spyfiles

A vast trove of documents relating to private intelligence corporations and their dealings has been released by WikiLeaks this month. The aptly named ‘Spy Files 3’ information spans the commercial efforts of over 90 ‘global intelligence contractors’ and the technology they hawk to state intelligence agencies and government contractors all over the world. The WikiLeaks Counter Intelligence Unit also released a map, compiling all the locations of where representatives for intelligence outfits were sent since 2011. Overall, the 249 documents offer a terrifying glance into the power and scope of these organisations, and pose questions about security of private information in the face of increased proliferation of intrusive surveillance technologies.

The release by WikiLeaks stressed the worrying influence private corporations have in the governmental arena, selling millions of dollars worth of surveillance equipment to law enforcement agencies in an industry worth an estimated $5 billion a year. One of the corporations featured in the documents is the UK/German registered ‘Gamma Group’, which provides ‘advanced technical surveillance, monitoring solutions…and consultancy to National and State Intelligence Departments and Law enforcement Agencies’. The files provide brochures and presentations regarding the Gamma Groups products; including a suite of services called ‘FinFisher’, a now infamous cyber package used to insert Trojan viruses that can anonymously track users web usage and communications. This package, and a subsidiary product known as ‘FinSpy’, allows the user to remotely control and access the targets computer after they click on a link to a legitimate download, either through an email or other means. The FinFisher portfolio, which was leaked online, states that Gamma addresses ‘IT intrusion challenges on a tactical level’, and seeks to ‘maximize users capabilities in this field’.

The companies apparent indifference to using the facades of other businesses as cover for its activities reveals a preference for an indiscriminate system of data collection; as the FinFisher software collects IP addresses, passwords, network information and even who the user has been communicating with, and can then transmit the software to a second user. Firefox recently had to start legal action against Gamma after it created a program disguised as a Firefox extension, whilst a security flaw in Apple’s iTunes software meant it was used as a prime example of an opportunity for surveillance operations at a Gamma private conference.

The Gamma Group faced fierce criticism when a proposed contract between the corporation and Egyptian president Mubarak’s security services for the provision of FinFisher was found in the ruins of government buildings in Cairo, they responded with a denial. Even so, this discovery prompted a wider investigation by computer security experts and privacy protection oriented groups such as Privacy International as to who else was profiting from Gamma’s services. Use of FinFisher has been discovered in over 25 countries, including Britain, Qatar, Mexico, India and various others. There is evidence that government departments in Turkmenistan and Ethiopia used the software against opposition groups and ‘dissidents’. This discovery is consistent with an increasing worry by human rights groups that intrusive information technologies are being used to suppress negativity against authoritarian regimes. An investigation by Citizen Lab in Canada and Bloomberg news uncovered use of the FinSpy package in Bahrain, as 3 activists were targeted with the FinSpy protocol through emails, including one based in Mobile, Alabama.

 A further controversy arising from these leaks regards the use of Gamma’s products by the German Federal Police, who licenced the software after its own ‘DigiTask’ security program was found to be deficient and costly. As the work towards developing a new software package continues, a secret document obtained from the German Ministry of Interior shows that the federal police will use FinFisher to monitor telecommunications. This startling revelation, coupled with increasing privacy concerns following the NSA’s role in spying on foreign nationals and administrations has lead to worry in Germany about individual privacy and information.

 Gamma’s methods have been criticised as breaking UK laws on exports that could be designed to violate human rights. Privacy International wrote to the UK Department of Business and asked them to enforce these rules, although Gamma claims it operates legally at all times. The British government responded after an ‘assessment by the Secretary of State’, and concluded that some part of the software should be regulated as it uses ‘controlled cryptography’, although this does not address why the software was not supervised previous to Privacy Internationals enquiry.

However, Gamma is not the only corporation to operate within the shadowy confines of surveillance technology. The WikiLeaks Spy files show that companies registered in France, Milan, and Germany offer products ranging from telephone interception to remote control of networks and personal computers. AMECS, a French outfit, distributed brochures with ‘easy-to-use’ products offering IP interceptions and video surveillance. The map provided shows that representatives visited countries like Kazakhstan and Saudi Arabia to South Africa and Nigeria.

With the disclosure of this vast and apparently unchecked industry, privacy and human rights campaigners have worried that it shows corporations gaining more and more power and control over data collected indiscriminately and without user permission. Most companies contend that their services are used to stop criminals, paedophiles and fraudsters, and the increased disclosure of their practices would put such projects in jeopardy. We are unlikely to find out, however, if these assertions are true. Governments and state intelligence agencies rarely if ever admit they are using certain software or surveillance protocols for fear of aiding their enemies. WikiLeaks, in the meantime, continues to publish such classified information in their attempt to stop the ‘corporate world from harvesting all human communication’.

 

http://wikileaks.org/spyfiles3

https://www.privacyinternational.org/media-articles/uk-software-firm-gamma-international-to-be-investigated-for-human-rights-violation

http://digitaljournal.com/article/357688

http://www.infosecurity-magazine.com/view/34310/finfisher-spyware-presentation-details-leaked/

http://thehackerspost.com/2013/08/download-finspy-surveillance-software.html

http://www.edri.org/edrigram/number11.2/germany-finfisher-spyware