Big web security companies are abandoning Russia, leaving netizens open to more intrusion into the Kremlin

Ordinary Russians are facing another major blow to their daily lives due to the backlash to President Vladimir Putin’s invasion of Ukraine. On the same day, two major web security companies decided to stop selling to them, making Russian use of the Internet more vulnerable to hacking, hacking and other cybercrime by the Kremlin.

The departure of the two companies, Avast, a $6 billion antivirus provider based in the Czech Republic, and Utah-based website certification company DigiCert, will isolate the country of 145 million people.

“We are horrified by Russia’s aggression against Ukraine, where the lives and livelihoods of innocent people are in grave danger, and where all freedoms are under attack,” Avast CEO Ondrej Vlcek wrote on Thursday.

Flechk said the company was including Belarus in withdrawing services, and continued to pay employees in full in Russia and Ukraine, many of whom were helping with relocation.

“We don’t take this decision lightly,” Flechk wrote. “We have been offering our products in Russia for nearly 20 years, and users in this country are an important part of our global community.”

While Avast joins other antivirus companies, including NortonLifeLock and ESETBy halting sales, Russians will still be able to get virus protection from Moscow-based Kaspersky and other service providers within the country. DigiCert’s departure may be even more significant.

DigiCert is one of the largest website certificate providers in the world, which aims to prove that when a person visits a website, it is owned by the entity they expect. If a website loses this certificate, it is possible for hackers or the government to intercept someone’s attempt to access a particular website and replace it with their own web page. This can then be used to launch spyware on an individual or trick them into entering their username and password, which can be stolen and offered for sale, or used by the perpetrator. It can also be used to spy on what users are doing on a particular website.

In Russia, where fears of cybercrime and repressive surveillance are prevalent, the repercussions of DigiCert’s withdrawal could be enormous. that Russia is It said Working to create its own digital signature entity will not allay concerns about surveillance, given that it will be under the control of the Kremlin.

“This really worries me,” says Alan Woodward, a cryptographic expert at the University of Surrey. “What it means is that you can do man-in-the-middle attacks to listen to.”

DigiCert has not yet commented on the withdrawal, but there are two Ukrainian government departments, including the State Service for Special Communications and Information Protection of Ukraine, announce DigiCert was to temporarily stop “issuance and reissue of all types of certificates belonging to Russia and Belarus”.

Mikhailo Fedorov, Deputy Prime Minister and Head of the Digital Transformation Department of Ukraine, celebrated the announcement on Friday morning. “The occupier is rapidly losing all the tools and technologies of the 21st century,” he said. “Refusal to issue international certificates will mean a loss of confidence in the Russian resources in the world.”

DigiCert’s departure is also another sign of Russia’s growing pariah status in the digital world. In recent weeks, major ISPs and cloud service providers such as Amazon, Google and Microsoft have pulled out of selling to the country. If Russia continues its attack on Ukraine, its internet could eventually resemble North Korea, where the government controls all websites that users can still visit.