You are currently browsing EDRi's old website. Our new website is available at https://edri.org

If you wish to help EDRI promote digital rights, please consider making a private donation.


Flattr this

logo

EDRi booklets

German government intends to use FinFisher Spyware

30 January, 2013
» 

This article is also available in:
Deutsch: Deutschland will FinFisher Spyware einsetzen


A classified document of the German Ministry of Interior, revealed by netzpolitik.org, shows that the German Federal Police office has purchased the commercial Spyware toolkit FinFisher of Eleman/Gamma Group, for telecommunication surveillance.

Commercial software meant to survey telecommunications has been used by the German police before. In October 2011, German organization Chaos Computer Club (CCC) revealed and analysed the use of a malware created by DigiTask and used by German government authorities. CCC showed that DigiTask software was badly programmed, lacked elementary security protection and allowed remote updating and adding of new features, being therefore in breach of the German law.

DigiTask spyware has been largely dropped and many German authorities started to create their own state malware. A Center of Competence for Information Technology Surveillance (CC ITÜ) was established for this purpose. According to the leaked classified document dated 7 December, the Federal Criminal Police Office plans to have its own surveillance malware by the end of 2014. But until then, the police will continue to use commercial software and therefore, has acquired such a product from company Eleman/Gamma.

The software in question, FinFisher/FinSpy IT, a very complex programme that can take over several types of devices such as Windows, OS X, Linux, iOS, Android, Symbian or Blackberry, is known to have been used by authoritarian regimes in the world to spy on political activists.

Although the software is kept secret, it appears that it consists of a trojan that can also remotely load additional feature modules, such as a module for recording Skype conversations. In any case, the Federal Commissioner for Data Protection and Freedom of Information and the Federal Office for Information Security, as it comes out from the leaked document from the Ministry of Interior, were unable to audit the source code of the program to verify whether it complies with the German law.

“With the purchase of Gamma FinFisher, the Federal Criminal Police Office has chosen a vendor that has become a symbol for the use of surveillance technology in oppressive regimes worldwide. FinFisher also consists of various components, which can be loaded when needed, thereby allowing the installation of spying capabilities that go far beyond the already questionable ‘wiretapping at the source,’” stated CCC spokesperson Frank Rieger.

In UK, the Secretary of State put FinSpy software under export restrictions, requiring Gamma company to acquire a licence to export these tools.

Secret Government Document Reveals: German Federal Police Plans To Use Gamma FinFisher Spyware (16.01.2013)
https://netzpolitik.org/2013/secret-government-document-reveals-german...

Chaos Computer Club analyzes government malware (8.11.2011)
http://ccc.de/en/updates/2011/staatstrojaner

German Federal Cops Buy Notorious FinFisher Surveillance Software (26.01.2013)
http://www.spamfighter.com/News-18165-German-Federal-Cops-Buy-Notoriou...

British government admits it has already started controlling exports of Gamma International's FinSpy (10.09.2012)
https://www.privacyinternational.org/press-releases/british-government...

EDRi-gram: Details on German State Trojan programme (24.10.2012)
http://www.edri.org/edrigram/number10.20/details-german--state-spyware...

 

Syndicate:

Syndicate contentCreative Commons License

With financial support from the EU's Fundamental Rights and Citizenship Programme.
eu logo