Some Lithuanian public institutions continue to use unsafe Russian software and have no intentions to phase it out even though they were warned about the risks more than two years ago, says Lithuania's National Cyber Security Centre (NKSC).
According to MP Mykolas Majauskas, chairman of the parliamentary Committee on Budget and Finance, the NKSC warned the State Tax Inspectorate (VMI), the social insurance fund SoDra, Statistics Lithuania and the Bank of Lithuania two years ago that ABBYY eFormFiller, the Russian software they used, “poses risks to national security, national economy and the interests of the state and the public”. The institutions were advised to drop the software.
“To our big surprise, we have been notified that the main public financial institutions continue to use that software and we are saddened to see that the tax inspectorate, for instance, plans to cease its use only in 2028,” Majauskas told BNS.
The NKSC notified the committee that the VMI intended to use the software until the end of 2027, SoDra planned to use it until July 2022, whereas the statistics department aimed to phase it out by 2023.
The Bank of Lithuania said that it would stop using the software once other institutions replaced their tools to report information.
“In the view of the NKSC, the phasing out of ABBYY software is not rapid enough,” the centre said.
The NKSC has said that Russia's intelligence and security services (RISS) “are legally authorised and technically capable to gain access to the data of Russian and foreign entities that use Russian software”.
“This includes the software developed by ABBYY developers headquartered in Moscow. Therefore the confidentiality, integrity and access to the services provided by this particular organisation can be affected by third parties,” Majauskas pointed out.
A virus dubbed ‘NonPetya’, which targeted ABBYY eFormFiller software, hit Ukraine in June 2017, taking down government agencies and businesses.
Newsletter
Every Friday morning.
