Russian Hackers Could Potentially Be Stealing Your Biometric Data
A French company secretly included Russian code in biometric software used by the FBI and other law enforcement agencies.
Fingerprint analysis software used by the FBI, TSA and thousands of other U.S. law enforcement agencies could potentially give backdoor access to sensitive biometric information on millions of Americans to Russian hackers, according to a report by BuzzFeed.
Russian code was inserted into the fingerprint analysis software by a French company, Sagem Sécurité, later renamed Morpho, according to two whistleblowers who were former employees of the company.
They also say the company deliberately concealed from the FBI the fact that it had purchased the Russian code in a secret deal.
Papillon AO, the Russian company whose code ended up in the FBI’s fingerprint analysis software, has Kremlin connections. The company boasts in its literature about its close cooperation with the Federal Security Service, Ministry of the Interior, Ministry of Defense and Ministry of Justice of Russia.
Cybersecurity experts admit that the dangers of using the Russian-made code couldn’t be determined without examining the code itself.
But “the fact that there were connections to the FSB would make me nervous to use this software,” says Tim Evans, the former head of operational policy for the National Security Agency’s cyberintelligence unit who now helps run cybersecurity firm Adlumin.
According to the whistleblowers, Sagem Sécurité licensed the Papillon technology to improve the performance of its own software. Sagem Sécurité paid $6 million plus annual fees for the technology.
In the contract, Papillon says that to its knowledge, the software does not contain any “undisclosed ‘back door,’ ‘time bomb,’ ‘drop dead,’ or other software routine designed to disable the software automatically with the passage of time or under the positive control of any person” or any “virus, ‘Trojan horse,’ ‘worm,’ or other software routines or hardware components designed to permit unauthorized access, to disable, erase, or otherwise harm the software, hardware, or data.”
BuzzFeed spoke to several other former Morpho employees who said they had no idea about he contract.
“Personally, it would have concerned me a little bit,” says Phillip Moore, who worked as an account manager and sales manager. It would have raised “basic trust issues with what they would supply us.”
You can read the extensive full report here.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!
Related Content
Security Is Our Business, Too
For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Commercial Integrator + Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add to your bottom line.
A FREE subscription to the top resource for security and integration industry will prove to be invaluable.
