FinFisher

FinFisher is a Trojan because the espionage functions are smuggled in in a harmless-looking shell. The German government supports the trade in this software by securing the export of German surveillance technology with Hermes guarantees .

Office building at Baierbrunner Strasse 15 in Munich, in which both FinFisher GmbH and Elaman GmbH are housed.

Features and functions

The software suite includes:

In addition to the actual software packages, training on how to use the software is also offered, which is marketed under the name FinTraining.

criticism

Selling to oppressive regimes

Although Gamma International has always denied the sale of the software to totalitarian regimes, the Wall Street Journal obtained a secret memo from the Egyptian Ministry of the Interior in 2011, which had the topic of a five-month test use of the software suite from Gamma International. The same memo also addressed the “successful hacking of personal Skype accounts” and “recording voice and video calls over the Internet” using the software suite . Andy Müller-Maguhn describes the sale of the Gamma software as “active support for human rights violations ”.

The memo also mentions that the software was offered for 388,604 euros, including training for a four-man team. Although the documents indicate that the purchase had already been confirmed by the Interior Ministry, the deal never took place , presumably due to the riots of the Arab Spring .

In Turkey , the participants in the “ Justice March” were spied on using the FinSpy spy software. The Turkish government left this uncommented upon request.

Big Brother Award 2012

OECD complaint

On February 6, 2013, a complaint against the two IT companies Gamma Group, the manufacturer of FinFisher, and Trovicor was filed with the Organization for Economic Cooperation and Development (OECD) in Germany and Great Britain . The complainants are Privacy International , Reporters Without Borders , the Bahrain Center for Human Rights (BCHR), Bahrain Watch (BW) and the European Center for Constitutional and Human Rights . Their allegation is that Gamma violates the OECD Guidelines for Multinational Enterprises. These state that companies must not directly or indirectly contribute to human rights violations.

The UK Contact Point of the OECD accepted the complaint against the Gamma Group on June 24, 2013.

Court decision regarding export to Bahrain in 2014

The English High Court ruled in May 2014 that the British export authority HMRC had to forward information about the export of FinFisher to Bahrain to the human rights organization Privacy International . The agency had investigated Gamma International , but refused to provide information to the human rights organization. The company was accused of exporting FinFisher to Bahrain without a permit. A Bahraini human rights activist discovered the software on her computer. Federal Minister of Economics Sigmar Gabriel then announced that the export of spy software would be more restrictive in the future.

Complaint on suspicion of illegal sales of spyware to Turkey in 2019

Four organizations filed a criminal complaint against the company or its managing director with the Munich I public prosecutor in the period around July 2019. The allegation here is that FinFisher sold its software "FinSpy" to Turkey without permission. This export permit should have been applied for by the Federal Office of Economics and Export Control (Bafa) , which presumably was not available here. The software was then offered as a download, concealed by pages that pretended to be the opposition. The Chaos Computer Club supports the justification for the criminal complaint in a report dated December 28, 2019.

Purchase by German authorities

In May 2013, the federal government acquired a license to use ten computers for FinSpy via the German distributor Elaman for 147,000 euros, although the software still has to be adapted due to the legal situation in Germany. Since the introduction of online searches for criminal prosecution purposes in Section 100b of the Code of Criminal Procedure on August 24, 2017, there has been a legal basis for the use of software, but the technical requirements are still lacking.

The LKA Berlin licensed in 2012, the Trojan FinFisher for 400,000 euros, although it was not allowed to use it for lack of legal basis. The contract expired at the turn of the year 2017/2018 after the LKA terminated the contract in spring 2017.

Hacker attack

In August 2014, a hacker with the code name Phineas Fisher managed to break into a network operated by FinFisher manufacturer Gamma. Phineas Fisher poses as female, but there may also be a team of several hackers behind this pseudonym. Fisher published details on Twitter and reddit about state Trojans used worldwide, the source code of FinFlyWeb and evidence that the software is used internationally, including in Germany , and by the regime in Bahrain to monitor opposition members.

literature

• Bastian Brinkmann, Jasmin Klofta and Frederik Obermaier: Finfisher developer Gamma - Spam vom Staat , sueddeutsche.de February 9, 2013

Broadcast reports

• Dieter Bauer: Spy Trojans in the civil service , SWR2 Knowledge from September 17, 2018

Web links

• FinFisher IT Intrusion - public homepage
• Gamma Group of Companies (English) - public homepage
• The Spy Files - Gamma International documents at WikiLeaks
• FinSpy software for download from WikiLeaks (English)
• GAMMA (English) - Page in the Buggedplanet - Wiki of the surveillance industry
• ELAMAN (English) - Page in the Buggedplanet - Wiki of the surveillance industry
• Gamma Group International Limited (English) - ICIJ Offshore Leaks Database

