FBI Fingerprint Software Might Contain Russian code

Uploaded on 2018-01-04 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Software for analysing fingerprints used by the FBI and more than 18,000 other US law enforcement agencies could contain Russian code.

Two former employees of a subsidiary of the French firm Safran Group told BuzzFeed News that the company secretly purchased code from the Russian cybersecurity company Papillon Systems. That code was then included in fingerprint analysis software the company sold to the FBI when the bureau purchased new software in 2011.

Papillon Systems regularly works with law enforcement agencies in Russia, including the Federal Security Service (FSB), Russia's modern-day spy agency. US intelligence agencies say the FSB was linked to efforts to interfere in the 2016 presidential election.

One of the whistleblowers, Philippe Desbois, said that officials in the French company were worried about the FBI learning the truth of the code's origin.

“They told me, ‘We will have big problems if the FBI is aware about the origin of the algorithm,’ " said Desbois, the Safran subsidiary's former CEO of Russia operations.
“It was always the intonation like we have done something bad that is a secret between us and that we should not repeat it to anybody,” he said.

Desbois has filed a whistleblower lawsuit against Safran in retaliation, alleging the company fraudulently took more than $1 billion from US law enforcement agencies at every level. 

Safran did not deny the existence of Russian code in court filings, according to the report, but instead argued that it is not responsible for the actions of a subsidiary.

The FBI declined to answer questions but issued a statement:

“As is typical for all commercial software that we operate, appropriate security reviews were completed prior to operational deployment,” the statement said.

Earlier in 2017, the Trump administration issued a memo banning all software from another Russian company with alleged links to the Kremlin, Kaspersky Labs, from being used on government computers.

“The Department is concerned about the ties between certain Kaspersky Labs officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky Labs and to intercept communications transiting Russian networks,” the Department of Homeland Security said in September 2017.

The Hill

You Might Also Read:

Kaspersky Says We Can Trust Him:

US launches Code.gov Software Code-sharing Website:

US Police Make Widespread Use Of Facial Recognition Software:

 

« Six Cyber Attacks That Shook 2017
Major Chip Flaws Confirmed »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

SABSACourses

SABSACourses

SABSA is a development process used for solving complex problems such as IT Operations, Risk Management, Compliance & Audit functions.

Cato Networks

Cato Networks

Cato connects your branch locations, physical and cloud datacenters, and mobile users into a secure and optimized global network in the cloud.

AGAT Software

AGAT Software

AGAT Software is an innovative security provider specializing in external access authentication and data protection solutions.

Xcina Consulting (XCL)

Xcina Consulting (XCL)

Xcina Consulting provides high quality business and technology risk assurance and advisory services.

EPIC Insurance Brokers & Consultants

EPIC Insurance Brokers & Consultants

EPIC is an insuarnce broker and consultancy firm. Risk management services include risk consultancy and cybersecurity insurance.

CRI Group

CRI Group

CRI Group excels at deterring, detecting and investigating crimes against businesses using a global network of professionals specially trained in Anti-Corruption, Risk Management and Compliance.

Allied Telesis

Allied Telesis

Allied Telesis delivers the secure, flexible, and agile solutions needed to meet the expectations of any industry’s critical mission.

Aegis Security

Aegis Security

Aegis Security helps clients to secure their systems against potential threats through pre-emptive measures, such as security assessments, and cutting-edge solutions to security challenges.

Flat6Labs

Flat6Labs

Flat6Labs is the MENA region’s leading seed and early stage venture capital firm, currently running the most renowned startup programs in the region.

CyberFOX

CyberFOX

CyberFOX is a global cybersecurity solutions provider focused on identity access management (IAM) for managed service providers (MSPs) and IT professionals.

The Purple Guys

The Purple Guys

The Purple Guys offer Trouble-Free IT Support to businesses across the Central and Southern US. Safe and Secure, Rapid Response, Friendly Support that’s our Purple Promise.

RightCue Assurance

RightCue Assurance

RightCue Assurance identify opportunities for improvement in the Information Security for your organisation and work with you to reduce cyber risk.

CliffGuard Cybersecurity

CliffGuard Cybersecurity

CliffGuard Cybersecurity deliver comprehensive services designed to protect your organization from the ever-evolving landscape of cyber threats.

SOCRadar

SOCRadar

SOCRadar is an Extended Threat Intelligence (XTI) SaaS platform that combines External Attack Surface Management (EASM), Digital Risk Protection Services (DRPS), and Cyber Threat Intelligence (CTI).

Kali Linux

Kali Linux

Kali Linux is an open-source, Debian-based Linux distribution geared towards various information security tasks, such as Penetration Testing.

Sprinto

Sprinto

Ambitious tech companies all over the world trust Sprinto to power their security compliance programs and sprint through audits without breaking their stride.