Skip to main content
banner image
venafi logo

Spy vs Spy: Russia Seizing Source Code Secrets Is the Latest in an Alarming Trend

Spy vs Spy: Russia Seizing Source Code Secrets Is the Latest in an Alarming Trend

russia source code scandal
June 29, 2017 | Eva Hanscom

According to a recent report from Reuters, several prominent US-based technology companies have agreed to share product security secrets with the Russian government.

As reporters Joel Schectman, Dustin Volz and Jack Stubbs write: “Russian authorities are asking Western tech companies to allow them to review source code for security products such as firewalls, anti-virus applications and software containing encryption before permitting the products to be imported and sold in the country.”

Russian officials claim these inspections are done to ensure that outside agencies and organizations have not placed any spying mechanisms or backdoors into their equipment. However, critics believe these demands give the Russian government an opportunity to find vulnerabilities in the products' source code, which then could be used in future cyber attacks.

Given the current political climate between Russia and the United States, the mandates from Moscow seem unique and devious. However, this is just the latest chapter in Russian government technological scrutiny.

“Russia’s demands to inspect source code, especially when it comes to sensitive encryption and security functions, is nothing new,” says Kevin Bocek, chief security strategist for Venafi. “In 2016, Russia enacted the counter-terrorism Yarovaya laws, which required Internet businesses to submit their encryption keys to the government. Unfortunately, handing over these keys enabled Russia to spoof the identities of the same business’s machines.”

But, the international scope of Russia’s latest demands is especially alarming. “By targeting Western companies, this disturbing trend will have global consequences,” Bocek continues. “This is part of is an undeniable movement that’s clearly aimed to control free speech, privacy, and the security of machines across the Internet and around the world.”

Of course, Russia is not alone in issuing these kinds of requirements. At the start of the year, the Chinese Cybersecurity Law went into effect. This law also seeks to ‘improve’ the security of the Internet by requiring critical infrastructure, including banking and retail organizations, to submit their systems for government review. The law applies to any business operating in China, including those from the US and Europe. And consequently, costs to comply with the new are estimated to reach $100 million for some businesses.

In addition, many Western governments are currently seeking ways to enforce similar regulations to weaken online security and privacy. “Laws in the United Kingdom and France, such as RIPA and the recently enacted Snooper’s Charter in the UK, enable governments to compel organizations to hand over encryption methods,” says Bocek.

Despite the dangers these regulations pose, its highly probable many more countries will issue similar demands. Bocek concludes: “It is very likely more governments in the West will follow the trends of Russian and Chinese, enabling controls that may seem shocking today but further the control countries seek over encryption and machine identities.”

How can organizations fight back against overzealous government demands? Should businesses share product security secrets with foreign powers?

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

lawyer reading from legal books on a desk, with a scale in the foreground

Do We Trust Governments to Effectively Regulate Privacy? [Ask Security Professionals]

hands reaching out of laptop screen holding ballot box, another person's hand casting a vote
Encryption

Will Encryption Backdoors Hurt Election Infrastructure? Security Professionals Say Yes.

Man standing in front of a cyber-secured world.

What If You Could Guarantee Eliminating Outages in Your Organization?

About the author

Eva Hanscom
Eva Hanscom

Eva is Public Relations Manager at Venafi. She is passionate about educating the global marketplace about infosec and machine-identity issues, and in 2018 grew Venafi's global coverage by 45%.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat