In international news this week, Cisco, IBM and SAP are reportedly agreeing to demands by the government of Russia to provide access to secrets about their products at a time when the country has been accused of cyberattacks targeted at Western countries, reported Reuters.
According to an investigation by Reuters, Russian authorities have been asking tech companies from the West to let them review source code for security products, including firewalls, anti-virus apps and software including encryption, before letting the products be sold in Russia. The requests are so that Russia can find any secret backdoors that would let foreign spies get into Russian computer systems. The requirements also give Russia the ability to pinpoint weaknesses in the source code of the products, which they could then use to exploit the systems.
Several U.S. tech companies, including Cisco, IBM and SAP told Reuters they are providing the access to get in the Russian market, which is huge — but not everyone is agreeing to the terms.
Symantec told Reuters it won’t provide source code reviews any longer due to security concerns. The security company told Reuters one of the labs inspecting the products was too close to the Russian government.
Meanwhile Reuters noted officials in the U.S. have been warning technology firms about the potential risks. They have no legal authority to stop the companies from sharing product secrets, noted the report. The technology companies say if they don’t comply, they could be shut out of the tech market in Russia, which is very lucrative for them. The companies contend they let Russia review the source code and firewalls in secure places and prevent the code from being copied or changed.
According to Reuters, the reviews are being conducted by Russia’s Federal Security Service (FSB), which the U.S. government blames for being part of the cyberattacks on Hillary Clinton’s 2016 presidential campaign and the 2014 hack of 500 million Yahoo email accounts. The Federal Service for Technical and Export Control (FSTEC), a Russian defense agency focused on countering cyber espionage and protecting state secrets, is also reviewing the Western tech products.
Separately, The Sunday Times reported that based on their own investigation, passwords of British officials, including cabinet ministers, ambassadors and senior police officers, are being traded over the internet by Russian hackers. The report noted email addresses and passwords of Justine Greening, the education secretary, and Greg Clark, the business secretary, are among the ones stolen. The report noted tens of thousands of government officials’ information were sold or traded via Russian-speaking hacking sites and were lately made free to anyone.
According to the investigation, private log-in details of 1,000 British MPs and parliamentary staff, 7,000 police employees and more than 1,000 Foreign Office officials were being traded online.