FBI Fingerprint Software Might Contain Russian code

Software for analysing fingerprints used by the FBI and more than 18,000 other US law enforcement agencies could contain Russian code.

Two former employees of a subsidiary of the French firm Safran Group told BuzzFeed News that the company secretly purchased code from the Russian cybersecurity company Papillon Systems. That code was then included in fingerprint analysis software the company sold to the FBI when the bureau purchased new software in 2011.

Papillon Systems regularly works with law enforcement agencies in Russia, including the Federal Security Service (FSB), Russia's modern-day spy agency. US intelligence agencies say the FSB was linked to efforts to interfere in the 2016 presidential election.

One of the whistleblowers, Philippe Desbois, said that officials in the French company were worried about the FBI learning the truth of the code's origin.

“They told me, ‘We will have big problems if the FBI is aware about the origin of the algorithm,’ " said Desbois, the Safran subsidiary's former CEO of Russia operations.
“It was always the intonation like we have done something bad that is a secret between us and that we should not repeat it to anybody,” he said.

Desbois has filed a whistleblower lawsuit against Safran in retaliation, alleging the company fraudulently took more than $1 billion from US law enforcement agencies at every level. 

Safran did not deny the existence of Russian code in court filings, according to the report, but instead argued that it is not responsible for the actions of a subsidiary.

The FBI declined to answer questions but issued a statement:

“As is typical for all commercial software that we operate, appropriate security reviews were completed prior to operational deployment,” the statement said.

Earlier in 2017, the Trump administration issued a memo banning all software from another Russian company with alleged links to the Kremlin, Kaspersky Labs, from being used on government computers.

“The Department is concerned about the ties between certain Kaspersky Labs officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky Labs and to intercept communications transiting Russian networks,” the Department of Homeland Security said in September 2017.

The Hill

You Might Also Read:

Kaspersky Says We Can Trust Him:

US launches Code.gov Software Code-sharing Website:

US Police Make Widespread Use Of Facial Recognition Software:

 

« Six Cyber Attacks That Shook 2017
Major Chip Flaws Confirmed »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

MD5

MD5

MD5 is a leading UK provider of Digital Forensic & eDiscovery services to large multi-national corporate businesses, Law Enforcement & Government Agencies, high profile legal firms.

CloudMask

CloudMask

CloudMask patent technology provides Dynamic Data Masking (DDM) that masks sensitive data, structured or non-structured, in real-time.

Combis

Combis

COMBIS is a regional high-tech ICT company focused on the development of application, communication, security and system solutions and the provision of services.

TechBeacon

TechBeacon

TechBeacon.com is a digital hub by and for software engineering, IT and security professionals sharing practical and passionate guidance to real-world challenges.

CyberQ Group

CyberQ Group

CyberQ is an award winning cyber security consultancy and services provider and an innovator in Artificial Intelligence and Automated Cyber Security.

StackHawk

StackHawk

StackHawk is built to help dev teams ship secure code. Find and fix bugs early before they become vulnerabilities in production.

CloudBolt Software

CloudBolt Software

CloudBolt provide solutions for your toughest cloud challenges. From automation, to cost and security, and hybrid IT governance — we have you covered.

Ostendio

Ostendio

Ostendio is a cybersecurity and information management solutions provider that develops affordable compliance solutions for digital health companies and other regulated entities.

Input Output (IOHK)

Input Output (IOHK)

IOHK is one of the world's pre-eminent blockchain infrastructure research and engineering companies.

StrataCore

StrataCore

StrataCore is a single-source technology lifecycle advocate that works behind IT teams as a strategic partner to help them achieve peak enterprise outcomes.

Pathlock

Pathlock

Pathlock (formerly Greenlight) help enterprises and organizations automate the enforcement of any process, access, or IT general control, for any business application.

AddSecure

AddSecure

AddSecure is a leading European provider of secure IoT connectivity and end-to-end solutions.

Oduma Solutions

Oduma Solutions

Oduma Solutions is a wholly owned Ghanaian Cybersecurity company that offers information security services to organisations seeking to improve their security posture.

TrueBees

TrueBees

TrueBees is the first deepfakes detector able to detect AI-generated portraits shared on social media and to prevent their diffusion across the web.

Aprio

Aprio

Aprio is a premier business advisory and accounting firm. We deliver advisory, tax, managed, and private client services to build value, drive growth, manage risk, and protect wealth.

Securaa

Securaa

Securaa is a comprehensive No Code Security Automation Platform. Smarter Security with Clarity and Control.