Salisbury firm alleged to be selling spyware to Bahrain

Posted: February 10, 2020 in "Human rights", Bahrain, Intelligence, Uncategorized
Tags: , , , , , , , ,

Firm based in Porton accused of selling spy equipment to harsh regimes

Considerable interest has been aroused in the last month or so concerning the use of Huawei technology to provide 5G connectivity in the UK.  Other countries in the ‘Five Eyes’ group – USA, Australia, Canada and New Zealand – will not use this equipment because of fears of intrusion by the Chinese state.  The worry is that the Chinese will gain a backdoor entry into our messages, emails and the like thus compromising our security.  For weeks, the issue has been discussed and could well have repercussions as far as our relationship with the Americans is concerned.

It was not that long ago that the UK and USA were revealed to be invading people’s messages on an industrial scale via the Prism and Tempora programmes.  21 petabytes of data are downloaded a day and there is huge process involved in sifting and selecting the messages which have been intercepted.  It therefore seems inconsistent to be worrying about Chinese intrusion when our own governments are heavily involved in doing the same thing.  The difference is one is our own people and the others are Chinese.  It is claimed that only metadata is collected by GCHQ.

The UK government sponsors an exhibition of security equipment at an event called Security and Policing held at Farnborough.  It is a similar exhibition to DSEI which takes place in London – also supported by the UK government – where arms firms exhibit their wares.  The guest list of both events reveal a range of authoritarian regimes as customers keen to get access to weapons and security equipment with which to maintain their hold on power.  Huawei has achieved considerable publicity for something they claim does not and will not happen while, by contrast, surveillance which is happening receives almost no coverage at all.

What do we mean by … ?

Of course, a lot depends on what we mean by ‘police’ and ‘security’.  Police forces around the world need equipment with which to tackle organised crime, drug smuggling, people trafficking and the like.  Countries might legitimately need equipment to intercept and interdict attempts to commit terrorist offences or attack their citizens.  The difference occurs when this equipment is used to silence critics of the regime, arrest and mistreat them or cause them to disappear.  If people who are peacefully protesting, seeking democracy, acting as human rights defenders or pursuing human rights, have their communications, emails and computers intercepted and compromised using UK manufactured kit then it can be argued this is wrong.  The government goes to great lengths to keep this activity confidential running the only closed event in the country, suggesting it knows that it is potentially damaging.  A member of the parliamentary Arms Export Committee, Lloyd Russell-Moyle, was barred from entering the 2019 exhibition which he said was deeply alarming.

Meanwhile, here in Salisbury …

In the village of Porton, just outside Salisbury – the same village as in Porton Down – is a firm, Gamma TSE which makes this equipment Finfisher and the aptly called Finspy.  What it does was hard to discover exactly but thanks to Wikileaks, details of its equipment are available for all to see.  A pdf which provides comprehensive details of the firm’s spying capabilities to covertly extract data from a computer system, bypass password protection and obtain information from a bank are all described in great detail.  Examples of its extensive interception capabilities are described in information sheets:

The FinIntrusion Kit was used to break the WPA encryption of a Target’s home Wireless network and then monitor his Webmail (Gmail, Yahoo, …) and Social Network (Facebook, MySpace, …) credentials, which enabled the investigators to remotely monitor these accounts from Headquarters without the need to be close to the Target.

Several customers used the FinIntrusion Kit to successfully compromise the security of networks and computer systems for offensive and defensive purposes using various Tools and Techniques.

The password ‘sniffer’ is described thus:

LAN/WLAN Active Password Sniffer
Captures even SSL-encrypted data like Webmail, Video Portals, Online-Banking and more.

It’s ability to gain access remotely:

Usage Example 1: Covert Operation
A source in an Organized Crime Group (OCG) was given a FinUSB Dongle that secretly extracted Account Credentials of Web and Email accounts and Microsoft Office documents from the Target Systems, while the OCG used the USB device to exchange regular files like Music, Video and Office Documents.

After returning the USB device to Headquarters the gathered data could be decrypted, analysed and used to constantly monitor the group remotely.

