While all US intelligence agencies agree that Russia meddled in the presidential election last year, Donald Trump still finds time in his busy schedule to question whether it actually happened. Vladimir Putin, meanwhile, has denied any interference and suggested that any hacks originating from Russia may be the work of “overzealous patriots.”
A new report shows that Russia has been more and more interested in Western technology and its tech secrets in recent years for two reasons: Preventing hacks and finding vulnerabilities.
A Reuters report claims that Russian regulators want to inspect the source code of the various tech products that Western companies want to sell in the region.
These demands come from the Federal Security Service (FSB) and the Federal Service for Technical and Export Control (FSTEC). If FSB sounds familiar, that’s because it’s the spy agency believed to have been involved in the Hillary Clinton hacks last year, and in the Yahoo hacks back in 2014. The FSTEC, meanwhile, is a Russian defense agency tasked with countering cyber espionage and protecting state secrets.
Russia’s interest in accessing code that’s not available to regular users of a software product, such as an anti-virus app or an encrypted app, shouldn’t be surprising. Russian intelligence agencies are worried that the source code could include backdoors that could then be used to hack the government agencies that buy Western software.
But Reuters also says that Russia may be looking for vulnerabilities in these products that could be used against Western targets in future hacks. The report notes that the source code reviews were rare until 2013. Only 13 tech products were reviewed by FSTEC in a 17-year period ending in 2013. In the past three years, however, the agency reviewed 28 products from Western companies.
These reviews take place in a secure room where the data can’t be altered or stolen, the report says — the image above explains the entire process.
Usually, tech companies agree to the reviews. The alternative would be missing out on the Russian market, as those products might be delayed or denied entry. Companies including Cisco, IBM, HP, SAP, have agreed to these periodical reviews.
Symantec, which is making anti-virus programs, stopped cooperating, as it believes that one of the companies conducting the reviews isn’t independent enough from Russian spy agencies.
That said, none of the US officials familiar with these reviews were able to link them to any cyber attack believed to have originated in Russia.
Reuters’ detailed report is available at this link.