Perhaps he was doing the bidding of his employers in order to test a theory that Kaspersky was an attack vector?
I mean, this is exactly how you tell if your data has been breached or your source code leaked -- you put fake but unique records in your database then watch the dark webs for folks selling dumps containing those values; and plausible but bogus code containing unique constants then check competitors' binaries against those values.
I mean, this is exactly how you tell if your data has been breached or your source code leaked -- you put fake but unique records in your database then watch the dark webs for folks selling dumps containing those values; and plausible but bogus code containing unique constants then check competitors' binaries against those values.