Cyber Security? That Is a Good Question

November 25, 2022

This is not ideal. We learn from Yahoo Finance, “Russian Software Disguised as American Finds Its Way into U.S. Army, CDC Apps.” Reuters journalists James Pearson and Marisa Taylor report:

“Thousands of smartphone applications in Apple and Google’s online stores contain computer code developed by a technology company, Pushwoosh, that presents itself as based in the United States, but is actually Russian, Reuters has found. The Centers for Disease Control and Prevention (CDC), the United States’ main agency for fighting major health threats, said it had been deceived into believing Pushwoosh was based in the U.S. capital. After learning about its Russian roots from Reuters, it removed Pushwoosh software from seven public-facing apps, citing security concerns. The U.S. Army said it had removed an app containing Pushwoosh code in March because of the same concerns. That app was used by soldiers at one of the country’s main combat training bases. According to company documents publicly filed in Russia and reviewed by Reuters, Pushwoosh is headquartered in the Siberian town of Novosibirsk, where it is registered as a software company that also carries out data processing. … Pushwoosh is registered with the Russian government to pay taxes in Russia. On social media and in U.S. regulatory filings, however, it presents itself as a U.S. company, based at various times in California, Maryland and Washington, D.C., Reuters found.”

Pushwoosh’s software was included in the CDC’s main app and that share information on health concerns, including STDs. The Army had used the software in an information portal at, perhaps among other places, its National Training Center in California. Any data breach there could potentially reveal upcoming troop movements. Great. To be clear, there is no evidence data has been compromised. However, we do know Russia has a pesky habit of seizing any data it fancies from companies based within its borders.

Other entities apparently duped by Pushwoosh include the NRA, Britain’s Labor Party, large companies like Unilever, and makers of many items on Apple’s and Google’s app stores. The article includes details on how the company made it look like it was based in the US and states the FTC has the authority to prosecute those who engage in such deceptive practices. Whether it plans to bring charges is yet to be seen.

Cynthia Murrell, November 25, 2022

Written by Stephen E. Arnold · Filed Under cybersecurity, Government, News

Comments

Comments are closed.

Search the site
Subscribe to Beyond Search
Feature archive
News archive

Stephen E. Arnold monitors search, content processing, text mining and related topics from his high-tech nerve center in rural Kentucky. He tries to winnow the goose feathers from the giblets. He works with colleagues worldwide to make this Web log useful to those who want to go "beyond search". Contact him at sa [at] arnoldit.com. His Web site with additional information about search is arnoldit.com.