Homepage / Technology / Under pressure, Western tech firms bow to Russian demands to share cyber secrets
Amazon says this Prime Day was its biggest shopping event ever Kudlow says President Trump is 'so dissatisfied' with China trade talks that he is keeping the pressure on As stocks regain their footing, an ominous warning looms Goldman Sachs downgrades Clorox to sell, says valuation is 'unsustainably high' How Satya Nadella has spurred a tripling of Microsoft's stock price in just over four years Kudlow says economic growth could top 4% for 'a quarter or two,' more tax cuts could be coming The one chart that explains Netflix’s stunning comeback US housing starts plunge 12% in June to a nine-month low Aerospace titans Boeing and Airbus top $110 billion in orders at Farnborough Target uses Prime Day to its advantage, logging its 'biggest online shopping day' so far this year Billionaire Marc Lasry sees bitcoin reaching up to $40,000 as it becomes more mainstream and easier to trade These are the 10 US airports where you're most likely to be hacked Amazon shares slightly higher as investors await Prime Day results Wreck of Russian warship found, believed to hold gold worth $130 billion A bullish ‘phenomenon’ in bond market is weeks away from fading, top credit strategist says Stocks making the biggest moves premarket: MS, GOOGL, TXN, UAL, NFLX & more Twitter shares up 50% since late April means most upside priced in, analyst says in downgrade EU fines Google $5 billion over Android antitrust abuse Mortgage applications fall 2.5% as buyers struggle to find affordable homes America may not have the tools to counter the next financial crisis, warn Bernanke, Geithner and Paulson Investors are getting spooked as the risk of a no-deal Brexit rises EU expected to fine Google $5 billion over Android antitrust abuse Ex-FBI chief James Comey urges Americans to vote for Democrats in midterm elections Elon Musk apologizes to British cave diver following baseless 'pedo guy' claim Disney, Comcast and Fox: All you need to know about one of the biggest media battles ever Xiaomi shares notch new high after Hong Kong, mainland China stock exchanges reach agreement The trade war is complicating China's efforts to fix its economy European markets set for a strong open amid earnings; Google in focus Hedge fund billionaire Einhorn places sixth in major poker tournament The biggest spender of political ads on Facebook? President Trump Asian stocks poised to gain after Fed's Powell gives upbeat comments; dollar firmer Stocks are setting up to break to new highs Not all FAANG stocks are created equal EU ruling may be too little, too late to stop Google's mobile dominance Cramer explains how Netflix's stock managed to taper its drop after disappointing on earnings Airbnb condemns New York City's 'bellhop politics,' threatens legal retaliation Amazon sellers say they were unfairly suspended right before Prime Day, and now have two bad choices Investor explains why 'duller' tech stocks can have better returns than 'high-flying' tech names Elon Musk is 'thin-skinned and short-tempered,' says tech VC Texas Instruments CEO Brian Crutcher resigns for violating code of conduct Google Cloud Platform fixes issues that took down Spotify, Snapchat and other popular sites Uber exec: We want to become the 'one stop' transportation app 'What a dumb hearing,' says Democrat as Congress grills tech companies on conservative bias Amazon shares rebound, report says Prime Day sales jumped 89 percent in first 12 hours of the event How to put your medical history on your iPhone in less than 5 minutes Investment chief: Watch these two big events in 2018 Even with Netflix slowing, the market rally is likely not over Cramer: Netflix subscriber weakness debunks the 'sky's the limit' theory on the stock Netflix is looking at watch time as a new area of growth, but the competition is stiff Why Nobel laureate Richard Thaler follows Warren Buffett's advice to avoid bitcoin Rolls-Royce is developing tiny 'cockroach' robots to crawl in and fix airplane engines After Netflix plunge, Wall Street analysts forecast just tame returns ahead for the once high-flying FANG group Roku shares rise after analyst raises streaming video company's price target due to customer growth China is investing 9 times more into Europe than into North America, report reveals Amazon says US Prime Day sales 'so far bigger than ever' as glitch is resolved Netflix is on pace for its worst day in two years US lumber producers see huge opportunity, rush to expand San Francisco to consider tax on companies to help homeless Homebuilder sentiment, still high, stalls as tariffs, labor and land drive up costs Powell backs more rate hikes as economy growing 'considerably stronger' Netflix history is filled with big stock declines – like today – followed by bigger rebounds Intel shares get downgraded by Evercore ISI due to rising competition from Nvidia, AMD Petco aims to reinvent the pet store with something you can't buy online Genetic testing is coming of age, but for consumers it's buyer beware Tech 'FAANG' was the most-crowded trade in the world heading into the Netflix implosion, survey shows Netflix weak subscriber growth may indicate a 'maturity wall' that could whack the stock even more: Analyst This chart may be predicting the bull market's demise Wall Street says Netflix's stock plunge is a ‘compelling’ buying opportunity because the streaming giant ‘never misses twice’ Tesla sinks after Musk tweets, again Boeing announces new division devoted to flying taxis Stocks making the biggest move premarket: NFLX, UNH, GS, AMZN, WMT & more Deutsche Bank downgrades Netflix, but says big subscriber miss is not 'thesis changing' IBM is experimenting with a cryptocurrency that’s pegged to the US dollar North Korea and Zimbabwe: A friendship explained Virgin Galactic spinoff Orbit to launch rockets from the UK with space deal Artificial intelligence will create more jobs than it destroys? That’s what PwC says ‘Treasonous’ Trump and ‘Putin’s poodle:' Scathing headlines follow the Trump-Putin summit China’s fintech companies offer ‘enormous’ opportunity, investment manager says Trump's performance at summit with Putin was 'unprecedented,' experts say Walmart and Microsoft link up on cloud technology as they both battle Amazon European stocks seen mixed amid earnings; Fed’s Powell to address Congress How I knew I should quit my day job and run my start-up full-time: Viral website founder China's stocks have been trounced, but the trade war may ultimately be good news for those shares Billionaire tech investor Peter Thiel bets on crypto start-up Block.one Asian shares subdued open after mixed close on Wall Street; energy stocks under pressure Amazon cloud hits snags after Amazon Prime Day downtime Netflix isn't doomed by one quarter unless people start questioning the long-term investor thesis Tech stocks set to sink on Tuesday after rough evening for ‘FANG’ Netflix plummets after missing big on subscriber growth This wristband lets humans control machines with their minds The U.S. has a rocky history convincing Russia to extradite computer criminals Amazon suffers glitches at the start of Prime Day Jeff Bezos is now the richest man in modern history 'The United States has been foolish': Read Trump and Putin's full exchange Goldman Sachs recommends these 5 highly profitable companies — including Nvidia — to combat rising inflation Goldman Sachs releases 'tactical' stock picks for this earnings season Three red flags for Netflix ahead of its earnings report The bond market may be raising recession fears, but don't expect one anytime soon Cramer: Banks are 'making fortunes' but are still as hated as they were during the financial crisis Putin told Trump at summit: Russia never meddled in US election

