Blogs

German government intends to use FinFisher Spyware

By EDRi · January 30, 2013

This article is also available in:
Deutsch: [Deutschland will FinFisher Spyware einsetzen | https://www.unwatched.org/EDRigram_11.2_Deutschland_will_FinFisher_Spyware_einsetzen?pk_campaign=edri&pk_kwd=20130207]

A classified document of the German Ministry of Interior, revealed by
netzpolitik.org, shows that the German Federal Police office has
purchased the commercial Spyware toolkit FinFisher of Eleman/Gamma
Group, for telecommunication surveillance.

Commercial software meant to survey telecommunications has been used by
the German police before. In October 2011, German organization Chaos
Computer Club (CCC) revealed and analysed the use of a malware created
by DigiTask and used by German government authorities. CCC showed that
DigiTask software was badly programmed, lacked elementary security
protection and allowed remote updating and adding of new features, being
therefore in breach of the German law.

DigiTask spyware has been largely dropped and many German authorities
started to create their own state malware. A Center of Competence for
Information Technology Surveillance (CC ITÜ) was established for this
purpose. According to the leaked classified document dated 7 December,
the Federal Criminal Police Office plans to have its own surveillance
malware by the end of 2014. But until then, the police will continue to
use commercial software and therefore, has acquired such a product from
company Eleman/Gamma.

The software in question, FinFisher/FinSpy IT, a very complex programme
that can take over several types of devices such as Windows, OS X,
Linux, iOS, Android, Symbian or Blackberry, is known to have been used
by authoritarian regimes in the world to spy on political activists.

Although the software is kept secret, it appears that it consists of a
trojan that can also remotely load additional feature modules, such as a
module for recording Skype conversations. In any case, the Federal
Commissioner for Data Protection and Freedom of Information and the
Federal Office for Information Security, as it comes out from the leaked
document from the Ministry of Interior, were unable to audit the source
code of the program to verify whether it complies with the German law.

“With the purchase of Gamma FinFisher, the Federal Criminal Police
Office has chosen a vendor that has become a symbol for the use of
surveillance technology in oppressive regimes worldwide. FinFisher also
consists of various components, which can be loaded when needed, thereby
allowing the installation of spying capabilities that go far beyond the
already questionable ‘wiretapping at the source,’” stated CCC
spokesperson Frank Rieger.

In UK, the Secretary of State put FinSpy software under export
restrictions, requiring Gamma company to acquire a licence to export
these tools.

Secret Government Document Reveals: German Federal Police Plans To Use
Gamma FinFisher Spyware (16.01.2013)

Secret Government Document Reveals: German Federal Police Plans To Use Gamma FinFisher Spyware

Chaos Computer Club analyzes government malware (8.11.2011)
http://ccc.de/en/updates/2011/staatstrojaner

German Federal Cops Buy Notorious FinFisher Surveillance Software
(26.01.2013)
http://www.spamfighter.com/News-18165-German-Federal-Cops-Buy-Notorious-FinFisher-Surveillance-Software.htm

British government admits it has already started controlling exports of
Gamma International’s FinSpy (10.09.2012)
https://www.privacyinternational.org/press-releases/british-government-admits-it-has-already-started-controlling-exports-of-gamma

EDRi-gram: Details on German State Trojan programme (24.10.2012)
http://www.edri.org/edrigram/number10.20/details-german–state-spyware-Staatstrojaner