Over the last couple of weeks, thereâ€™s been a disturbing trend of governments demanding that private tech companies share their source code if they want to do business. Now, the US government is giving the same ultimatum and itâ€™s getting what it wants.
Another major cyberattack is quickly spreading across Europe and has now infected systems in the US â€¦
On Sunday, the CEO of security firm Kaspersky Labs, Eugene Kaspersky, told the Associated Press that heâ€™s willing to show the US government his companyâ€™s source code. â€œAnything I can do to prove that we donâ€™t behave maliciously I will do it,â€ Kaspersky said while insisting that heâ€™s open to testifying before Congress as well.
The companyâ€™s willingness to share its source code comes after a proposal was put forth in the Senate that â€œprohibits the [Defense Department] from using software platforms developed by Kaspersky Lab.â€ It goes on to say, â€œThe Secretary of Defense shall ensure that any network connection between â€¦ the Department of Defense and a department or agency of the United States Government that is using or hosting on its networks a software platform [associated with Kaspersky Lab] is immediately severed.â€
Jeanne Shaheen, a New Hampshire Democrat tells ABC News, that there is â€œa consensus in Congress and among administration officials that Kaspersky Lab cannot be trusted to protect critical infrastructure.â€ The fears follow years of suspicion from the FBI that Kaspersky Labs is too close to the Russian government. The company is based in Russia but has worked with both Moscow and the FBI in the past, often serving as a go-between to help the two governments cooperate. â€œAs a private company, Kaspersky Lab has no ties to any government, and the company has never helped, nor will help, any government in the world with its cyberespionage efforts,â€ an official statement from Kaspersky Labs reads.
The proposal prompted an official response from Russian Communications Minister Nikolay Nikiforov. He warned that any â€œunilateral political sanctionsâ€ would prompt retaliation from Russia. He emphasized that his government uses â€œa huge proportion of American software and hardware solutions in the IT sphere, even in very sensitive areas.â€
The fight over source code comes at a moment when Americans are deeply distrustful of the Russian government. The Russians alleged involvement in the hacking of the 2016 election combined with numerous suspicious ties to our presidentâ€™s campaign has everyone on edge. But setting the precedent of gaining trust through source code access is dangerous, as is capitulating to those demands.
Russia has been making the same requests of private companies recently. Major technology companies like Cisco, IBM, Hewlett Packard Enterprise, McAfee, and SAP have agreed to give the Russian government access to â€œcode for security products such as firewalls, anti-virus applications and software containing encryption,â€ according to Reuters. Security firm Symantec pointedly refused to cooperate with Russian demands last week. â€œIt poses a risk to the integrity of our products that we are not willing to accept,â€ a Symantec spokesperson said in a statement.
The risks are the same whether itâ€™s the US or Russia being given access to source code. It gives these governments an opportunity to locate security vulnerabilities that they might not be able to find otherwise. Obviously, Russia has been accused of numerous cyberattacks lately, including the Yahoo email breach and the hacking of the DNC. But the US also hoarded security vulnerabilities for years to use as cyberweapons. Recent global outbreaks in ransomware have been traced back to tools from the NSA that were leaked by a group known as the Shadow Brokers. In a statement following the WannaCry ransomware attacks, Microsoft said â€œan equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen.â€ Itâ€™s obvious that the US canâ€™t be trusted with this knowledge and companies shouldnâ€™t help them gain it.
Lawmakers have every right to worry about Kaspersky Labsâ€™ products being used on official government systems. If they have some sort of knowledge that we donâ€™t, they should cut ties. But setting this sort of precedent is not a good sign. Kaspersky agreeing to the demand is not a good sign. Numerous western companies doing the same for Russia is not a good sign.
In the same way that experts say that you shouldnâ€™t pay the ransom when hit by ransomware, tech companies need to block this coercion before it gets out of control.
from Gizmodo http://ift.tt/2tFmIEO