Western tech firms are under strong pressure by Moscow for access to closely guarded cyber secrets of products, a Reuters investigation reveals.
This is coming at a time Russia has been accused of a growing number of cyber attacks on the West.
According to the investigation, Russian authorities are asking Western tech companies to allow them to review source code for security products such as firewalls, anti-virus applications and software containing encryption before permitting the products to be imported and sold in the country.
Symantec, one of the firms pressured to reveal its cyber secrets said one of Russian labs inspecting its products was not independent enough from the government.
“The requests, which have increased since 2014, are ostensibly done to ensure foreign spy agencies have not hidden any “backdoors” that would allow them to burrow into Russian systems,” Reuters reported.
However, the inspections also provide the Russians an opportunity to find vulnerabilities in the products’ source code – instructions that control the basic operations of computer equipment, current and former U.S. officials and security experts said.
Other companies involved in the inspections include Cisco, IBM and SAP.
While a number of the U.S. firms say they are playing ball to preserve their entree to Russia’s huge tech market, Symantec told Reuters it has stopped cooperating with the source code reviews over security concerns.
Meanwhile, U.S. officials say they have warned firms about the risks of allowing Russia to review their products’ source code, because of fears it could be used in cyber attacks.
But they say they have no legal authority to stop the practice unless the technology has restricted military applications or violates U.S. sanctions.
The inspections are being made by Russia’s Federal Security Service (FSB), which the U.S. government said took part in the cyber attacks on Hillary Clinton’s 2016 presidential campaign and the 2014 hack of 500 million Yahoo email accounts.