Homepage / Technology / Under pressure, Western tech firms bow to Russian demands to share cyber secrets
Aviatorda Başarı İçin İpuçları Slot Uçak Oyunu Stratejileri Balkc Oyunu Big Bass Bonanza ile Büyük Ödüller Elde Etmenin Tüyoları Online Casino Iphone App Beste Apps Inside Android & Apple Iphone Casino Casino Siteleri Play in Turkey Likit Su Yalıtım Sistemlerinde Uzman Hukuk EA TYT-AYT Net Sihirbazı İMO’dan Belediye Meclisinin kararına destek Yaşlılarımızın Günlük Yaşamlarını Çalışmalarımızla Kolaylaştırma Gayesindeyiz « AFŞİN HABER MERKEZİ Kasyno Na Żywo Vulkan Vegas ️ Graj Z Krupierem Na Żyw test Netent Slotlar ile Eğlenceli ve Kazançlı Bir Yolculuğa Çıkın 2024teki En Popüler EGT Slot Oyunları İplik Üretim-3 Tekstil Klima Sistemleri Orhangazi Ziraat odası başkanı Dinçer Dimrit ‘Dolu topları için savcılığa suç duyurusunda bulunacağız’ Bet10 com.tr Tel: +90 544 423 81 61 info@bet10.com.tr Ürünlerimiz Sigortam net: Sigortada Güvenin Adresi Bets10 Casino Mobil Giriş Isparta 32 Spora deplasman yasağı Bets10 Bahis Sitesi Alt Yapı Sporları ve Site Tasarımı Hüzeyfe Travel Erdoğan: 2053 vizyonuyla ileri teknolojileri hedefliyoruz haberi bet10 casino arşivleri İstanbulu taşıyan firma 0536 384 01 34 Miedz Legnica-Kotwica Kolobrzeg Maç kadroları, Maç sonuçları, Maç hakkında detaylar 10Bet Casino Türkiye Book Of Ra Elegant Slot Kostenlos Zocken Ohne Anmeldun Mostbet букмекерская контора ⭐ вход, регистрация, бонусы, ссылка для установки приложения Pragmatic Play Slot Dünyasında En İyi Temalı Oyunlar Deneme Bonusu Veren Sitelerde Hileli Oyunlar Gerçekler ve Mitoslar Why Are My Veins Bulging? Understanding the Causes and also Manifestations How to Eliminate Diabetes Mellitus: A Comprehensive Guide Roulette Free Play: A Comprehensive Overview to Online Live Roulette The World of Free Port Machines: Enjoyment at Your Fingertips Unlocking the Excitement of Free Slots Machines Ein Exklusiver Bonus Für Sie Sprawdź Najszybciej Wypłacalne Kasyna On The Web W Polsce 202 “Casinos Con Dinero True En Argentina Top Ten 2024 Şeker Patlatma Bahisinde Dikkat Edilmesi Gereken 5 Önemli Nokta Bodies finance (Virtual assistant, FHA and you will USDA) need far more documentation plus analysis Meilleur Casino Sur Internet Guidebook Français & Fiable Bonus + Fs Bets10 mobil indir Türkiye Bets10 apk Mobile uygulama Android ve iOS Bets10 mobil indir Türkiye Bets10 apk Mobile uygulama Android ve iOS Malatya’da 253 Okula 189 personel görevlendirildi haberi Malatya’da 253 Okula 189 personel görevlendirildi haberi Türkiye’deki yeni Bets10 giriş adresi Bets10’a yeni giriş adresiyle erişin Atiye Laçin İplik Üretim-3 Tekstil Klima Sistemleri Best10 Otomatik Giriş Bets10 Güncel Adresi Bet10 Benefits and drawbacks Away from A moment Mortgage Sweet Bonanza Oyununda En Yüksek Kazanç İçin Zamanı Yönetin Money You to Quicksilver Cash Benefits Charge card 1win Azerbaycan Müqəddimə Login Və Qeydiyyat Yukle 12 223 Archives Recognizing the Mini Funding 10,000: Whatever You Required to Know Créditos Rápidos Online Fiables: Todo lo que Necesitas Saber Todo lo que necesitas saber sobre el crédito rápido Easy Car Loan Application: A Convenient Service for Your Economic Demands Préstamos Urgentes Hoy: Información Útil y Consejos Préstamos de 1000 euros con Asnef a plazos: Todo lo que necesitas saber Report to the Economic Rules Box C: The new Expiration of interest-just Loan Conditions Oftentimes, their lender allow you to spend your property taxes and you will homeowner’s insurance policies directly against 4. What’s the FHA Financing Approval Procedure? We feel entirely visibility and will reveal all of our fee inside the the financing proposition at software stage 5. Do not think of your home since the only Resource Tom generated applying and getting pre-approved in regards to our FHA loan simple Bets10 Kumarhane İncelemesi ve Bonusları Best10 Otomatik Giriş Bets10 Güncel Adresi Bet10 ER: Yeni Malatyaspor’u Yoğun Bakımdan Servise Çıkarmaya Geldik haberi Mimarlık ve Tasarım Ofisi Bets10 Casino Mobil Giriş Atiye Laçin BETS10 giriş BETS10 yeni adresi Kumarhaneler ve spor bahisleri Bet10 com tr Tel: +90 544 423 81 61 info@bet10.com.tr Hizmet Alanlarımız Best10 Otomatik Giriş Bets10 Güncel Adresi Bet10 Charges for specialization checks act like general monitors Bets10 Casino Mobil Giriş Atiye Laçin In the event that you Explore good 401k Financing to pay off Debt? What is the Difference between Equity and Financial? Now you have to choose the right financial, gather your articles, and commence the mortgage underwriting processes It has been charged for the traditional funds, which is the identity useful for mortgage loans supported by Fannie mae otherwise Freddie Mac computer Ideal for Household Equity Finance : Look for The latest survey study recommend that FHBs or other the fresh new manager-occupiers was equally more likely when you look at the a couple of household from inside the What goes on easily miss home financing payment? Weighing the huge benefits and drawbacks of a reduced superior Va finance assist servicemembers, experts and you can qualified spouses take out regulators-supported lenders that have pros and you will service Most loan providers need a beneficial 640 credit rating and you may 41% debt-to-income ratio As with one advancing years time loans, you need to look for their funds by wanted asset allocation, as opposed to the big date What is the Escrow out-of a house? The Apr having Fixed Rate Improves (FRA) currently range out of 6 Lately, brand new Biden-Harris Management announced historic debt settlement options for the majority of federal loan consumers Household Security Credit line Providers Face Growing Risk away from Solution Lenders, J.D. Energy Discovers Some HELOC costs today start less than step three%. Appealing, it is a home collateral personal line of credit best for you? самые Онлайн Казино Рейтинг Топ Казино ддя Игр bet10 casino arşivleri İstanbulu taşıyan firma 0536 384 01 34 Afşin Merkeze 5 kilometre uzaklıkta ki mahallede telefonlar çekmiyor! « AFŞİN HABER MERKEZİ Bets10 Site İncelemesi Yeni Adresi,Canlı Bahis ve İddaa,Casino Oyunları ve Bonuslar BETS10 giriş BETS10 yeni adresi Kumarhaneler ve spor bahisleri Tekirdağ’da Malatyalılar Kahvaltıda Bir Araya Geldi haberi Muhtar Geziciden Başkan Görgel ve Başkan Kıraça Atlas Caddesi Teşekkürü « AFŞİN HABER MERKEZİ Bets10 Go: Bets10 Giriş Adresleri ve Cözümü 243 Bets10 En Güncel Fan Sitesi ve 243Bets10 Giriş Citizens: Finest family guarantee credit line to own lower quantity ERATE helps you contrast the current home loan loan cost when you look at the California Conclusion: 15-Seasons Fixed-Speed Antique Loan Preserves by far the most Money

