Russian infosec firm Positive Technologies trying to stay positive after US sanctions

Company insists it's a legit operator that's here to help

Updated Positive Technologies has hit back at the US government's "groundless accusations" that it helped the Russian state carry out cyber attacks against the West – by highlighting how "government agencies of different countries" use its products.

Yesterday the US Treasury declared that Positive was selling weaponised infosec tech to the Russian government and ran recruiting events for state hacking agencies, which some Western news outlets have interpreted as meaning the company's flagship Positive Hack Days events.

Rejecting all this in a lengthy statement posted to its website this afternoon, Positive said: "Our global mission is to create products and technologies to improve cybersecurity around the world and to ensure conditions for the most efficient prevention of cyberattacks for the benefit of society, business, and government agencies."

It also highlighted how "the government agencies of different countries" use its infosec products, a statement that might not be as reassuring as the company hopes if the US denunciation of it is taken at face value.

Positive specialises in mobile network security – a sensitive area likely to be of great interest to any government, let alone one keen on using newly discovered exploits as weapons. Russian digital aggression over the years is well known, while Western reactions to non-Western companies operating on their turf was brought into sharp focus with the anti-Huawei drive over the past few years.


It was Russia wot did it: SolarWinds hack was done by Kremlin's APT29 crew, say UK and US


The MIT Technology Review alleged, citing "previously unreported US intelligence assessments" it had apparently seen, that Positive "develops and sells weaponised software exploits to the Russian government." No proof was offered to back up this claim, much like how the US government strenuously insisted that Huawei was a weaponised arm of the Communist Chinese state.

One could compare Positive to FireEye: both companies are good at what they do and both enjoy close working relationships with their home governments. With Americans now banned from doing business with Positive, it's unclear whether the company's research into Intel and VMware vulns (with a report into the latter being published only this week) will continue to be publicly disclosed.

Positive has a fair-sized presence in the UK; for instance, it listed Sky Mobile, a British MVNO, as a customer. Sky Mobile operates across O2's infrastructure. None of Britain's four main mobile network operators responded, however, when we asked yesterday if they used Positive's products in their networks.

Tony Cole, CTO of Attivo Networks and an Obama-era US cybersecurity policy official, told The Register that the wider effects of the sanctions against Russia were likely to be "minimal" in the short term.

He said: "The impact from all the actions taken by the US government [is] undetermined at this point in time. Although the actions are badly needed by the US and its allies to hopefully counter Russian aggression, many past efforts, sanctions, and plans, have had little impact. Actions by Russian and Chinese state based actors or their proxies (and other nations) have been taking place for many years and efforts in the past to counter them have stuttered, stalled, or just completely failed. A close-knit global effort is required to have an impact on these government actors and entities to stop their IP theft, meddling in elections, and compromising critical infrastructure."

"Unless we are willing to make them an island via isolation," he continued, referring to Russia, "these types of actions will likely continue. The effort from the US government should be applauded for calling them out, however the impact may end up being minimal."

Although the UK and Canada joined America in ticking off Russia for carrying out the SolarWinds attack via the APT29 state-backed hacking crew (aka Russian intelligence), neither Commonwealth nation imposed formal sanctions on the firm. For now, at least, there's still something for Positive to be positive about. ®

Updated to add

Spokespeople for Sky Mobile have been in touch to say it isn't a customer of Positive Technologies, adding: "Positive were involved in a trial scheme for Sky Mobile before the product launched in 2016, and we haven’t worked with them since."

Other stories you might like

  • GPL legal battle: Vizio told by judge it will have to answer breach-of-contract claims
    Fine-print crucially deemed contractual agreement as well as copyright license in smartTV source-code case

    The Software Freedom Conservancy (SFC) has won a significant legal victory in its ongoing effort to force Vizio to publish the source code of its SmartCast TV software, which is said to contain GPLv2 and LGPLv2.1 copyleft-licensed components.

    SFC sued Vizio, claiming it was in breach of contract by failing to obey the terms of the GPLv2 and LGPLv2.1 licenses that require source code to be made public when certain conditions are met, and sought declaratory relief on behalf of Vizio TV owners. SFC wanted its breach-of-contract arguments to be heard by the Orange County Superior Court in California, though Vizio kicked the matter up to the district court level in central California where it hoped to avoid the contract issue and defend its corner using just federal copyright law.

    On Friday, Federal District Judge Josephine Staton sided with SFC and granted its motion to send its lawsuit back to superior court. To do so, Judge Staton had to decide whether or not the federal Copyright Act preempted the SFC's breach-of-contract allegations; in the end, she decided it didn't.

    Continue reading
  • US brings first-of-its-kind criminal charges of Bitcoin-based sanctions-busting
    Citizen allegedly moved $10m-plus in BTC into banned nation

    US prosecutors have accused an American citizen of illegally funneling more than $10 million in Bitcoin into an economically sanctioned country.

    It's said the resulting criminal charges of sanctions busting through the use of cryptocurrency are the first of their kind to be brought in the US.

    Under the United States' International Emergency Economic Powers Act (IEEA), it is illegal for a citizen or institution within the US to transfer funds, directly or indirectly, to a sanctioned country, such as Iran, Cuba, North Korea, or Russia. If there is evidence the IEEA was willfully violated, a criminal case should follow. If an individual or financial exchange was unwittingly involved in evading sanctions, they may be subject to civil action. 

    Continue reading
  • Meta hires network chip guru from Intel: What does this mean for future silicon?
    Why be a customer when you can develop your own custom semiconductors

    Analysis Here's something that should raise eyebrows in the datacenter world: Facebook parent company Meta has hired a veteran networking chip engineer from Intel to lead silicon design efforts in the internet giant's infrastructure hardware engineering group.

    Jon Dama started as director of silicon in May for Meta's infrastructure hardware group, a role that has him "responsible for several design teams innovating the datacenter for scale," according to his LinkedIn profile. In a blurb, Dama indicated that a team is already in place at Meta, and he hopes to "scale the next several doublings of data processing" with them.

    Though we couldn't confirm it, we think it's likely that Dama is reporting to Alexis Bjorlin, Meta's vice president of infrastructure hardware who previously worked with Dama when she was general manager of Intel's Connectivity group before serving a two-year stint at Broadcom.

    Continue reading

Biting the hand that feeds IT © 1998–2022