The US says hacks for Moscow are a $ 1 billion Russian cyber company
[ad_1]
Positive’s public side is like that of many cybersecurity companies: employees study high-tech security, publish research on new threats, and even “stay positive!” hanging on their tables. The company is open about some of its ties to the Russian government, and has an 18-year track record specializing in defensive cybersecurity, including a two-decade relationship with the Russian Ministry of Defense. According to previously unannounced U.S. intelligence assessments, the Russian government is also developing and selling exploits of armed software.
The area highlighted is the company’s work on SS7, a key technology for global telephone networks. In a public demonstration Forbes, Positive has shown how encryption can be avoided by exploiting the vulnerabilities of SS7. Privately, the U.S. has concluded that Positive not only discovered and disclosed system flaws, but also developed offensive hacking capabilities to exploit the security holes then used by Russian intelligence in cyber campaigns.
Much of what Positive does in Russian government hacking operations is similar to what U.S. security contracts do to U.S. agencies. But there are big differences. A former U.S. intelligence official, who asked for anonymity because he was not allowed to discuss the classified material, said the relationship between companies like Positive and members of Russia’s intelligence is “complex” and “abusive.” Wages are relatively low, demands are unilateral, power dynamics are poor, and the implicit threat of non-cooperation can be high.
Close working relationship
American intelligence agencies have long concluded that Positive also conducts real hacking operations, allowing a large group to conduct its own cyber campaigns, as long as it is in Russia’s national interest. Such practices are illegal in the western world: private U.S. military contractors manage the agency that works on cyber contracts on a daily and direct basis.
Former U.S. officials say there is a close working relationship with the Russian intelligence agency FSB, which is exploitative detection, malware development, and even reverse engineering of cyber capabilities used by the United States like Russia against Russia itself.
The latest U.S. sanctions said the company’s annual ceremony, the Positive Hack Days, was a “hiring of events for the FSB and GRU”. It has been a famous event for a long time often Russian agents.
Rob Joyce, the NSA’s cybersecurity director, said the sanctioned companies “provide a wide range of services to SVR, specializing in the development of tools, the provision of infrastructure, and sometimes support operational activities.” reported.
One day after the penalties were announced, Positive a statement Denying “baseless accusations” from the US. He noted that there is no “evidence” that has been done wrong and offers all the vulnerabilities to software vendors “without exception”.
Tit for tat
Thursday’s announcement is not the first time Russian security companies have been examined.
Russia’s largest cybersecurity company, Kaspersky, has been under fire for years for its ties to the Russian government – which has finally been banned from US government networks. Kaspersky has always denied having a special relationship with the Russian government.
But one factor that distinguishes Kaspersky from Positive, at least in the face of U.S. intelligence officials, is that Kaspersky sells anti-virus software to Western companies and governments. There are better intelligence collection tools than anti-virus ones, it can also take software designed to see everything that happens on your computer and take control of the machines it occupies. U.S. officials sinetsi Russian hackers have used Kaspersky software to spy on Americans, but Positive – a smaller company that sells various products and services – has no equivalent.
Final sanctions are the latest step in actions between Moscow and Washington over increased cyber operations, including those backed by Russia SolarWinds attack Against the US, nine federal agencies were hacked for a long time. Earlier this year, the acting head of the U.S. cybersecurity agency said the U.S. would need at least 18 months to recover from the attack.
[ad_2]
Source link