Technology

Under pressure, Western tech firms bow to Russian demands to share cyber secrets

Western technology companies, including Cisco, IBM and SAP, are acceding to demands by Moscow for access to closely guarded product security secrets, at a time when Russia has been accused of a growing number of cyber attacks on the West, a Reuters investigation has found.

Russian authorities are asking Western tech companies to allow them to review source code for security products such as firewalls, anti-virus applications and software containing encryption before permitting the products to be imported and sold in the country. The requests, which have increased since 2014, are ostensibly done to ensure foreign spy agencies have not hidden any “backdoors” that would allow them to burrow into Russian systems.

But those inspections also provide the Russians an opportunity to find vulnerabilities in the products’ source code — instructions that control the basic operations of computer equipment — current and former U.S. officials and security experts said.

While a number of U.S. firms say they are playing ball to preserve their entree to Russia’s huge tech market, at least one U.S. firm, Symantec, told Reuters it has stopped cooperating with the source code reviews over security concerns. That halt has not been previously reported.

Symantec said one of the labs inspecting its products was not independent enough from the Russian government.

U.S. officials say they have warned firms about the risks of allowing the Russians to review their products’ source code, because of fears it could be used in cyber attacks. But they say they have no legal authority to stop the practice unless the technology has restricted military applications or violates U.S. sanctions.

From their side, companies say they are under pressure to acquiesce to the demands from Russian regulators or risk being shut out of a lucrative market. The companies say they only allow Russia to review their source code in secure facilities that prevent code from being copied or altered.

The demands are being made by Russia’s Federal Security Service (FSB), which the U.S. government says took part in the cyberattacks on Hillary Clinton’s 2016 presidential campaign and the 2014 hack of 500 million Yahoo email accounts. The FSB, which has denied involvement in both the election and Yahoo hacks, doubles as a regulator charged with approving the sale of sophisticated technology products in Russia.

The reviews are also conducted by the Federal Service for Technical and Export Control (FSTEC), a Russian defense agency tasked with countering cyber espionage and protecting state secrets. Records published by FSTEC and reviewed by Reuters show that from 1996 to 2013, it conducted source code reviews as part of approvals for 13 technology products from Western companies. In the past three years alone it carried out 28 reviews.

A Kremlin spokesman referred all questions to the FSB. The FSB did not respond to requests for comment. FSTEC said in a statement that its reviews were in line with international practice. The U.S. State Department declined to comment.

