Western technology companies, including Cisco, IBM and SAP, are acceding to demands by Moscow for access to closely guarded product security secrets, at a time when Russia has been accused of a growing number of cyberattacks on the West, a Reuters investigation has found.
Russian authorities are asking Western tech companies to allow them to review source code for security products such as firewalls, anti-virus applications and software containing encryption before permitting the products to be imported and sold in the country. The requests, which have increased since 2014, are ostensibly done to ensure foreign spy agencies have not hidden any "back doors" that would allow them to burrow into Russian systems.
But those inspections also provide the Russians an opportunity to find vulnerabilities in the products' source code — instructions that control the basic operations of computer equipment — current and former U.S. officials and security experts said.