Individual evidence

1. ^ Gamma - Les Ennemis d'Internet ( Memento of July 18, 2013 in the Internet Archive ), Reporters sans frontières accessed July 12, 2013.
2. ↑ Martin J. Münch. Buggedplanet.info, accessed July 12, 2013 . 
3. ^ Félix Portello: FinFisher, un outil d'espionnage gouvernemental retrouvé dans 25 pays. Bulletins-electroniques.com, accessed April 2, 2013 (French). 
4. ↑ Thibault Lescuyer: Droits de l'homme: la responsabilité des logiciels de surveillance ( Memento of January 16, 2014 in the Internet Archive ). French. Novethic.fr of March 5, 2013.
5. ↑ Position paper from Reporters Without Borders on the export of German surveillance technology on the occasion of the Ambassadors Conference Business Day. (PDF) Reporters Without Borders , August 28, 2012, accessed June 9, 2016 . 
6. ↑ Remote Monitoring & Infection Solutions: FINSPY. (PDF, 1007.8 KiB) WikiLeaks , October 2011, accessed on May 2, 2013 . 
7. ↑ Tactical IT Intrusion Portfolio: FINFIREWIRE. (PDF, 398.6 KiB) WikiLeaks , October 2011, accessed on April 29, 2014 . 
8. ↑ Remote Monitoring & Infection Solutions: FINFLY USB. (PDF, 323.5 KiB) WikiLeaks , October 2011, accessed on May 2, 2013 . 
9. ↑ Remote Monitoring & Infection Solutions: FINFLY ISP. (PDF, 715.4 KiB) WikiLeaks , October 2011, accessed on May 2, 2013 . 
10. ↑ IT Intrusion Training Program: FINTRAINING. (PDF, 102.9 KiB) WikiLeaks , October 2011, accessed on May 2, 2013 . 
11. ↑ UK firm denies 'cyber-spy' deal with Egypt. BBC , September 20, 2011, accessed May 2, 2013 . 
12. ↑ Mideast Uses Western Tools to Battle the Skype Rebellion. The Wall Street Journal , June 1, 2011, accessed May 2, 2013 . 
13. ^ Egyptian Interior Ministry Memo and FINFISHER Proposal. Scribd , March 13, 2011, accessed May 2, 2013 . 
14. ↑ Jasmin Klofta: The axis of the good. Ndr.de =, March 7, 2013, archived from the original on October 19, 2016 ; Retrieved July 12, 2013 . 
15. ^ With software against opposition: Turkish spying attacks with German help. tagesschau.de , May 14, 2018, accessed May 15, 2018 . 
16. ↑ Technology: Gamma International. Big Brother Awards , July 2, 2013, accessed December 15, 2013 . 
17. ↑ Human rights organizations file formal complaints against surveillance firms Gamma International and Trovicor with British and German governments ( Memento of August 16, 2014 in the Internet Archive ). English. Privacyinternational.org of February 3, 2013.
18. ↑ Great Britain accepts OECD complaint against spyware manufacturer Gamma. netzpolitik.org , June 24, 2013, accessed July 12, 2013 . 
19. ↑ Ben Knight: UK court slams weak spyware investigation. Deutsche Welle , May 14, 2014, accessed on May 20, 2014 (English). 
20. ↑ Gabriel does not want to help informing people , tagesschau.de, May 19, 2014 ( Memento from May 20, 2014 in the Internet Archive )
21. ↑ Andre Meister: We file criminal charges! Customs Criminal Police Office is investigating FinFisher for illegally exporting the state trojan. (No longer available online.) In: netzpolitik.org. September 4, 2019, archived from the original on September 4, 2019 ; accessed on September 5, 2019 (German). 
22. ↑ ^{a b} Spy software: Public prosecutor determined after reporting against Finfisher - Golem.de. Accessed September 5, 2019 (German). 
23. ↑ tagesschau.de: Analysis of the CCC: The long trail of the spy software. Retrieved December 28, 2019 . 
24. ↑ CCC | CCC analyzes Munich state trojan FinSpy. Retrieved December 29, 2019 . 
25. ↑ Philipp Alvares de Souza Soares: What can the new Federal Trojan? Die Zeit , May 2, 2013, accessed on May 11, 2013 . 
26. ↑ Florian Flade: Monitoring software: The federal Trojan that nobody uses tagesschau.de, October 25, 2019
27. ↑ Andre Meister: Berlin has bought the state trojan FinFisher, we are publishing the contract. netzpolitik.org , August 5, 2019, accessed on August 5, 2019 . 
28. ↑ Andre Meister: Gamma FinFisher: Twitter account publishes internal documents about state Trojans used worldwide. netzpolitik.org , August 8, 2014, accessed August 9, 2014 . 
29. ↑ Andre Meister: Gamma FinFisher hacked: Promotional videos of exploits and source code published by FinFly Web. netzpolitik.org , August 6, 2014, accessed August 9, 2014 . 
30. ↑ tagesschau.de: Analysis of the CCC: The long trail of the spy software. Retrieved December 28, 2019 .