The biometric information of millions of Americans might be at the risk of getting compromised after a report claims that fingerprint-analysis software used by thousands of US law enforcement agencies including the FBI contains a code written by a Russian company linked to the Kremlin.
According to a BuzzFeed report, two former employees of a French defence contractor claim the company inserted the Russian-made code into software that was later sold to the Americans without notifying them.
The French company Sagem Sécurité (later renamed Morpho) allegedly inserted the code into the fingerprint software of the FBI and 18,000 other American law enforcement agencies. Morpho is a subsidiary of Safran, a multi-billion dollar aerospace and defence firm.
The revelation has sparked concerns about the sensitive biometric data of millions of Americans being misused by Russian hackers who can even use it to infiltrate the FBI and other agencies' computer systems, compromising national security.
Russia has previously been accused of employing hackers to break into email accounts and computers of senior American officials, including high rankers in the military and intelligence services. However, Russia had denied the allegations.
Technical experts say the extent to which the biometric data of millions of Americans can be compromised is difficult to say without seeing the code's specification.
The former employees claim their company sneaked in the code designed by a Russian firm Papillon AO, an IT company that boasts of its close connections with the Russian Ministry of Internal Affairs as well as the Federal Security Service (FSB) – the successor of the Soviet-era KGB that's been implicated in several hacks of US targets.
The whistleblowers identified as Philippe Debois, former CEO of Morpho's operations in Russia and Georges Hala, who worked for Morpho as part of its business development team in Russia, told BuzzFeed that doing business with Papillon is like working with a subsidiary of the Russian government.
However, Papillon has denied Hala's claim that it is not independent, but BuzzFeed quoted an official Papillon publication which said that 'the company expands its cooperation with "the FBS year by year."
The Russian Internal Affairs Ministry, the FSB and the Russian embassy in Washington, DC, did not respond to BuzzFeed's requests for comment.
Moreover, the FBI and other companies involved in the matter have not yet directly denied that the fingerprint software used by the bureau contains Russian code.
The FBI declined to comment on its fingerprint software's security, however, it did say: "As is typical for all commercial software that we operate, appropriate security reviews were completed prior to operational deployment."
Meanwhile, the US government has been concerned over the use of security software by Russian companies with suspected links to the Kremlin.
The US Department of Homeland Security recently issued a directive ordering civil government agencies to remove Russia-based Kaspersky security software from their computers within 90 days.
Kaspersky has vehemently denied that it is helping Russia to spy on other countries.
Source: BuzzFeed and Reuters