Moscow’s source code requests have mushroomed in scope since U.S.-Russia relations went into a tailspin following the Russian annexation of Crimea in 2014, according to eight current and former U.S. officials, four company executives, three U.S. trade attorneys and Russian regulatory documents.

In addition to IBM, Cisco and Germany’s SAP, Hewlett Packard Enterprise, and McAfee have also allowed Russia to conduct source code reviews of their products, according to people familiar with the companies’ interactions with Moscow and Russian regulatory records.

Until now, little has been known about that regulatory review process outside of the industry. The FSTEC documents and interviews with those involved in the reviews provide a rare window into the tense push-and-pull between technology companies and governments in an era of mounting alarm about hacking.

Roszel Thomsen, an attorney who helps U.S. tech companies navigate Russia import laws, said the firms must balance the dangers of revealing source code to Russian security services against possible lost sales.

“Some companies do refuse,” he said. “Others look at the potential market and take the risk.”

“WE HAVE A REAL CONCERN”

If tech firms do decline the FSB’s source code requests, then approval for their products can be indefinitely delayed or denied outright, U.S. trade attorneys and U.S. officials said. The Russian information technology market is expected to be worth $18.4 billion this year, according to market researcher International Data Corporation (IDC).

Six current and former U.S. officials who have dealt with companies on the issue said they are suspicious about Russia’s motives for the expanded reviews.

“It’s something we have a real concern about,” said a former senior Commerce Department official who had direct knowledge of the interaction between U.S. companies and Russian officials until he left office this year. “You have to ask yourself what it is they are trying to do, and clearly they are trying to look for information they can use to their advantage to exploit, and that’s obviously a real problem.”

However, none of the officials who spoke to Reuters could point to specific examples of hacks or cyber espionage that were made possible by the review process.

Source code requests are not unique to Russia. In the United States, tech companies allow the government to audit source code in limited instances as part of defense contracts and other sensitive government work. China sometimes also requires source code reviews as a condition to import commercial software, U.S. trade attorneys say.

“CLEAN ROOMS”

The reviews often takes place in secure facilities known as “clean rooms.” Several of the Russian companies that conduct the testing for Western tech companies on behalf of Russian regulators have current or previous links to the Russian military, according to their websites.

Echelon, a Moscow-based technology testing company, is one of several independent FSB-accredited testing centers that Western companies can hire to help obtain FSB approval for their products.

Echelon CEO Alexey Markov told Reuters his engineers review source code in special laboratories, controlled by the companies, where no software data can be altered or transferred.

Markov said Echelon is a private and independent company but does have a business relationship with Russia’s military and law enforcement authorities.

Echelon’s website touts medals it was awarded in 2013 by Russia’s Ministry of Defense for “protection of state secrets.” The company’s website also sometimes refers to Markov as the “Head of Attestation Center of the Ministry of Defense.”

In an email, Markov said that title is only intended to convey Echelon’s role as a certified outside tester of military technology testing. The medals were generic and insignificant, he said.

But for Symantec, the lab “didn’t meet our bar” for independence, said spokeswoman Kristen Batch.

“In the case of Russia, we decided the protection of our customer base through the deployment of uncompromised security products was more important than pursuing an increase in market share in Russia,” said Batch, who added that the company did not believe Russia had tried to hack into its products.

In 2016, the company decided it would no longer use third parties, including Echelon, that have ties to a foreign state or get most of their revenue from government-mandated security testing.

“It poses a risk to the integrity of our products that we are not willing to accept,” she said.

Without the source code approval, Symantec can no longer get approval to sell some of its business-oriented security products in Russia. “As a result, we do minimal business there,” she said.

Markov declined to comment on Symantec’s decision, citing a non-disclosure agreement with the company.

TRUSTED LABS

Over the past year, HP has used Echelon to allow FSTEC to review source code, according to the agency’s records. A company spokesman declined to comment.

An IBM spokesman confirmed the company allows Russia to review its source code in secure, company-controlled facilities “where strict procedures are followed.”

FSTEC certification records showed the Information Security Center, an independent testing company based outside Moscow, has reviewed IBM’s source code on behalf of the agency. The company was founded more than 20 years ago under the auspices of an institute within Russia’s Ministry of Defense, according to its website. The company did not respond to requests for comment.

In a statement, McAfee said the Russia code reviews were conducted at “certified testing labs” at company-owned premises in the United States.

SAP allows Russia to review and test source code in a secure SAP facility in Germany, according to a person familiar with the process. In a company statement, SAP said the review process assures Russian customers “their SAP software investments are safe and secure.”

Cisco has recently allowed Russia to review source code, according to a person familiar with the matter.

A Cisco spokeswoman declined to comment on the company’s interactions with Russian authorities but said the firm does sometimes allow regulators to inspect small parts of its code in “trusted” independent labs and that the reviews do not compromise the security of its products.

Before allowing the reviews, Cisco scrutinizes the code to ensure they are not exposing vulnerabilities that could be used to hack the products, she said.

Source: Tech CNBC
Under pressure, Western tech firms bow to Russian demands to share cyber secrets

Comments are closed.