In my book The Blogging Revolution I document a range of companies that sell equipment and software to dictatorships to help them monitor mobile phone calls, text messages and web traffic. I’m currently updating the book in light of the recent Arab revolutions – it’ll be released in Australia and a new overseas edition later in the year – and this topic keeps on appearing.
The UK Guardian has now discovered this:
A British company offered to sell a program to the Egyptian security services that experts say could infect computers, hack into web-based email and communications tools such as Skype and even take control of other groups’ systems remotely, according to documents seen by the Guardian.
Two Egyptian human rights activists found the documents amid hundreds of batons and torture equipment when they broke into the headquarters of the regime’s State Security Investigations service (SSI) last month.
One of the papers, in English and headed Finfisher Proposal: Commercial Offer, contained an offer dated 29 June 2010 to provide “FinSpy” software, hardware, installation and training to the SSI for €287,000 (…£255,000). The name on the invoice, dated Tuesday 29 June 2010, was Gamma International UK Limited.
Other documents, written in Arabic and marked “ultimately confidential”, state that after being offered a “free trial version” of Gamma’s Finfisher software to test its ability to hack into email accounts, the SSI concluded it was “a high-level security system” that could get into email accounts of Hotmail, Gmail and Yahoo, as well as allowing “full control” of the computers of “targeted elements”. It went on to describe the software’s “success in breaking through personal accounts on Skype network, which is considered the most secure method of communication used by members of the elements of the harmful activity because it is encrypted”.
The find throws a spotlight on western companies that provide software to security services and agents of oppressive regimes to spy on, censor and block the websites with which activists communicate. Last month a report by OpenNet Initiative said nine countries across the Middle East and North Africa used US and Canadian technology to impede access to online content, including sites with political, social and religious material.
Mostafa Hussein, a Cairo blogger and physician who took the documents, said they formed important evidence against the SSI’s activities. “This proposal was sent to a department well known for torture, for abuse of human rights, for spying on political campaigners. This company, Gamma, should be exposed as collaborators in the crimes of trying to invade our privacy and arrest activists.”
Hussein posted the documents online and passed a copy to the Guardian.
A Gamma International website called “Finfisher IT Intrusion” describes its software as allowing “remote monitoring and infection” that can provide “full access to stored information with the ability to take control of the target”. It is advertised as capable of “capturing encrypted data and communications” and allowing a “government agency to remotely infect target systems”.
The documents found in the SSI HQ, one dated 1 January 2011, said that the proposal from Gamma International had come via a subsidiary company, Modern Communications System. Following a “free” five-month trial, SSI described the software as like “planting a comprehensive spying system in the location where the targeted computer exists”. The software could record voice and audio calls, movements through video and audio where the computer was located, and hack into all the computers in the same network.