Cyber Warfare: No rifles, bombs, hand grenades, or tanks —
à la mode: Wireless keyboards
WASHINGTON & MOSCOW (Reuters) – Major global technology providers SAP (SAPG), Symantec (SYMC), and McAfee (MCAF) have allowed Russian authorities to hunt for vulnerabilities in software deeply embedded across the U.S. government, a Reuters investigation has found.
Pretty startling headlines to this story (my emphasis is added and key parts are boxed off) – very disturbing to say the least:
Tech Firms let Russia probe software widely used
by U.S. Government
In order to sell in the Russian market, the tech companies let a Russian defense agency scour the inner workings, or source code, of some of their products. Russian authorities say the reviews are necessary to detect flaws that could be exploited by hackers.
(I note: So, business deals is the name of the game, um, I see, I see - so, just make a fast buck as it were).
But those same products protect some of the most sensitive areas of the U.S government, including the Pentagon, NASA, the State Department, the FBI, and the IC (Intelligence Community), against hacking by sophisticated cyber adversaries like Russia.
Reuters revealed in October that Hewlett Packard Enterprise (HPEN) software known as ArcSight, used to help secure the Pentagon’s computers, had been reviewed by a Russian military contractor with close ties to Russia’s security services.
Reuters has not found any instances where a source code review played a role in a cyberattack, and some security experts say hackers are more likely to find other ways to infiltrate network systems.
Tech companies wanting to access Russia’s large market are often required to seek certification for their products from Russian agencies, including the FSB security service and Russia’s Federal Service for Technical and Export Control (FSTEC), a defense agency tasked with countering cyber espionage. FSTEC declined to comment and the FSB did not respond to requests for comment.
SAP HANA, a database system, underwent a source code review in order to obtain certification in 2016, according to Russian regulatory records. The software stores and analyzes information for the State Department, Internal Revenue Service, NASA and the Army.
SAP spokeswoman said any source code reviews were conducted in a secure, company-supervised facility where recording devices or even pencils “Are strictly forbidden, and all governments and governmental organizations are treated the same with no exceptions,” the spokeswoman said.