FBI Fingerprint Software Might Contain Russian code

Uploaded on 2018-01-04 in NEWS-News Analysis, GOVERNMENT-Law Enforcement, FREE TO VIEW

Software for analysing fingerprints used by the FBI and more than 18,000 other US law enforcement agencies could contain Russian code.

Two former employees of a subsidiary of the French firm Safran Group told BuzzFeed News that the company secretly purchased code from the Russian cybersecurity company Papillon Systems. That code was then included in fingerprint analysis software the company sold to the FBI when the bureau purchased new software in 2011.

Papillon Systems regularly works with law enforcement agencies in Russia, including the Federal Security Service (FSB), Russia's modern-day spy agency. US intelligence agencies say the FSB was linked to efforts to interfere in the 2016 presidential election.

One of the whistleblowers, Philippe Desbois, said that officials in the French company were worried about the FBI learning the truth of the code's origin.

“They told me, ‘We will have big problems if the FBI is aware about the origin of the algorithm,’ " said Desbois, the Safran subsidiary's former CEO of Russia operations.
“It was always the intonation like we have done something bad that is a secret between us and that we should not repeat it to anybody,” he said.

Desbois has filed a whistleblower lawsuit against Safran in retaliation, alleging the company fraudulently took more than $1 billion from US law enforcement agencies at every level. 

Safran did not deny the existence of Russian code in court filings, according to the report, but instead argued that it is not responsible for the actions of a subsidiary.

The FBI declined to answer questions but issued a statement:

“As is typical for all commercial software that we operate, appropriate security reviews were completed prior to operational deployment,” the statement said.

Earlier in 2017, the Trump administration issued a memo banning all software from another Russian company with alleged links to the Kremlin, Kaspersky Labs, from being used on government computers.

“The Department is concerned about the ties between certain Kaspersky Labs officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky Labs and to intercept communications transiting Russian networks,” the Department of Homeland Security said in September 2017.

The Hill

You Might Also Read:

Kaspersky Says We Can Trust Him:

US launches Code.gov Software Code-sharing Website:

US Police Make Widespread Use Of Facial Recognition Software:

 

« Six Cyber Attacks That Shook 2017
Major Chip Flaws Confirmed »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Cynet

Cynet

Cynet simplifies security by providing a rapidly deployed, comprehensive platform for detection, prevention and automated response to advanced threats with near-zero false positives.

ACME Communications

ACME Communications

ACME Communications specialises in the field of data centre, implementation, maintenance & operation and all aspects of other IT service.

ISACA

ISACA

ISACA is a global professional association and learning organization for members who work in information security, governance, assurance, rissk and privacy.

CERT-EU

CERT-EU

CERT-EU is a permanent Computer Emergency Response Team for the EU institutions, agencies and bodies.

Kudelski Security

Kudelski Security

Kudelski Security is an international cybersecurity company providing innovative, independent and tailored security solutions for large enterprise and public sector clients.

Redjack

Redjack

Redjack is a cutting-edge network analytics company focused on enterprise and ISP security and intelligence solutions.

Salt Security

Salt Security

Salt Security protects the APIs that are the core of every SaaS, web, mobile, microservices and IoT application.

PSYND

PSYND

PSYND is a Swiss consultancy company based in Geneva specialized in CyberSecurity and Identity & Access Management.

CyPhyCon

CyPhyCon

CyPhyCon is an annual event exploring threats and solutions to cyber attacks on cyber-physical systems such as industrial control systems, Internet of Things and Industrial Internet of Things.

InfoExpress

InfoExpress

InfoExpress provides network security solutions that enhance productivity and security through better visibility, improved security, and automating device and mobile access to the network.

Vizius Group

Vizius Group

The Vizius Group are a think tank of cybersecurity consultants who understand the mechanics and business value of risk reduction.

Buchanan & Edwards

Buchanan & Edwards

Buchanan & Edwards delivers forward-focused technology solutions that help our clients transform the way they perform their missions.

Zeva

Zeva

Zeva solves complex identity and encryption challenges for the federal government and corporations around the globe.

McDonald Hopkins

McDonald Hopkins

McDonald Hopkins is a business advisory and advocacy law firm. We focus on insightful legal solutions that help our clients strategically plan for an increasingly competitive future.

Netox

Netox

Netox is a comprehensive IT service provider that combines IT support services, IT solutions and specialist services; specializing in cybersecurity solutions.

CommandK

CommandK

CommandK provides companies with infrastructure to protect their sensitive data. Built-in solutions to prevent data-leaks and simplify governance.