The $ 1 billion Russian cyber company that the US hacked for Moscow


The public side of Positive is like many cybersecurity companies: employees deal with high-tech security, publish research on new threats, and even have cute office signs that say, “Stay Positive!” hanging over their desks. The company is open to some of its ties with the Russian government and has 18 years of defensive cybersecurity experience, including a two-decade relationship with the Russian Ministry of Defense. However, according to estimates by the US secret service that have not yet been reported, weapons-based software exploits are also being developed and sold to the Russian government.

One area that stands out is the company’s work on SS7, a technology that is critical to global telephone networks. In a public demonstration for Forbes, Positive showed how it can bypass encryption by exploiting vulnerabilities in SS7. In private, the US has come to the conclusion that Positive has not only discovered and made known errors in the system, but has also developed offensive hacking functions in order to exploit security holes, which the Russian secret service then used in cyber campaigns.

Much of what positive is doing for the Russian government’s hacking operations is similar to what American security companies are doing for US authorities. However, there are big differences. A former American intelligence official, who asked for anonymity because he was not authorized to discuss classified material, described the relationship between companies like Positive and their Russian intelligence counterparts as “complex” and even “abusive”. Pay is relatively low, demands are one-sided, power dynamics are skewed, and the implicit threat to non-cooperation can be great.

Close working relationship

American intelligence agencies have long come to the conclusion that Positive is also involved in hacking operations. A large team is allowed to carry out its own cyber campaigns, as long as this is in Russia’s national interest. Such practices are illegal in the western world: American private military contractors are under the direct and daily management of the agency they work for under cyber contracts.

The US secret service has come to the conclusion that Positive not only discovered and published flaws, but also developed offensive hacking functions to exploit the vulnerabilities found

Former US officials say there is a close working relationship with the Russian intelligence agency, FSB, which includes the discovery of exploits, the development of malware, and even the reverse engineering of cyber skills used by Western nations like the US against Russia itself become.

The company’s annual event, Positive Hack Days, has been described in recent US sanctions as “FSB and GRU recruiting events.” The event has long been known to be frequented by Russian agents.

Positive did not respond to a request for comment.

Tit for tat

Thursday’s announcement is not the first time Russian security companies have been scrutinized.

Russia’s largest cybersecurity company, Kaspersky, has been under fire for years for its ties with the Russian government – after all, it was banned from US government networks. Kaspersky has always denied a special relationship with the Russian government.

One factor that sets Kaspersky apart from positives, at least in the eyes of American intelligence officials, is that Kaspersky sells antivirus software to Western companies and governments. There are few better information gathering tools than an antivirus, software purposely designed to see everything on a computer and even take control of the computers it occupies. US officials believe Russian hackers used Kaspersky software to spy on Americans, but Positive – a smaller company that sells various products and services – has no equivalent.

The recent sanctions are the latest move between Moscow and Washington over escalating cyber operations, including the Russia-sponsored SolarWinds attack against the US that resulted in nine federal agencies being hacked over a long period of time. Earlier this year, the acting head of the US cybersecurity agency said it could take the US at least 18 months to recover from this attack.


Steven Gregory