Is Veeam a Russian Company? Is Veeam a Backdoor for Russians to Your Servers?

It’s March 2022 and we might be involved in World War III and not even know it yet. At least, it very much appears a likely outcome at this point. All the Western economies are talking about sanctions against Russia in an attempt to starve Russia’s economy. The hope is these sanctions will cause so much economic hardship that Russian leaders end the war voluntarily.

Apart from what governments do to boycott Russia, doesn’t it also matter where you spend your dollars? What can we do to help end this war? I think it does matter where we spend our money, since most of the trade really begins with the consumer.

Pretending to be a U.S. Business in order to Pump Dollars Directly to Russia

Europeans had no idea: They heat their house and they are sending their cash directly to Putin. How? Most of the gas in Europe comes from Putinland. And most Europeans were clueless they were supporting a dictator all these years. Now they can thank their corrupt politicians for it because they can’t even switch off the gas. Putin has them by the balls. How did this happen? Years of lobbying by former German Chancellor Schroeder did the job apparently. Well done Putin!

But you don’t have to look far to find more examples. There are many foreign companies in the U.S. pretending to be local and native to the West, but in reality they aren’t. One of them appears to be Veeam. I’m not just talking about a little bit of outsourcing.

Forbes Magazine states that “… the entirety of the back office of Veeam Software” is based in Russia! (Forbes Magazine). You may want to read that twice, the screenshot of the article is shown below:

Hence, even if they state their headquarters are here in the West, it’s likely just a facade. Their entire back office situated in Russia! I didn’t make this up. It’s a business setup reminding me of a Trojan Horse, isn’t it 😉 You think you are buying from an American company, but apparently only U.S. investors and sales people here benefit from the transaction. The major portion of the workforce is abroad, and not just somewhere, it’s entirely in Russia!

Another example is Kaspersky. Just a few days ago we read that “Germany issues hacking warning for users of Russian anti-virus software Kaspersky“. Acronis is another software package where many people doubt that its real operations are in the West. I was telling people about Kaspersky security risks years and years ago. Anyone thinking critically will quickly realize that sabotage in the IT world is very real and very much alive. Ask someone who fell victim to a ransomware attack, if you want a vivid description of how it feels like.

Some People Have Serious Security Concerns…and They Might Be Right

Another issue is that some experts have security related concerns: isn’t it a little risky, I don’t want to use the word insane, to give Russian software access to 100% of your most confidential business documents? I leave that decision up to you. The Germans also thought that buying Russian gas was economically a sound decision. After all, the politicians filled a lot of pockets with that gas money.

But having worked in IT security for decades I can assure you that it’s technically not very difficult to implant a silent and dormant “Trojan horse” in a software package and to activate it remotely when needed. Think about it, it has been done countless of times before, as in ransomware, malware, viruses, etc., but now during war, this would add a major new twist.

Putin’s Potential IT “Atomic” Bomb: Should we Give the Russians Unlimited Access to Your Network, Servers, and All Your Business Documents?

Think about it for a second: Putin could simply push a button and thousands of servers in the West would go offline within minutes. Exabytes of important business documents could be encrypted or destroyed in minutes. It would be like the IT version of an Atomic Bomb. And, by the way, we have seen similar strikes in the ransomware world many times in recent years, so the thought isn’t just an imaginary ‘end-of-world’ scenario from a science fiction movie. How would he do that? It’s actually quite simple.

Backup solutions aren’t just typical standard PC software, like Microsoft Office: backup solutions have system-wide, organization-wide, total, 100% unrestricted access to everything.

Would you give your house keys to a random guy on the street? When you download software from Russian origin that is granted system-wide, organization-wide access, you are giving the keys to someone you don’t even know. And the damage doesn’t necessarily occur immediately. An infection can sit there undetected for years before the malware is activated.

Russia could theoretically switch off and destroy all your servers and files with a single click from far away, with the help of the software you installed on your own servers. Just by looking at the software, the task manager, past performance, and even network traces you can’t really tell whether it’s a real risk or not. So it really boils down to trust.

Do we have evidence? Not yet. The truth is that absolutely no one can proof the opposite. Even if you had the alleged Veeam, Kasperky, or whatever company’s source code, you don’t know what the binaries contain. You can watch your network for suspicious traffic but that won’t help if the Trojan horse is dormant, waiting for an activating signal.

Where could that activating signal come from? Clever and sneaky IT cryptography can be abused for almost anything. It could hide inside a software update request downloaded a while ago. It could hide inside a harmless looking remote time stamp check. The software doesn’t even have to connect to Russian servers. It could connect to a harmless looking, approved, white-listed domain that the Russians control indirectly. They could host it on Amazon’s cloud and bypass all geo restrictions easily. The server could then respond with a harmless looking response that triggers the destruction on the receivers via the previously implanted malware. The truth is, malware authors are extremely clever and, for some reason, Russia and China appear to have many of them.

Am I saying that Veeam is under the control of Putin, or that it contains malware, or that their workforce is doing anything illegal or sneaky? No, absolutely not.

But why support Russian companies (and their dictatorship), why risk installing their software and handing them over the keys to your business? To save a few bucks? This cost-reduction mentality, and total blindness to its long-term repercussions, might end up contributing to our downfall one day…

Why trust anything coming from businesses and workers operating in country controlled by a totalitarian regime, who on top of it makes nuclear threats against our country and our NATO allies?

So is Veeam a Russian Company?

So when you buy Veeam, where does the money really go? On paper anyone in the world can establish a company in the U.S. with $100 within hours. Does that mean it’s a real U.S. company? Doesn’t it matter where the work is performed and how much of it is performed in the U.S.?  For tax and legal reasons, it barely matters. But for a lot of other reasons, I think it does.

I prefer buying American products, made here, and the people pay their taxes here, and they spend their money here to support other American companies and, hence, workers. Money is meant to go around in a healthy economy. I’m not fond of supporting dictatorships.

The question whether Veeam is a de facto Russian company, and whether they really do not have any ties to the Russian government, is for you to decide.  It’s not “Russophobia” to reject Russian-made products and services.

We’re taking a stand to “not support Putin” and to help to end the Ukrainian war asap, and also reduce the risk of a World War III.

Why not choose a different product that does not expose you to such risks? The U.S. has a lot of offer. The US government uses McAfee for quite some time now, so they kind of made a decision in the right direction. Starve the dictators, strengthen your own economy, and bet on secure and trustworthy companies in your vicinity by buying American.

If you believe in America, and want to protect your country and everyone’s jobs, then buy American.

It’s that easy.