FBI Fingerprint Software Might Contain Russian code

Uploaded on 2018-01-04 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Software for analysing fingerprints used by the FBI and more than 18,000 other US law enforcement agencies could contain Russian code.

Two former employees of a subsidiary of the French firm Safran Group told BuzzFeed News that the company secretly purchased code from the Russian cybersecurity company Papillon Systems. That code was then included in fingerprint analysis software the company sold to the FBI when the bureau purchased new software in 2011.

Papillon Systems regularly works with law enforcement agencies in Russia, including the Federal Security Service (FSB), Russia's modern-day spy agency. US intelligence agencies say the FSB was linked to efforts to interfere in the 2016 presidential election.

One of the whistleblowers, Philippe Desbois, said that officials in the French company were worried about the FBI learning the truth of the code's origin.

“They told me, ‘We will have big problems if the FBI is aware about the origin of the algorithm,’ " said Desbois, the Safran subsidiary's former CEO of Russia operations.
“It was always the intonation like we have done something bad that is a secret between us and that we should not repeat it to anybody,” he said.

Desbois has filed a whistleblower lawsuit against Safran in retaliation, alleging the company fraudulently took more than $1 billion from US law enforcement agencies at every level. 

Safran did not deny the existence of Russian code in court filings, according to the report, but instead argued that it is not responsible for the actions of a subsidiary.

The FBI declined to answer questions but issued a statement:

“As is typical for all commercial software that we operate, appropriate security reviews were completed prior to operational deployment,” the statement said.

Earlier in 2017, the Trump administration issued a memo banning all software from another Russian company with alleged links to the Kremlin, Kaspersky Labs, from being used on government computers.

“The Department is concerned about the ties between certain Kaspersky Labs officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky Labs and to intercept communications transiting Russian networks,” the Department of Homeland Security said in September 2017.

The Hill

You Might Also Read:

Kaspersky Says We Can Trust Him:

US launches Code.gov Software Code-sharing Website:

US Police Make Widespread Use Of Facial Recognition Software:

 

« Six Cyber Attacks That Shook 2017
Major Chip Flaws Confirmed »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Morgan Lewis Law

Morgan Lewis Law

Morgan Lewis is an international law firm with offices in North America, Europe, Asia, and the Middle East. Practice areas include Privacy and Cybersecurity.

Vera Security

Vera Security

Vera is a data security platform that provides 360-degree visibility and control over critical business data, anywhere it's shared or stored.

HackCon Norway

HackCon Norway

HackCon is for the people who are interested in technology, psychology, IT and security, and who wants to improve their knowledge within these areas.

OmniNet

OmniNet

OmniNet delivers the next generation of cybersecurity and is the only provider in the market to move the edge of small businesses to a virtual, omnipresent perimeter.

Calian Group

Calian Group

Calian is a diverse Canadian company offering professional services in areas including Advanced Technologies, Health, Learning and IT & Cyber Solutions.

InnoValor

InnoValor

InnoValor realises value from digital innovation for organisations and government. We provide advisory services and develop innovative software solutions, based on our background in research.

ePlus

ePlus

ePlus designs and delivers effective, integrated cybersecurity programs centered on culture and technology, aimed at mitigating business risk and empowering digital transformation.

GlobalPass

GlobalPass

Covering 200+ countries with 78 000 databases, GlobalPass provides sophisticated facial biometrics verification and deep screening, delivering peace of mind to every client.

Resistant AI

Resistant AI

Resistant AI protects against evolving online fraud. We connect the dots to provide a new layer of trust and performance for our clients’ systems.

Intrinium

Intrinium

Intrinium is an Information Technology and Security Solutions company, providing comprehensive consulting and managed services to businesses of all sizes.

Drip7

Drip7

Drip7 is a micro-learning platform that is re-inventing the way companies train their employees and build lasting cultural change around the importance of cybersecurity.

Sec-Ops

Sec-Ops

Sec-Ops is a forward thinking cyber security company, formed by a group of security enthusiasts with years of experience and backgrounds in the technology and the government industries.

Accenture

Accenture

Accenture is a leading global professional services company providing a range of strategy, consulting, digital, technology & operations services and solutions including cybersecurity.

CyberSanctus

CyberSanctus

CyberSanctus provide clients with a variety of pentest plans from the entry level starter plan, which is tailored for personal websites, to enterprise level pentests, tailored for large scale business

Security Compliance Associates (SCA)

Security Compliance Associates (SCA)

The sole focus of SCA is safeguarding critical information and complying with information security regulations.

Cythera

Cythera

Cythera is an Australian cyber security company with in-house cyber security professionals providing world-class cyber protection to medium to large companies all over Australia.