Russia’s Open-source Code and Private-sector Cybersecurity Ecosystem

Speaker(s): Sherman, J. (Founder & CEO, Global Cyber Strategies)

Date: 22 February 2023

Speaker Session Summary

SMA hosted a speaker session with Mr. Justin Sherman (Founder & CEO, Global Cyber Strategies) as part of its SMA EUCOM Speaker Series.

Russia and China are using their private sectors to strengthen their cyber defensive and offensive capabilities. Russian and Chinese companies have purposely uploaded flawed code to international communication companies’ open-source coding.. For example, Huawei, China’s large information technology company, has been the largest contributor to Linux code; however, it has uploaded 30 lines of code that exhibit suspicious behavior. Pushwoosh, a company based out of Russia, pretended to be an American company and gained access to the US Army’s security software, and wrote code for its cyber defense. While Russia does not have a telecommunications company the size as Huawei, the Kremlin is very active with its online coding and hacking communities. It is relying on private industry to bolster its defensive and offensive cyber capabilities.

Russian private companies create software for other private entities and Russian government agencies. Positive Technologies (PT), a small Russian cyber company, was founded in 2002 and has grown to play a pivotal role in the creation of Russia’s cyber activities. Positive Technologies has helped the Kremlin recruit hackers by hosting hacking events and conferences. The company itself has grown significantly from a few employees in 2002 to more than 1200 employees in 2021. One such recruiting event, Positive Hack Days, was attended by around 8700 prospective Russian hackers in 2022. These conferences act as a space for many Russian federal organizations, such as the FSB, to recruit hackers and spread nationalistic rhetoric about how Russia is persecuted by Western countries, especially the US. 

Speaker Session Recording

Briefing Materials

Mr. Justin Sherman is the founder and CEO of Global Cyber Strategies, a Washington, DC-based research and advisory firm focused on technology, policy, and geopolitics. He is also a senior fellow at Duke University’s Sanford School of Public Policy, where he leads its data brokerage research project and lectures on cybersecurity, privacy, and technology policy; and a nonresident fellow at the Atlantic Council. He works with Margin Research‘s team on research concerning foreign open-source code, cyber capability development, and hacker communities.

Justin has testified to Congress, spoken widely, written hundreds of articles and numerous reports, and briefed and advised senior officials in the US and around the world on technology, policy, and geopolitics topics, including with a focus on Russian cyber and information strategy and operations, the Russian technology ecosystem, and Kremlin internet control. He was previously, among others, a fellow at Stanford University’s US-Russia Forum, where he participated in Track II dialogues with Russian counterparts on international security issues. His background is in computer science, political science, and international relations.