Major tech companies let Russia analyze software used by the US government - reports

Major tech companies let Russia analyze software used by the US government - reports | Insurance Business

Major tech companies let Russia analyze software used by the US government - reports
An investigation conducted by Reuters has found that global technology providers, including SAP and McAfee, may have allowed Russian authorities to check their software for vulnerabilities.

The move potentially endangers the security of several computer networks in at least a dozen federal agencies, officials said. Such agencies include the Pentagon, NASA, the State Department, the FBI, and the intelligence community.

According to the report, the tech companies permitted a Russian defense agency to examine the source code of some of their products in order to sell the software in the Russian market. Russian authorities claimed that the reviews are necessary to find flaws that could be abused by cybercriminals.

While the review process allows Russia to prevent any faulty software from being sold in its stores, it could also allow the country to later exploit those vulnerabilities.

Last October, Reuters found that the software ArcSight, previously developed by Hewlett Packard Enterprise, had been reviewed by a “Russian military contractor with close ties to Russia’s security services.”

The latest report reviewed hundreds of US federal procurement documents and Russian regulatory records and found that the risk of data breaches at US agencies could be far worse than previously thought.

The review found that ArcSight is used in at least seven other agencies, including the Office of the Director of National Intelligence and the State Department’s intelligence unit. It also found that products made by several global tech giants, and reviewed by Russian authorities, are used in at least eight agencies – in some cases, several of these agencies use more than one of the four products.


Related stories:
Lloyd’s: Major cloud shutdown could lead to tens of billions lost
Rising cyber risks grabbing global attention