A worrying feature is the ability of Finspy to operate around the world:

FinSpy has been proven successful in operations around the world for many years, and valuable intelligence has been gathered about Target Individuals and Organizations.
When FinSpy is installed on a computer system it can be remotely controlled and accessed as soon as it is connected to the internet/network, no matter where in the world the Target System is based.  [our italics]

Since many dissidents or people in opposition to a particular regime have fled to Europe including the UK, it leaves open the question of whether this equipment is being used to monitor people now living in the UK.  This was a point made by Privacy International.

The firm also offers training and the list of courses tell their own chilling story:

Sample Course Subjects

· Profiling of Target Websites and Persons

· Tracing anonymous Emails

· Remote access to Webmail Accounts

· Security Assessment of Web-Servers & Web-Services

· Practical Software Exploitation

· Wireless IT Intrusion (WLAN/802.11 and Bluetooth)

· Attacks on critical Infrastructures

· Sniffing Data and User Credentials of Networks

· Monitoring Hot-Spots, Internet Cafés and Hotel Networks

· Intercepting and Recording Calls (VoIP and DECT)

· Cracking Password Hashes

The literature refers several times to ‘organised crime groups’ and this equipment is likely to be of value to police forces acting to stop such activity in their country.  The problem is that countries like Bahrain are likely to use these methods against democracy and human rights campaigners.

Implications

The law firm Leigh Day in London launched a claim in 2019 on behalf of four Bahraini nationals who had been targeted using information obtained using this technology.  Privacy International identified Gamma as having sold this technology to Bahrain:

In 2012, Citizen Lab, a think-tank operating out of the Munk School of Global Affairs at the University of Toronto, came across evidence suggesting that Gamma International, a multinational technology corporation with offices across the world, sold a form of malware called FinFisher to Bahrain. Bahraini activists, amongst others, were seriously concerned: FinFisher gives its operator complete access to a target’s computer and mobile phone. That kind of technology in the hands of a state like Bahrain, with its record of human rights abuse, would put at risk a great many people’s lives.

Gamma emphatically denied selling this kit to Bahrain.  However, documents subsequently discovered provided evidence that they had already done so.   The cruel treatment of these elderly individuals is described in an Amnesty report and includes the denial of medical treatment and medication.  A solicitor acting for Gamma says there is no evidence of the firm being involved in human rights abuses and they will defend the claim being made against them.

Gamma are not the only firm selling this equipment.  The UK government has been, and is planning to again, to run the secretive exhibition keeping close control over who attends and keeping anyone away who might question its ethics.  The UK government has made no comment on the actions of the Bahraini authorities, or the allegations of Gamma’s alleged involvement.  If the surveillance by the Bahraini authorities is carried out on computers located within the UK, it is unlawful.

It appears to be a worrying sign of increasing indifference by the UK government of the effects on ordinary people living under oppressive regimes who suffer from the use of arms and surveillance equipment supplied by firms based here in the Britain.  It is inconceivable that GCHQ is unaware of what this firm is doing and its client list around the world which includes several of these regimes.  This indifference is damaging to our reputation and parliamentarians should be asking searching questions of the minister.  The British government has many relationships with the Bahraini royal family.  The Queen and other members of the royal household meet quite regularly.  Today, (10 February 2020) it was reported that Liam Fox met the Bahraini crown prince to lobby on behalf of Petrofac, the owner of which is a major Conservative party donor (£800,000).  It seems quite clear that trade considerations trump human rights issues in government thinking.

Sources:  Amnesty International; Campaign Against the Arms Trade; Citizen’s Lab (Canada); WikiLeaks; Gamma; VICE; the Guardian; Privacy International


If you want to join the Salisbury group you would be most welcome.  We meet every second Thursday (except August) in Victoria Road at 7:30.  Otherwise keep an eye on this site, on Facebook or Twitter and make yourself known at one our events.

 

 

Comments
  1. […] regard will be given to human rights in the rush to secure trade agreements around the world.  In our last post, we highlighted a Salisbury firm which is alleged to sell spyware equipment to enable regimes with […]

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.