect poor judgment.
"We are aware of separate, questionable, long-term threat actor communications from both our current teammate and a now-former employee."
"Huntress permits threat researchers to occasionally engage with threat actors when it's beneficial for proactive R&D and/or to support active investigations.
"In one particular exchange, our current teammate disclosed to a threat actor that law enforcement had reached out to them about the threat actor. While this disclosure was not illegal, it reflected poor judgment."
Devman communications
Hanslovan's response comes after former threat researcher Ben Folland very publicly blew the whistle on his former coworker, whom he alleged was an "insider threat" at the company.
In a series of posts on X, Folland alleged that "a Huntress employee passed communications from US law enforcement to a member of ransomware operator Devman."
Devman, which has been described as Russia-linked, was formerly an affiliate of several ransomware-as-a-service programs, including Dragon Force, before growing into a more independent criminal operation using its own ransomware, also branded DevMan.
Folland's response to Huntress post
Responding to Hanslovan's blog, Folland argued the conduct went well beyond "poor judgment."
"This was a Huntress employee taking sensitive knowledge about a law enforcement approach and passing it directly to the person being investigated."
"She immediately forwarded the exact FBI communications to the threat actor, including screenshots containing FBI agent names," Folland claimed in a LinkedIn post.
"She informed Devman that law enforcement was actively looking into him. She also refused to cooperate because they wanted Devman."
“If someone inside a bank warns a fraudster that police are investigating them, nobody would describe that as merely 'poor judgment.’ They would call it what it is — an insider threat.”
Hush up?
In an earlier LinkedIn post, Folland added that Devman was now "actively and publicly targeting" himself and his family – a fact which he claims Huntress and the employee in question were both aware of.
He claims this was one of the reasons he left from the company in February, sharing his resignation message in the post.
Folland also alleged the company hushed up the incident out of fear it might harm its Initial Public Offering – although to date, Huntress remains a privately held company.
Unlock more exclusive Cybernews content on YouTube.