Security Researchers Warn a Widely Used Open Source Tool Poses a ‘Persistent’ Risk to the US

1 comment

1. Since Russian troops invaded [Ukraine](https://www.wired.com/tag/ukraine/) more than three years ago, Russian technology companies and executives have been [widely](https://www.arnoldporter.com/en/perspectives/advisories/2024/06/russias-access-to-it-services-and-software-restricted) %5Bsanctioned%5D(https://www.bbc.co.uk/news/articles/crkx14jykn8o) for supporting the Kremlin. That includes [Vladimir Kiriyenko](https://sanctionssearch.ofac.treas.gov/Details.aspx?id=34596), the son of one of Vladimir Putin’s top aides and the [CEO](https://www.theverge.com/2022/2/26/22951307/us-sanctions-russia-vk-ceo-vladimir-kiriyenko) of VK Group, which runs VK, Russia’s Facebook equivalent that has [increasingly shifted towards the regime’s repressive positioning.](https://www.wired.com/story/vk-russia-democracy/)

   Now cybersecurity researchers are warning that a widely used piece of [open source code](https://www.wired.com/story/wired-guide-open-source-software/)—which is linked to Kiriyenko’s company and managed by Russian developers—may pose a “persistent” national security risk to the United States. The open source software (OSS), called [easyjson](https://github.com/mailru/easyjson), has been widely used by the US Department of Defense and “extensively” across software used in the finance, technology, and healthcare sectors, say researchers at security company Hunted Labs, which is [behind the claims](https://huntedlabs.com/the-russian-open-source-project-that-we-cant-live-without). The fear is that Russia could alter [easyjson](https://en.wikipedia.org/wiki/JSON) to steal data or otherwise be abused.

   Read more: [https://www.wired.com/story/easyjson-open-source-vk-ties/](https://www.wired.com/story/easyjson-open-source-vk-ties/)

Comments are closed.