FBI
The FBI reportedly purchased biometric data from a French firm, which contains code created by a Russian company with close ties to the Kremlin YURI GRIPAS/AFP/Getty Images

Millions of American citizens' biometric data may be at risk of being hacked as biometric software that is currently being used by the FBI, the Transportation Security Administration (TSA) and over 18,000 other US law enforcement agencies reportedly contains an algorithm that was created by a Russian firm with close ties to the Kremlin.

According to a report by Buzzfeed, the Russian code was secretly purchased by a French company called Sagem Sécurité — later renamed Morpho, which supplied the FBI the biometric software without disclosing that the code was originally created by a Russian company called Papillon.

Citing two whistleblowers — French nationals who worked at Morpho, Buzzfeed reported that concerns should be raised about national security, given Papillon's close ties to the Kremlin. The Russian firm reportedly boasted in its marketing materials of having worked with various Kremlin agencies, including the Federal Security Service (FSB), which is a successor of the KGB.

According to Buzzfeed, the connection raises concerns about Russian hackers possibly gaining backdoor access to the FBI and to sensitive biometric data of millions of Americans, which could be compromising to national security.

"The fact that there were connections to the FSB would make me nervous to use this software," Tim Evans, former director of operational policy for the National Security Agency's elite hacking unit known as Tailored Access Operations (TAO), told Buzzfeed.

According to a 2008 contract reviewed by Buzzfeed, the code Papillon sold to Morpho does not contain any backdoor or malware-like capabilities that could allow unauthorised access to gather, erase or otherwise compromise the software, data or the hardware.

Papillon reportedly denied the existence of a backdoor and the FBI said that any software it purchases is thoroughly scrutinised before it is implemented.

The report comes amid escalating tensions between Russia and the US, following a year full of disclosures about Russia's extensive and exhaustive attempts to hack numerous targets in the country.