Jihadist groups, corrupt Middle Eastern governments, Al-Qaeda and even the anti-American forces in Iraq and Afghanistan regularly use U.S. technology to repress citizens and conduct terror campaigns, security experts told FoxNews.com. Read more
Jihadist groups, corrupt Middle Eastern governments, Al-Qaeda and even the anti-American forces in Iraq and Afghanistan regularly use U.S. technology to repress citizens and conduct terror campaigns -- and there's little we can do about it.
Californian company Internet Brands makes the group-discussion service vBulletin. Security consult Jeff Bardin told FoxNews.com that over 10,000 jihad groups around the world use it to plan strategies and recruit members.
According to a recent Wall Street Journal report, web-filtering technology from Websense was used in Yemen to monitor citizens, until the company caught on and yanked it away. And Bahrain, which uses McAfee's SmartFilter product, plans to switch to Palo Alto Networks' software to prevent freedom-seekers from bypassing censorship.
Websense strongly disagrees with that statement, noting a policy against government-imposed censorship.
None of these U.S. companies are specifically to blame -- once a program is in the wild, anyone can buy it and use it. However, there are few (if any) safeguards to monitor how U.S.-made technology is used.
“We are putting virtual weapons out there with the source code -- and we make it widely available,” Bardin told FoxNews.com. Formerly an Arabic linguist for the U.S. Air Force and currently a consultant for security analysis group Treadstone 71, Bardin said rogue groups use software from such well-known American companies as Kaspersky Labs, Microsoft, Adobe, Google, and others.
Internet Brands is aware of the misuse of its products, of course. The company told FoxNews.com that its license agreement clearly forbids such activity -- yet the company's hands are tied.
"As software providers, vBulletin's capacity to monitor content on the Internet is limited, particularly on websites using illegal, unlicensed copies of vBulletin," a spokesman said. "vBulletin -- along with our parent company Internet Brands -- in no way condones terrorist activity and cooperates fully with law enforcement agencies on any investigation it can be of help on."
Kaspersky Lab said there is a global marketplace for software, piracy is rampant, and Internet downloads make it easy for anyone to obtain the company's security wares. Symantec, Microsoft, Facebook, and other U.S. technology companies did not respond in time for this report or said “no comment” about foreign use of their code.
It’s no secret that the United States is a world leader in technology -- we export our ingenuity more than any other product or service. Yet this same tech too often falls into the wrong hands.
"It's good stuff, and it's on the open market," John Hemry, a retired Navy office and popular book author, told FoxNews.com. "We know from open source reporting that insurgents in Iraq used off-the-shelf software to hack into video feeds from U.S. surveillance drones," he said.
“It is absolutely no secret that items intended for U.S. forces in Afghanistan and Iraq have been found in quantity in the black market there and elsewhere,” Hemry told FoxNews.com. “That happens when you have local contractors and sub-contractors doing the job instead of your own military personnel.”
But how to prevent that? One company that seems to have answered the wake-up call is McAfee. Bardin agreed that he has not seen jihadist use of McAfee software recently.
“Steps [have been taken] to include an aggressive geo-location search that disables evaluation licenses in international regions subject to U.S. embargoes and/or trade sanctions,” Joris Evers, a McAfee spokesperson, told FoxNews.com.
Monitoring to prevent abuse by terrorists and repressive regimes seems like a solution. But it presents new issues -- and could even lead to abuse, Hemry said.
"The solution may be far worse than the existing problem, because dictatorial regimes could use that same monitoring and compliance capability to gain even better control over what users do on their computers," he worried.
Policy versus practice
Many of the U.S. companies fueling repression overseas have official policies outlawing such usage.
Websense policy states it "does not sell to governments or Internet Service Providers (ISPs) that are engaged in government-imposed censorship." But the Wall Street Journal revealed that the company has sold its Web-filtering technology in Yemen, where it has been used to block online tools that let people disguise their identities from government monitors.
A spokesman for ESET described a similar policy for that company. Christopher Dale told FoxNews.com that "ESET does not sell or distribute to any country under U.S. technology embargo -- and definitely not to Iran."
Yet preventing piracy or smuggling is serious challenge, especially in the world of software. "It is quite challenging to stop illegal distribution of software," he acknowledged.
Benjamin Wright, an attorney and instructor with the security training group SANS Institute, said the U.S. government could consider penalizing a U.S. tech firm if it lets technology end up in the wrong hands. Public opinion could also force a company into action, he said.
But in the end, the only practical solution may be to try to gain the cooperation of the hacker community to outwit software abuse by totalitarian regimes, Hemry said.
"Hackers could be our Achilles Heel, or they could be the means by which we keep dictators from controlling information. In practice, that's a two-edged sword that could cut us occasionally."
"But we can live with freedom. Authoritarian regimes can't," he said.