Russian infosec firm Positive Technologies trying to stay positive after US sanctions

Company insists it's a legit operator that's here to help

Updated Positive Technologies has hit back at the US government's "groundless accusations" that it helped the Russian state carry out cyber attacks against the West – by highlighting how "government agencies of different countries" use its products.

Yesterday the US Treasury declared that Positive was selling weaponised infosec tech to the Russian government and ran recruiting events for state hacking agencies, which some Western news outlets have interpreted as meaning the company's flagship Positive Hack Days events.

Rejecting all this in a lengthy statement posted to its website this afternoon, Positive said: "Our global mission is to create products and technologies to improve cybersecurity around the world and to ensure conditions for the most efficient prevention of cyberattacks for the benefit of society, business, and government agencies."

It also highlighted how "the government agencies of different countries" use its infosec products, a statement that might not be as reassuring as the company hopes if the US denunciation of it is taken at face value.

Positive specialises in mobile network security – a sensitive area likely to be of great interest to any government, let alone one keen on using newly discovered exploits as weapons. Russian digital aggression over the years is well known, while Western reactions to non-Western companies operating on their turf was brought into sharp focus with the anti-Huawei drive over the past few years.


It was Russia wot did it: SolarWinds hack was done by Kremlin's APT29 crew, say UK and US


The MIT Technology Review alleged, citing "previously unreported US intelligence assessments" it had apparently seen, that Positive "develops and sells weaponised software exploits to the Russian government." No proof was offered to back up this claim, much like how the US government strenuously insisted that Huawei was a weaponised arm of the Communist Chinese state.

One could compare Positive to FireEye: both companies are good at what they do and both enjoy close working relationships with their home governments. With Americans now banned from doing business with Positive, it's unclear whether the company's research into Intel and VMware vulns (with a report into the latter being published only this week) will continue to be publicly disclosed.

Positive has a fair-sized presence in the UK; for instance, it listed Sky Mobile, a British MVNO, as a customer. Sky Mobile operates across O2's infrastructure. None of Britain's four main mobile network operators responded, however, when we asked yesterday if they used Positive's products in their networks.

Tony Cole, CTO of Attivo Networks and an Obama-era US cybersecurity policy official, told The Register that the wider effects of the sanctions against Russia were likely to be "minimal" in the short term.

He said: "The impact from all the actions taken by the US government [is] undetermined at this point in time. Although the actions are badly needed by the US and its allies to hopefully counter Russian aggression, many past efforts, sanctions, and plans, have had little impact. Actions by Russian and Chinese state based actors or their proxies (and other nations) have been taking place for many years and efforts in the past to counter them have stuttered, stalled, or just completely failed. A close-knit global effort is required to have an impact on these government actors and entities to stop their IP theft, meddling in elections, and compromising critical infrastructure."

"Unless we are willing to make them an island via isolation," he continued, referring to Russia, "these types of actions will likely continue. The effort from the US government should be applauded for calling them out, however the impact may end up being minimal."

Although the UK and Canada joined America in ticking off Russia for carrying out the SolarWinds attack via the APT29 state-backed hacking crew (aka Russian intelligence), neither Commonwealth nation imposed formal sanctions on the firm. For now, at least, there's still something for Positive to be positive about. ®

Updated to add

Spokespeople for Sky Mobile have been in touch to say it isn't a customer of Positive Technologies, adding: "Positive were involved in a trial scheme for Sky Mobile before the product launched in 2016, and we haven’t worked with them since."

Other stories you might like

  • Prisons transcribe private phone calls with inmates using speech-to-text AI

    Plus: A drug designed by machine learning algorithms to treat liver disease reaches human clinical trials and more

    In brief Prisons around the US are installing AI speech-to-text models to automatically transcribe conversations with inmates during their phone calls.

    A series of contracts and emails from eight different states revealed how Verus, an AI application developed by LEO Technologies and based on a speech-to-text system offered by Amazon, was used to eavesdrop on prisoners’ phone calls.

    In a sales pitch, LEO’s CEO James Sexton told officials working for a jail in Cook County, Illinois, that one of its customers in Calhoun County, Alabama, uses the software to protect prisons from getting sued, according to an investigation by the Thomson Reuters Foundation.

    Continue reading
  • Battlefield 2042: Please don't be the death knell of the franchise, please don't be the death knell of the franchise

    Another terrible launch, but DICE is already working on improvements

    The RPG Greetings, traveller, and welcome back to The Register Plays Games, our monthly gaming column. Since the last edition on New World, we hit level cap and the "endgame". Around this time, item duping exploits became rife and every attempt Amazon Games made to fix it just broke something else. The post-level 60 "watermark" system for gear drops is also infuriating and tedious, but not something we were able to address in the column. So bear these things in mind if you were ever tempted. On that note, it's time to look at another newly released shit show – Battlefield 2042.

    I wanted to love Battlefield 2042, I really did. After the bum note of the first-person shooter (FPS) franchise's return to Second World War theatres with Battlefield V (2018), I stupidly assumed the next entry from EA-owned Swedish developer DICE would be a return to form. I was wrong.

    The multiplayer military FPS market is dominated by two forces: Activision's Call of Duty (COD) series and EA's Battlefield. Fans of each franchise are loyal to the point of zealotry with little crossover between player bases. Here's where I stand: COD jumped the shark with Modern Warfare 2 in 2009. It's flip-flopped from WW2 to present-day combat and back again, tried sci-fi, and even the Battle Royale trend with the free-to-play Call of Duty: Warzone (2020), which has been thoroughly ruined by hackers and developer inaction.

    Continue reading
  • American diplomats' iPhones reportedly compromised by NSO Group intrusion software

    Reuters claims nine State Department employees outside the US had their devices hacked

    The Apple iPhones of at least nine US State Department officials were compromised by an unidentified entity using NSO Group's Pegasus spyware, according to a report published Friday by Reuters.

    NSO Group in an email to The Register said it has blocked an unnamed customers' access to its system upon receiving an inquiry about the incident but has yet to confirm whether its software was involved.

    "Once the inquiry was received, and before any investigation under our compliance policy, we have decided to immediately terminate relevant customers’ access to the system, due to the severity of the allegations," an NSO spokesperson told The Register in an email. "To this point, we haven’t received any information nor the phone numbers, nor any indication that NSO’s tools were used in this case."

    Continue reading

Biting the hand that feeds IT © 1998–2021