Multiple Western tech giants including Cisco, IBM, Germany's SAP and McAfee are giving in to Russian demands for access to their secret source code for various security products. Since 2014, requests from Russian authorities to review Western tech firms' source code for security products before they are imported and sold in the lucrative Russian market have increased and expanded in scope, Reuters said.
Russia's Federal Security Service (FSB) asked to review products such as firewalls, anti-virus applications and other software containing encryption to make sure there aren't any "backdoors" that would allow them to be used for spying.
Companies that do decline the FSB's source code requests could have their products' approval delayed or denied, according to US trade attorneys and officials.
However, officials and security experts said these reviews could allow Russia to discover vulnerabilities in these products' source code as well.
"It's something we have a real concern about," a former senior Commerce Department official with direct knowledge of interactions between US firms and Russian authorities told Reuters. "You have to ask yourself what it is they are trying to do, and clearly they are trying to look for information they can use to their advantage to exploit, and that's obviously a real problem."
The US has previously accused the FBI of the massive Yahoo email hack in 2014 that affected 500 million users as well as the cyberattacks on Hillary Clinton's presidential campaign in 2016.
However, none of the sources speaking to Reuters cited any specific examples of cyberespionage or cyberattacks that were linked to the FSB's review process.
The reviews, which take place in secure facilities called "clean rooms", are conducted by multiple Russian tech companies on behalf of the Russian authorities. Reuters points out that many of these firms are currently or were previously linked to Russian law enforcement authorities or Russia's military.
Symantec says 'no'
While many companies agree to have their products' source code reviewed in order to gain access to Russia's estimated $18.4bn (£14.4bn) IT industry, Symantec said they are no longer cooperating with the FSB due to security concerns.
Symantec said Moscow-based tech firm Echelon, one of the labs reviewing their source code, "didn't meet our bar" for independence.
"In the case of Russia, we decided the protection of our customer base through the deployment of uncompromised security products was more important than pursuing an increase in market share in Russia," Symantec spokeswoman Kristen Batch said. "It poses a risk to the integrity of our products that we are not willing to accept."
Sources said IBM, Cisco, Hewlett Packard, McAfee and Germany's SAP have allowed Russia to review their products' source codes in secure facilities "where strict procedures are followed" to avoid their code being copied or tampered with.
According to records published by the Federal Service for Technical and Export Control, which also conducts these reviews, it has conducted 28 reviews in the past three years. From 1996 to 2013, it conducted multiple reviews for approvals of 13 technology products from Western firms.
The news comes amid heightened scrutiny and concerns over cyberattacks targeting the US and Europe, many of which Russia has been accused of carrying out. Following the 2016 US presidential election hacks and leaks, the FBI is currently investigating alleged Russian meddling in the election and possible collusion between President Donald Trump's campaign and Moscow.
However, requests to review source code are not exclusive to Russia. China has also requested product source code reviews before they enter the Chinese market as well.
"Some companies do refuse," Roszel Thomsen, a trade attorney that helps US companies deal with Russian import laws, told Reuters. "Others look at the potential market and take the risk."