(Ezekiel Loseke, Headline USA) Hidden Russian code was discovered in apps used by the Centers for Disease Control and Prevention and the U.S. Army, as well in thousands of apps in Google and Apple digital products.
The code was the product of a Russian company named Pooshwush that identified itself as a firm located in either Washington D.C., California or Maryland but was, in fact, a Siberian company, according to Reuters.
Max Konev, the founder of Pushwoosh, denied hiding his company’s identity. He told Reuters, “I am proud to be Russian and I would never hide this.”
Pushwoosh published a statement denying deceptive practices, claiming it is “a privately held C-Corp company incorporated under the state laws of Delaware, USA. Pushwoosh Inc. was never owned by any company registered in the Russian Federation.”
Reuters asked for verification of these facts from the company but has not received confirmation.
Security researcher Zach Edwards, of the nonprofit Internet Safety Labs, explained the concern over Pushwoosh’s data compared to American big tech companies.
“The data Pushwoosh collects is similar to data that could be collected by Facebook, Google or Amazon,” he said. “The difference is that all the Pushwoosh data in the U.S. is sent to servers controlled by a company (Pushwoosh) in Russia.”
The U.S. Army used this application as an information portal on a base utilized for deployment preparations, according to Legal Insurrection. This means, of course, that data stolen from this application could leak U.S. Army troop movements and strategies utilized on the battlefield.
The Army reported removing the app in March for “security concerns.” Bryce Dubee, a spokesperson for the U.S. Army, said the Army experienced no “operational loss of data.”
After the Reuters story was published, the CDC applications were removed.
As was noted of a similar event with the company SolarWinds, this act of espionage is “like finding a burglar in your home that has been living in your house for [an unknown number] of months.”
