FBI fingerprint analysis software was exposed to contain Russian code
According to foreign media reports, according to the document and two sources, the fingerprint analysis software used by the FBI and the 18,000 law enforcement agencies in the United States contains codes developed by Russian companies closely related to the Kremlin. This raises fears that Russian hackers will get sensitive biological information from millions of Americans and may even endanger the broader issue of national security and law enforcement computer systems.
According to sources, the fingerprinting software embedded in the Russian code was developed by a French company that had previously worked for the company. Two sources said the company, a unit of Safran, a large Parisian conglomerate, had deliberately hidden from the FBI its secret deal to buy Russian code.
According to the U.S. authorities, in recent years, Russian hackers have obtained access to non-confidential computers, including the Democratic National Committee’s mail server, the nuclear energy company system, and the U.S. Joint Chiefs of Staff.
In September of this year, the United States Department of Homeland Security ordered all federal agencies to stop using products developed by the Russian company Kaspersky Lab. According to media reports, Russian hackers use the software to steal sensitive information on U.S. intelligence projects. However, Eugene V. Kaspersky, founder of the company, denied the allegation and the company even submitted code for the software and future updates. But even so, the United States still thinks they are not doing enough.
Image: Kaspersky
In response to the latest revelation of fingerprinting software, cybersecurity experts say it will not be possible to assess the dangers posed by Russian code without examining the code itself. Tim Evans, director of operations policy at the elite NSA intelligence service in the United States, said he was nervous about using this software, linked to the FSB.
FBI Fingerprint Identification Technology, released in 2011, is considered as part of the next generation of identification. The U.S. Transportation Security Administration (TSA) also relies on the FBI’s fingerprint database.
The source said in order to win the FBI’s contract, Safran subsidiary Sagem Sécurité changed its name to Morpho. Both of them have worked for Morpho, Philippe Desbois, former head of the company in Russia, and Georges Hala, head of the company’s business development team in Russia.
In addition, Desbois and Hala also provided to the foreign media a copy of the license agreement signed between a French company and Papillon AO, a Russian company, acquired during the Morpho work. The agreement was signed on July 2, 2008, exactly one year before Morpho defeated the world’s largest biometric company. The document grants Sagem Sécurité at that time the power to incorporate the Papillon code into its corporate software and sell the product on its own behalf. In addition, the document states that Papillon will provide Sagem Sécurité with a five-year update and improvement service, which means the contracts between the two parties will expire in 2013. In return, Sagem Sécurité paid Papillon an initial fee of 3.8 million euros, followed by an annual maintenance fee.
In addition, the agreement also stipulates that neither party can disclose any information about the transaction to third parties.
Although both Desbois and Hala did not participate in the work of integrating the Papillon code into the company’s products and selling the products to the FBI, they talked to the engineers involved in the code integration. Desbois said multiple executives told him that the company’s technology products sold to the FBI include the Papillon algorithm.
Reference: ExtremeTech
