FBI Fingerprint Software Might Contain Russian code

Uploaded on 2018-01-04 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Software for analysing fingerprints used by the FBI and more than 18,000 other US law enforcement agencies could contain Russian code.

Two former employees of a subsidiary of the French firm Safran Group told BuzzFeed News that the company secretly purchased code from the Russian cybersecurity company Papillon Systems. That code was then included in fingerprint analysis software the company sold to the FBI when the bureau purchased new software in 2011.

Papillon Systems regularly works with law enforcement agencies in Russia, including the Federal Security Service (FSB), Russia's modern-day spy agency. US intelligence agencies say the FSB was linked to efforts to interfere in the 2016 presidential election.

One of the whistleblowers, Philippe Desbois, said that officials in the French company were worried about the FBI learning the truth of the code's origin.

“They told me, ‘We will have big problems if the FBI is aware about the origin of the algorithm,’ " said Desbois, the Safran subsidiary's former CEO of Russia operations.
“It was always the intonation like we have done something bad that is a secret between us and that we should not repeat it to anybody,” he said.

Desbois has filed a whistleblower lawsuit against Safran in retaliation, alleging the company fraudulently took more than $1 billion from US law enforcement agencies at every level. 

Safran did not deny the existence of Russian code in court filings, according to the report, but instead argued that it is not responsible for the actions of a subsidiary.

The FBI declined to answer questions but issued a statement:

“As is typical for all commercial software that we operate, appropriate security reviews were completed prior to operational deployment,” the statement said.

Earlier in 2017, the Trump administration issued a memo banning all software from another Russian company with alleged links to the Kremlin, Kaspersky Labs, from being used on government computers.

“The Department is concerned about the ties between certain Kaspersky Labs officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky Labs and to intercept communications transiting Russian networks,” the Department of Homeland Security said in September 2017.

The Hill

You Might Also Read:

Kaspersky Says We Can Trust Him:

US launches Code.gov Software Code-sharing Website:

US Police Make Widespread Use Of Facial Recognition Software:

 

« Six Cyber Attacks That Shook 2017
Major Chip Flaws Confirmed »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

High-Tech Bridge

High-Tech Bridge

High-Tech Bridge SA is a Swiss MSSP provider offering security auditing, source code review and computer forensics.

Linklaters LLP

Linklaters LLP

Linklaters is an international law firm. Practice areas include Information Management and Data Protection.

StickyMinds

StickyMinds

StickyMinds is the web's first interactive testing community exclusively engaged in improving software quality throughout the software development lifecycle.

Cyber Security & Information Systems Information Analysis Center (CSIAC)

Cyber Security & Information Systems Information Analysis Center (CSIAC)

CSIAC is chartered to leverage best practices and expertise from government, industry, and academia on cyber security and information technology.

Security University

Security University

Security University is a leading provider of Qualified Hands-On Cybersecurity Education, Information Assurance Training and Certifications for IT and Security Professionals.

Tech Mahindra

Tech Mahindra

Tech Mahindra is a global leader in IT solutions, BPO, business consulting services & digital technologies.

Armis

Armis

Armis offers the markets leading asset intelligence platform designed to address the new threat landscape that connected devices create.

ETSI

ETSI

ETSI is a European Standards Organization dealing with telecommunications, broadcasting and other electronic communications networks and services including cybersecurity.

Nexum

Nexum

Nexum takes a comprehensive approach to security, from detecting and preventing network threats, to equipping you with the information, tools and training you need to effectively manage IT risk.

Quintillion Consulting

Quintillion Consulting

Quintillion Consulting is a strategic risk based consulting firm. We help companies safeguard the core business and IT capabilities that deliver competitive advantage.

apiiro

apiiro

apiiro invented the industry-first Code Risk Platform™ that uses developers and code behavior analysis to accelerate delivery and automatically remediate product risk.

Boeing

Boeing

Boeing is the world's largest aerospace company and leading manufacturer of commercial jetliners, defense, space and security systems.

Senserva

Senserva

Senserva delivers a deep analysis for security user accounts and applications within the Microsoft cloud environment.

Stronger International

Stronger International

Stronger International provides expert cyber services and training to organizations and individuals to enhance IT and security knowledge.

Aberrant

Aberrant

A radically new approach to managing information security. Aberrant is the single pane of glass through which a security program can be viewed.

M7 Services

M7 Services

M7 Services are a comprehensive Managed Services Provider (MSP) with a focus on delivering cutting-edge information technology solutions and unparalleled customer service.