US government agency ‘deceived’ by Russian firm – Reuters
The US Center for Disease Control and Prevention (CDC) has removed a Russian software company's code from seven public apps, citing security concerns following an investigation, Reuters has reported.
The US health agency claims the company, which is called Pushwoosh, “presents a potential security concern” due to its Russian origin. CDC spokeswoman Kristen Nordlund said the firm misled the CDC into believing that it was based in the Washington, DC area.
Pushwoosh offers clients a communication platform that automates marketing campaigns and customer support by delivering messages across various devices and platforms. On its website, it claims to have 10 years of experience and over 80,000 clients worldwide.
According to Reuters, code created by the firm has been embedded into almost 8,000 apps in the Google and Apple app stores. The British news agency found no evidence that the company – which is headquartered in the Russian city of Novosibirsk – had mishandled user data in any way. But it implied that the Russian government may pressure Pushwoosh into doing so.
“Washington could choose to impose sanctions on Pushwoosh and has broad authority to do so, sanctions experts said, including possibly through a 2021 executive order that gives the United States the ability to target Russia’s technology sector over malicious cyber activity,” the report noted.
Reuters claimed that the firm was obfuscating its Russian origin and even used fake Linkedin profiles to find customers. The US Army told the agency that it had also removed an app using Pushwoosh code in March over security concerns. It assured that it had suffered no “operational loss of data” through using the app.
Pushwoosh founder Max Konev told Reuters in a September email that he was “proud to be Russian” and would “never hide” that. He insisted the company had “no connection” with the Russian government of any kind and stored its data in the US and Germany.