At a time when Russia has been accused of a growing number of cyber attacks on the West, demands by Moscow for access to closely guarded product security secrets are being acceded to by western technology companies, including Cisco, IBM and SAP, reports Reuters.
Before permitting the products to be imported and sold in the country, review of source code for security products such as firewalls, anti-virus applications and software containing encryption are being asked by Russian authorities from Western tech companies. Ostensibly done to ensure foreign spy agencies have not hidden any "backdoors" that would allow them to burrow into Russian systems, these requests have increased since 2014.
But current and former U.S. officials and security experts said that vulnerabilities in the products' source code — instructions that control the basic operations of computer equipment, can also be found out by Russians by those inspections.
While at least one U.S. firm, Symantec, told Reuters it has stopped cooperating with the source code reviews over security concerns, a number of U.S. firms say they are playing ball to preserve their entree to Russia's huge tech market.
And not independent enough from the Russian government was one of the labs inspecting its products, Symantec said.
Warnings about the Russians being allowed to review their products' source code, because of fears it could be used in cyber attacks, have already been issued to the firms by the U.S. officials. But unless the technology has restricted military applications or violates U.S. sanctions, U.S. authorities have no legal authority to stop the practice, they say.
Either risk being shut out of a lucrative market or acquiesce to the demands from Russian regulators are the two options that companies say they are being pressurized to choose from. Secure facilities that prevent code from being copied or altered are the only places where they allow Russia to review their source code, the companies say.
Part of the group that took part in the cyberattacks on Hillary Clinton's 2016 presidential campaign and the 2014 hack of 500 million Yahoo email accounts is Russia's Federal Security Service (FSB), according to the U.S. and these demands are being made by that Russian agency. A regulator charged with approving the sale of sophisticated technology products in Russia is the FSB which has also denied involvement in both the election and Yahoo hacks.
A Russian defense agency tasked with countering cyber espionage and protecting state secrets, the Federal Service for Technical and Export Control (FSTEC), also conducts the reviews. As part of approvals for 13 technology products from Western companies, it conducted source code reviews from 1996 to 2013, says Reuters citing records published by FSTEC. It carried out 28 reviews in the past three years alone.
There were no comments from the Kremlin or FSB and from the U.S. State Department to the news report. Its reviews were in line with international practice, the FSTEC said in a statement.
According to eight current and former U.S. officials, four company executives, three U.S. trade attorneys and Russian regulatory documents, since U.S.-Russia relations went into a tailspin following the Russian annexation of Crimea in 2014, Moscow's source code requests have mushroomed in scope.
Hewlett Packard Enterprise, and McAfee have also allowed Russia to conduct source code reviews of their products, in addition to IBM, Cisco and Germany's SAP, reported Reuters.
(Source:wwwcnbc.com)
Before permitting the products to be imported and sold in the country, review of source code for security products such as firewalls, anti-virus applications and software containing encryption are being asked by Russian authorities from Western tech companies. Ostensibly done to ensure foreign spy agencies have not hidden any "backdoors" that would allow them to burrow into Russian systems, these requests have increased since 2014.
But current and former U.S. officials and security experts said that vulnerabilities in the products' source code — instructions that control the basic operations of computer equipment, can also be found out by Russians by those inspections.
While at least one U.S. firm, Symantec, told Reuters it has stopped cooperating with the source code reviews over security concerns, a number of U.S. firms say they are playing ball to preserve their entree to Russia's huge tech market.
And not independent enough from the Russian government was one of the labs inspecting its products, Symantec said.
Warnings about the Russians being allowed to review their products' source code, because of fears it could be used in cyber attacks, have already been issued to the firms by the U.S. officials. But unless the technology has restricted military applications or violates U.S. sanctions, U.S. authorities have no legal authority to stop the practice, they say.
Either risk being shut out of a lucrative market or acquiesce to the demands from Russian regulators are the two options that companies say they are being pressurized to choose from. Secure facilities that prevent code from being copied or altered are the only places where they allow Russia to review their source code, the companies say.
Part of the group that took part in the cyberattacks on Hillary Clinton's 2016 presidential campaign and the 2014 hack of 500 million Yahoo email accounts is Russia's Federal Security Service (FSB), according to the U.S. and these demands are being made by that Russian agency. A regulator charged with approving the sale of sophisticated technology products in Russia is the FSB which has also denied involvement in both the election and Yahoo hacks.
A Russian defense agency tasked with countering cyber espionage and protecting state secrets, the Federal Service for Technical and Export Control (FSTEC), also conducts the reviews. As part of approvals for 13 technology products from Western companies, it conducted source code reviews from 1996 to 2013, says Reuters citing records published by FSTEC. It carried out 28 reviews in the past three years alone.
There were no comments from the Kremlin or FSB and from the U.S. State Department to the news report. Its reviews were in line with international practice, the FSTEC said in a statement.
According to eight current and former U.S. officials, four company executives, three U.S. trade attorneys and Russian regulatory documents, since U.S.-Russia relations went into a tailspin following the Russian annexation of Crimea in 2014, Moscow's source code requests have mushroomed in scope.
Hewlett Packard Enterprise, and McAfee have also allowed Russia to conduct source code reviews of their products, in addition to IBM, Cisco and Germany's SAP, reported Reuters.
(Source:wwwcnbc.com)
Homepage
Send to a friend
Printable version
Share