Technology

Under pressure, Western tech firms bow to Russian demands to share cyber secrets

Written by finanster
on June 23, 2017
Leave a comment

Western technology companies, including Cisco, IBM and SAP, are acceding to demands by Moscow for access to closely guarded product security secrets, at a time when Russia has been accused of a growing number of cyber attacks on the West, a Reuters investigation has found.

Russian authorities are asking Western tech companies to allow them to review source code for security products such as firewalls, anti-virus applications and software containing encryption before permitting the products to be imported and sold in the country. The requests, which have increased since 2014, are ostensibly done to ensure foreign spy agencies have not hidden any “backdoors” that would allow them to burrow into Russian systems.

But those inspections also provide the Russians an opportunity to find vulnerabilities in the products’ source code — instructions that control the basic operations of computer equipment — current and former U.S. officials and security experts said.

While a number of U.S. firms say they are playing ball to preserve their entree to Russia’s huge tech market, at least one U.S. firm, Symantec, told Reuters it has stopped cooperating with the source code reviews over security concerns. That halt has not been previously reported.

Symantec said one of the labs inspecting its products was not independent enough from the Russian government.

U.S. officials say they have warned firms about the risks of allowing the Russians to review their products’ source code, because of fears it could be used in cyber attacks. But they say they have no legal authority to stop the practice unless the technology has restricted military applications or violates U.S. sanctions.

From their side, companies say they are under pressure to acquiesce to the demands from Russian regulators or risk being shut out of a lucrative market. The companies say they only allow Russia to review their source code in secure facilities that prevent code from being copied or altered.

The demands are being made by Russia’s Federal Security Service (FSB), which the U.S. government says took part in the cyberattacks on Hillary Clinton’s 2016 presidential campaign and the 2014 hack of 500 million Yahoo email accounts. The FSB, which has denied involvement in both the election and Yahoo hacks, doubles as a regulator charged with approving the sale of sophisticated technology products in Russia.

The reviews are also conducted by the Federal Service for Technical and Export Control (FSTEC), a Russian defense agency tasked with countering cyber espionage and protecting state secrets. Records published by FSTEC and reviewed by Reuters show that from 1996 to 2013, it conducted source code reviews as part of approvals for 13 technology products from Western companies. In the past three years alone it carried out 28 reviews.

A Kremlin spokesman referred all questions to the FSB. The FSB did not respond to requests for comment. FSTEC said in a statement that its reviews were in line with international practice. The U.S. State Department declined to comment.

Moscow’s source code requests have mushroomed in scope since U.S.-Russia relations went into a tailspin following the Russian annexation of Crimea in 2014, according to eight current and former U.S. officials, four company executives, three U.S. trade attorneys and Russian regulatory documents.

