Huntress CEO says threat hunter used 'poor judgment' in alerting ransomware crim about law enforcement probe

Huntress CEO Kyle Hanslovan said he is aware of questionable, long-term threat actor communications" between a threat hunter who is still employed with the security firm and a cybercriminal, and called this poor judgment." In one particular exchange, our current teammate disclosed to a threat actor that law enforcement had reached out to them about the threat actor," Hanslovan said in a blog post, addressing a former employee's accusations that the current Huntress analyst is an insider threat to the company. While this disclosure was not illegal, it reflected poor judgment," he wrote. The incident came to light last week when former Huntress security operations analyst Ben Folland, who left the company in February, alleged that another Huntress employee passed communications from US law enforcement to a cybercriminal, Devman, who is actively and publicly targeting my family and me." Devman is a ransomware operator, believed to be located in Russia, who uses modified DragonForce code built on top of the leaked Conti source code. Folland alleged that this insider, still employed by Huntress, was caught by the FBI," and that their involvement with Devman would cause significant reputational damage to Huntress and, in my view, continues to put clients at risk." If you are an employee at a cybersecurity company, you should not be helping cybercriminals," Folland said. You should not be informing them of active investigations. You should not be engaging in cybercriminal activity yourself." At the time, Hanslovan said he firmly disagree[d]" with Folland's accusations - but declined to provide additional details about what happened between the employee and the criminal. In the Tuesday blog post, Hanslovan elaborated further and said that he believed that the communications did not constitute insider activity. As a result of the investigation, my team implemented more robust policies for our researchers, coached teammates on engaging with threat actors, and took appropriate administrative actions," he wrote. While we haven't found evidence of illegal conduct, insider activity, or additional disclosures, we are continuing our investigation. Due to the privacy rights of our teammates, we will not comment further on the investigation." Folland disagrees. In a Tuesday LinkedIn post responding to Hanslovan's blog, he asserted that the communications between the Huntress analyst and Devman meet the definition of an insider threat." When the FBI reached out to the Huntress employee for intel on Devman, She immediately forwarded the exact FBI communications to the threat actor, including screenshots containing FBI agent names," Folland claimed in his post on LinkedIn. She informed Devman that law enforcement was actively looking into him. She also refused to cooperate because they wanted Devman." According to Folland, the FBI notified him of this incident with the current Huntress analyst. The Register reached out to the FBI for comment and did not receive a response. This was not just poor judgment,'" Folland wrote. This was a Huntress employee taking sensitive knowledge about a law enforcement approach and passing it directly to the person being investigated. If someone inside a bank warns a fraudster that police are investigating them, nobody would describe that as merely poor judgment.' They would call it what it is - an insider." Huntress declined to comment further. (R)