To maximize sales, technology providers such as SAP, Symantec and McAfee let Russian authorities look for vulnerabilities in their software, thus exposing code that is deeply embedded in US government agencies.
U.S. lawmakers and security experts now believe that the security of computer networks in at least a dozen federal agencies could have been breached.
Products of those companies are currently protecting the following US departments: the Pentagon, NASA, the State Department, the FBI and the intelligence community.
Given the sophistication that Russian cyber experts have shown in the past years, many fear that a complete overhaul of all these programs might be necessary.
In a response letter to Senator Jeanne Shaheen, the Pentagon admitted that source code reviews by Russia and China “may aid such countries in discovering vulnerabilities in those products."
Ms Shaheen claims: "I fear that access to our security infrastructure, whether it be overt or covert, by adversaries may have already opened the door to harmful security vulnerabilities."
Global tech companies that want access to Russia's large market need to seek certification for their products from Russian agencies, and that is where the sticking point lies, as those include both the FSB security service and Russia’s Federal Service for Technical and Export Control (the FSTEC).
Other US companies state they would never let the Russians look at the source code though. Mr Steve Quane, VP for network defense at Trend Micro, provides programs for the US military and claimed that: “Even letting people look at source code for a minute is incredibly dangerous,”
“We know there are people who can do that because we have people like that who work for us.”