Turkmenistan and Oman Negotiated to Buy Spy Software: Wikileaks
by Pratap Chatterjee, Special to CorpWatch
September 4th, 2013
Turkmenistan and Oman have been negotiating with a consortium of British, German and Swiss companies to buy “FinFisher” software to spy on phone calls and Internet activity of unsuspecting targets, according to a new trove of documents just released by Wikileaks, the global whistleblowing organization.
Previously released promotional materials for FinFisher – a suite of software products manufactured by Gamma International, a UK company – claim that it can track locations of cell phones, break encryption to steal social media passwords, record calls including Skype chats, remotely operate built-in web cams and microphones on computers and even log every keystroke made by a user.
The new Wikileaks release includes contracts with the two countries that appear to be drawn up by Dreamlab Technologies in Bern, Switzerland, and Gamma International offices in Munich, Germany. If the documents are real, they will confirm claims by activists and researchers that the companies have attempted to sell surveillance software to governments with a decidedly mixed record on human rights.
"The corporate surveillance industry works hand in hand with governments throughout the world to enable illegitimate spying on citizens,” said Julian Assange, the editor in chief of WikiLeaks, in a statement issued with the documents. “WikiLeaks is committed to exposing and educating about this industry, with the goal that together we can build the understanding and the tools to protect ourselves, and each other, from its gaze."
Gamma first came to public notice when similar contract documents for its FinFisher software were discovered by Egyptian human rights activists inside the headquarters of former dictator Hosni Mubarak’s State Security Investigations service, which was notorious for repressing dissidents. The activists broke into the building after Mubarak was toppled in the Arab Spring uprisings in 2011 and found Egyptian evaluations of Gamma technology stored alongside hundreds of police batons and other equipment used for torture.
While Gamma did not deny that the FinFisher technology had been tested by the Egyptian government, the company did release a carefully worded statement saying that it had never “supplied any of its FinFisher suite of products or related training etc to the Egyptian government."
The new Wikileaks documents shed light on two projects that appear to have gone much further.
According to the new company documents released by Wikileaks, Nicolas Mayencourt, the CEO of Dreamlab, took a trip to Turkmenistan in 2010 with Thomas Fischer of Gamma International, with the objective of helping the government build “an Infection Proxy Infrastructure and Solution applicable nationwide for all international traffic the Turkmentel and TMCell networks” ie a way to monitor calls on the national mobile phone network.
An initial proposal was submitted to the Turkmen government by the two companies on October 11, 2010, according to the documents released by Wikileaks, followed by a revised 61 page agreement between Fischer and Mayencourt dated December 13, 2010 titled “Infection Proxy Project 1.”
The documents include an invoice from Dreamlab to Gamma for 874,819.70 Swiss Francs ($789,000) for a custom designed hardware package of Cisco switches, HP computers and Intel adaptors to be installed in the country together with Gamma software named FinSpy and FinFly, that comprise the FinFisher suite.
It is not clear from the documents if Turkmenistan actually signed the contract.
But Bill Marczak, a fellow at Citizen Lab and a PhD student at the University of California at Berkeley, who has published several reports on government spying technology, says that his prior research showed that FinFisher software was deployed on a Turkmenistan ministry of communications server last August.
On September 3, 2013, Marczak ran a check that confirmed that the software was still in place, and reviewed the company contracts for CorpWatch.
“The Turkmenistan documents match our finding of a FinSpy server on a network belonging to the Turkmenistan government,” Marczak said. “Gamma provides spyware … that gets injected into downloaded files and viewed webpages. DreamLab provides the hardware and software components necessary for the injection to work: the "infection proxy" that actually performs the injection of the spyware by rewriting webpages and files on-the-fly (hence the name "FinFly"), and hardware and software to target people based on DSL/cable/dial-up account names, mobile phone numbers etc.”
What makes the software “sneaky” is that it allows the Turkmen government to inject spyware into trusted webpages that are otherwise benign, says Marczak.
Other data released by Wikileaks shows that Holger Rumscheidt, the managing director of Elaman, another German company that often collaborates with Gamma, made a four day trip to Turkmenistan this past January, and another two day trip in mid-June. (Gamma offers two annual maintenance visits as part of the annual license fee)
Turkmenistan’s surveillance of its citizens has been documented in the past. “Servers … registered to the Ministry of Communications operated software that allowed the government to record Voice over Internet Protocol conversations, turn on cameras and microphones, and log keystrokes,” notes the most recent U.S. State department report on human rights in the country.
In addition to tracking its citizens, Turkmenistan government has long occupied one of the lowest ratings in the world for human right, according to activist groups like Amnesty and Human Rights Watch. “The country is virtually closed to independent scrutiny, media and religious freedoms are subject to draconian restrictions, and human rights defenders and other activists face the constant threat of government reprisal,” says the New York-based Human Rights Watch in its 2013 report on the country. “The government continues to use imprisonment as a tool for political retaliation.”
Gamma and Dreamlab also apparently collaborated in Oman.
The Wikileaks documents also show that Mayencourt of Dreamlab sent Fischer of Gamma an invoice for 408,743.55 Swiss Francs ($369,000) on June 12, 2010, for a very similar project to be installed in the Middle Eastern country. Payment was authorized by Stephan Oelkers of Gamma.
Marczak says that while the documents make it clear that the system is up and running, he has not identified FinFisher technology on any Omani servers yet.
The Omani government has also been criticized by activist groups like Human Rights Watch, which reported that authorities “restricted the freedoms of association and assembly, both in law and in practice.”
The latest U.S. State department report on Oman says that 32 individuals “received prison sentences for directly or indirectly criticizing the sultan in online fora and at peaceful protests” noting that three individuals, Mona Hardan, Talib al-Abry, and Mohammed al-Badi were imprisoned for 18 months for Facebook postings and Twitter comments deemed critical of the sultan.
Newly released Wikileaks documents provide a fascinating insight into the cost of tracking people with Gamma’s Finfisher software suite.
A 2011 price manual offers governments FinSpy software at four price levels, starting at €80,000 ($104,000) for up to 10 targets at the entry level, but the price drops dramatically for the “open” level which allows clients to target as many at 500 individuals for €200,000 ($260,000).
Additional options include a voice recording server at €20,000 ($26,000) and several different kinds of five day “intrusion” training modules either in the customer’s country or in Munich, Germany, for two to four students for €15,700 to €20,250. ($15,700 to $26,325)
Gamma’s sale of surveillance software to repressive regimes is currently the subject of formal complaint to the Organization for Economic Cooperation and Development (OECD) by Privacy International, the European Center for Constitutional and Human Rights and Reporters Without Borders.
“Unregulated trade with surveillance technologies in authoritarian states is one of the biggest threats to press freedom and human rights work on the Internet,” said Christian Mihr, Executive Director of Reporters Without Borders Germany when the groups filed their complaint on February 1 this year. “Exports of such digital arms have to be made subject to the same restrictions as foreign dealings with traditional arms.”
Email requests from CorpWatch to Fischer, Mayencourt and Rumscheidt, for comments on the Wikileaks documents were not returned by press time.
However, the company has responded to previous queries about sales to Turkmenistan. “The nature of our business does not allow us to disclose our customers, nor how they use our products and the results that are achieved with them,” Gamma International’s Munich-based managing director, Martin Muench, told EurasiaNet.org by email last August. Gamma “complies with the national export regulations of the UK, United States and Germany and has never sold its products to any states that are restricted.”