What could possibly go wrong?
Documents seen by Reuters state that in the past three years, the Russian FSB (what used to be called the KGB) and its military Federal Service for Technical and Export Control (FSTEC) have reviewed 28 products from Western firms. The examinations of the source code are apparently to check if the software has backdoors that could be exploited by intelligence agencies.
Which is somewhat ironic, considering the ever-increasing claims that the Russian intelligence agencies have been hacking Western politicians for years in an attempt to subvert the electoral process. US government officials have advised firms not to take part in these checks, but have no legal authority to ban them.
“It’s something we have a real concern about,” said a former senior Commerce Department official who had direct knowledge of the testing.
“You have to ask yourself what it is they are trying to do, and clearly they are trying to look for information they can use to their advantage to exploit, and that’s obviously a real problem.”
Only one firm, Symantec, has said no to the Russian demands. The security vendor was apparently not convinced that the testing would be performed in a way that protected its intellectual property.
While the Russian investigators aren’t allowed to copy or alter the source code, examination of the tests would give them an excellent opportunity to look for vulnerabilities that could be used in later attacks. All testing occurs in so-called clean rooms in Russian laboratories.
It appears that companies are more interested in getting into the Russian market than they are concerned about Russian hacking. Then again, that may change if more evidence of Russian involvement in government hacking comes to light. ®