Fingerprint analysis software used by the FBI and many law enforcement agencies may contain code created by a Kremlin-linked Russian entity, according to whistleblowers and related documents. The revelation, assuming it is correct, raises questions about whether US officials have been using software compromised by Russian code, the latest in a growing number of cyber issues related to the nation. This follows Facebook’s own disclosure revealing extensive Russian propaganda on the social network aimed at manipulating the 2016 election.
The info comes from whistleblowers speaking to Buzzfeed, which reports that the fingerprint analysis software is used by more than 18,000 law enforcement agencies throughout the US, in addition to the FBI. Some of the software’s code was reportedly created by a Russian entity said to have “close ties” with the Kremlin, raising security concerns.
The code made its way into the software through a French company, allegedly, that bought it from the Russian firm but hid that fact from the FBI. The code purchase is described as having been a “secret deal” between the two, potentially giving Russian hackers backdoor access to a huge trove of fingerprint data on Americans.
The whistleblowers claim that the Russian firm is Papillon AO, which has previously revealed that it works closely with Russia’s FSB. Buzzfeed says it reviewed a licensing agreement between both companies (Russian and French) that is dated 2008 and gives the French company permission to put the Russian code in its software.
One whistleblower reportedly said that some major company officials had repeatedly stressed that the agreement between the two firms had to remain secret to avoid jeopardizing US contracts. For its part, the FBI made a canned statement saying that third-party software like this is subjected to a security review before being used.