The billion dollar Russian cyber company that the US says is hacking Moscow

The public side of Positive is like many cybersecurity companies: staff review high-tech security, post research on new threats, and even have cute desk signs that say “Stay positive!” hanging over their desks. The company is open to some of its ties to the Russian government and has 18 years of defensive cybersecurity expertise, including a two-decade relationship with the Russian Defense Ministry. But according to previously unreported US intelligence assessments, it also develops and sells armed software exploits to the Russian government.

One area that has stood out is the company’s work on SS7, a technology essential for global telephone networks. During a public demonstration for Forbes, Positive has shown how it can bypass encryption by exploiting weaknesses in SS7. Privately, the United States concluded that Positive not only discovered and made public the flaws in the system, but also developed offensive hacking capabilities to exploit the security flaws which were then used by the intelligence services. Russians in cyber campaigns.

Much of what Positive does for Russian government hacking operations is similar to what US security contractors do for US agencies. But there are major differences. A former US intelligence official, who requested anonymity because they are not authorized to discuss classified documents, described the relationship between companies like Positive and their Russian intelligence counterparts as “complex” and even “abusive. “. The pay is relatively low, the demands are one-sided, the power dynamics are biased, and the implicit threat of non-cooperation can be significant.

Close working relationships

U.S. intelligence agencies have long concluded that Positive also conducts hacking operations itself, with a large team authorized to conduct its own cyber campaigns as long as they are in Russia’s national interest. Such practices are illegal in the Western world: U.S. private military contractors are under the direct, day-to-day management of the agency they work for during cyber contracts.

Former US officials say there is a close working relationship with Russian intelligence agency FSB which includes exploit discovery, malware development and even reverse engineering of cyber capabilities used by countries Westerners like the United States against Russia itself.

The company’s flagship annual event, Positive Hack Days, has been described in recent US sanctions as “recruiting events for the FSB and GRU”. The event has long been famous for being frequented by Russian agents.

Positive did not respond to a request for comment.

Tit for tat

Thursday’s announcement is not the first time that Russian security firms have come under scrutiny.

Russia’s largest cybersecurity company, Kaspersky, has come under fire for years for its dealings with the Russian government – ending up being banned from U.S. government networks. Kaspersky has always denied a special relationship with the Russian government.

But one factor that sets Kaspersky apart from Positive, at least in the eyes of U.S. intelligence officials, is that Kaspersky sells antivirus software to Western companies and governments. There are few better intelligence gathering tools than an antivirus, software specially designed to see everything that is happening on a computer and which can even take control of the machines it occupies. American officials believe Russian hackers have used Kaspersky software to spy on Americans, but Positive – a small company selling different products and services – has no equivalent.

The recent sanctions are the latest step in a tit for tat between Moscow and Washington over escalating cyber operations, including the Russian-sponsored SolarWinds attack against the United States, which led to the hacking of nine federal agencies over an extended period of time. Earlier this year, the acting head of the U.S. cybersecurity agency said recovery from this attack could take at least 18 months in the United States.