The competition announced by the Riga municipal enterprise "Rīgas satiksme" for the development of changes in the "1C" software and its subsystems has raised concerns among IT experts. "1C" is a widely known and popular software provider in Russia, and specialists have repeatedly warned about security risks associated with its use, writes Ritums Rozenbergs on nra.lv.
It seems that "Rīgas satiksme" has ignored these warnings. Even now, as the fifth year of the war in Ukraine continues, the Russian software "1C" continues to operate without interruption in the capital's transport enterprise.
Messages about this software in the possession of "Rīgas satiksme" appeared in the media but soon faded away. Meanwhile, buses, trolleybuses, and trams are circulating in Riga and the suburbs. Hundreds of thousands of passengers use them daily. Almost everyone has noticed that almost all public transport is equipped with video surveillance. Many use various discount programs, for which they enter their personal data. "1C" works without failures — why not? There is plenty of work.
Classic Spy Field
The television program Nekā personīga reported on January 25 about the so-called group of "Baltic antifascists," through which a network of informants was created in Latvia. It collects data for Russian special services about the movements of military equipment, Ukrainians, and supporters of Ukraine in Latvia, as well as those who dismantled the monument in Victory Park and those who supported this dismantling. Lists of people subject to "elimination" were even compiled. Documents that came into the possession of Mikhail Khodorkovsky's "Dossier Center" and were handed over to the television program helped expose this network.
Among other things, the program mentioned a store security guard, Igor Andreev, who for a long time passed information about visitors with Ukrainian symbols and car numbers, as well as personal data, to Russian special services. Journalists also talked about other significant actions of recruited individuals.
If the enemy knows the individuals who are subject to destruction or other actions, and has their personal data — for example, obtained through Russian IT systems — the rest is just a matter of technique. If you support Ukraine or have been involved in the legal or physical processes of dismantling the monument, remember: you may be tracked and observed, warns the author.
Popular Product from Russia
There is a wealth of information available online about "1C." Founded in 1991 in Moscow, the company started as a supplier of accounting software. The simplicity and flexibility of the programs allowed it to quickly capture a large market share in Russia and the former USSR countries. Later, the company also ventured into video game development, particularly in military themes.
In April 2022, Poland imposed sanctions against "1C Poland." In May 2024, the Main Intelligence Directorate of Ukraine reported a cyber attack on the company.
Among the most common products of "1C" are enterprise management systems; accounting and tax accounting; document management (ECM); process automation in companies and institutions; personnel management, payroll calculation, and more.
Don't Worry — "Rīgas satiksme" Cares About You
In a statement, "Rīgas satiksme" said that the enterprise has been using "1C" software for many years, and perhaps if experts and the public had not raised a fuss, it would still be in use.
"We have received a number of questions about the 1C system. Currently, we have begun actions aimed at abandoning the 1C system. Last year, the company conducted an in-depth assessment of the situation with the involvement of an independent external contractor, who analyzed the technical and security aspects, as well as possible alternatives. Based on the results of the analysis, requirements for the technical specifications of a new procurement competition are now being prepared.
The information system in use operates in an isolated, closed environment and does not interact with servers of other countries or external systems, so customer and enterprise data is not at risk. Historically, "Rīgas satiksme" has used this resource management system, which has been significantly adapted to the internal processes and procedures of the company over many years. That is why replacing the system is a complex, lengthy, and costly process that may affect the continuity of the enterprise's operations in the short term.
The company recognizes the need to transition to independent and modern solutions in the long term, and work in this direction has already begun. Maintenance and adaptation of the current system are carried out by companies registered in Latvia, whose ultimate beneficiaries are not connected to Russia.
As for the procurement competition mentioned on the website — it is necessary to ensure the continuity of business processes, regulatory adaptations, and the functioning of the enterprise during the transition period (approximately 2–3 years) while alternative solutions are being implemented.
