Kaspersky researcher Juan Andrés Guerrero-Saade claimed that the retaliation was a direct response to the security experts having to reveal the antics of government spy agents.
Most of the harassment is taking place in Eastern Europe and Asian nations. Writing in a research paper Guerrero-Saade said that most of the attacks circulate as industry rumour.
In many places intelligence services tend to be more civilised than in others — you would be lucky to deal with them in the US versus wherever else, Latin America, Asia, or Eastern Europe where they take very different tactics, Guerrero-Saade said.
Threats to livelihoods are pitched as patriotic notions with the victims dubbed unpatriotic, and are barred from government work and holding security clearances.
It is made clear to you it’s going to be next to impossible for you to get a security clearance’ and to work in a large sector of countries where a large amount of anti-malware work is being done.
It is easier to imagine situations where blackmail, compromise, and threat of livelihood is a problem, and it has been a problem for certain researchers for obvious reasons aren’t going to speak up, he said.
The paper notes researchers are targeted through blackmail which is regarded as a cheap way for agencies to “own” an individual by digging up their secrets, debt, and “shameful proclivities and mis-steps”.
“Provocation occurs in two scenarios: first, where the (threat intelligence) company’s research causes political, diplomatic, or military tensions to flare between nations in an already escalated posture. Secondly, when the company’s public disclosure — or private offering provided directly to sensitive targets — endangers the reputation of the intelligence agency itself or worse yet comes close to revealing or endangering the requesting customer. The former scenario is undesirable; the latter scenario is unacceptable.”
Guerrero-Saade thinks intelligence agencies may be pushed to develop highly-capable malware designed to slip past researchers, while even most-capable researchers dabbling in the unmasking of intelligence agencies will need to undergo “drastic preparations” to deal with the malware and still be allowed to live.