In addition to IBM, Cisco and Germany’s SAP, Hewlett Packard Enterprise, and McAfee have also allowed Russia to conduct source code reviews of their products, according to people familiar with the companies’ interactions with Moscow and Russian regulatory records.

Until now, little has been known about that regulatory review process outside of the industry. The FSTEC documents and interviews with those involved in the reviews provide a rare window into the tense push-and-pull between technology companies and governments in an era of mounting alarm about hacking.

Roszel Thomsen, an attorney who helps U.S. tech companies navigate Russia import laws, said the firms must balance the dangers of revealing source code to Russian security services against possible lost sales.

“Some companies do refuse,” he said. “Others look at the potential market and take the risk.”

“WE HAVE A REAL CONCERN”

If tech firms do decline the FSB’s source code requests, then approval for their products can be indefinitely delayed or denied outright, U.S. trade attorneys and U.S. officials said. The Russian information technology market is expected to be worth $18.4 billion this year, according to market researcher International Data Corporation (IDC).

Six current and former U.S. officials who have dealt with companies on the issue said they are suspicious about Russia’s motives for the expanded reviews.

“It’s something we have a real concern about,” said a former senior Commerce Department official who had direct knowledge of the interaction between U.S. companies and Russian officials until he left office this year. “You have to ask yourself what it is they are trying to do, and clearly they are trying to look for information they can use to their advantage to exploit, and that’s obviously a real problem.”

However, none of the officials who spoke to Reuters could point to specific examples of hacks or cyber espionage that were made possible by the review process.

Source code requests are not unique to Russia. In the United States, tech companies allow the government to audit source code in limited instances as part of defense contracts and other sensitive government work. China sometimes also requires source code reviews as a condition to import commercial software, U.S. trade attorneys say.

“CLEAN ROOMS”

The reviews often takes place in secure facilities known as “clean rooms.” Several of the Russian companies that conduct the testing for Western tech companies on behalf of Russian regulators have current or previous links to the Russian military, according to their websites.

Echelon, a Moscow-based technology testing company, is one of several independent FSB-accredited testing centers that Western companies can hire to help obtain FSB approval for their products.

Echelon CEO Alexey Markov told Reuters his engineers review source code in special laboratories, controlled by the companies, where no software data can be altered or transferred.

Markov said Echelon is a private and independent company but does have a business relationship with Russia’s military and law enforcement authorities.

Echelon’s website touts medals it was awarded in 2013 by Russia’s Ministry of Defense for “protection of state secrets.” The company’s website also sometimes refers to Markov as the “Head of Attestation Center of the Ministry of Defense.”

In an email, Markov said that title is only intended to convey Echelon’s role as a certified outside tester of military technology testing. The medals were generic and insignificant, he said.

But for Symantec, the lab “didn’t meet our bar” for independence, said spokeswoman Kristen Batch.

“In the case of Russia, we decided the protection of our customer base through the deployment of uncompromised security products was more important than pursuing an increase in market share in Russia,” said Batch, who added that the company did not believe Russia had tried to hack into its products.

In 2016, the company decided it would no longer use third parties, including Echelon, that have ties to a foreign state or get most of their revenue from government-mandated security testing.

“It poses a risk to the integrity of our products that we are not willing to accept,” she said.

Without the source code approval, Symantec can no longer get approval to sell some of its business-oriented security products in Russia. “As a result, we do minimal business there,” she said.

Markov declined to comment on Symantec’s decision, citing a non-disclosure agreement with the company.

TRUSTED LABS

Over the past year, HP has used Echelon to allow FSTEC to review source code, according to the agency’s records. A company spokesman declined to comment.

An IBM spokesman confirmed the company allows Russia to review its source code in secure, company-controlled facilities “where strict procedures are followed.”

FSTEC certification records showed the Information Security Center, an independent testing company based outside Moscow, has reviewed IBM’s source code on behalf of the agency. The company was founded more than 20 years ago under the auspices of an institute within Russia’s Ministry of Defense, according to its website. The company did not respond to requests for comment.

In a statement, McAfee said the Russia code reviews were conducted at “certified testing labs” at company-owned premises in the United States.

SAP allows Russia to review and test source code in a secure SAP facility in Germany, according to a person familiar with the process. In a company statement, SAP said the review process assures Russian customers “their SAP software investments are safe and secure.”

Cisco has recently allowed Russia to review source code, according to a person familiar with the matter.

A Cisco spokeswoman declined to comment on the company’s interactions with Russian authorities but said the firm does sometimes allow regulators to inspect small parts of its code in “trusted” independent labs and that the reviews do not compromise the security of its products.

Before allowing the reviews, Cisco scrutinizes the code to ensure they are not exposing vulnerabilities that could be used to hack the products, she said.

Source: Tech CNBC
Under pressure, Western tech firms bow to Russian demands to share cyber secrets

Comments are closed.