Posts Tagged ‘Gamma’


Firm based in Porton accused of selling spy equipment to harsh regimes

Considerable interest has been aroused in the last month or so concerning the use of Huawei technology to provide 5G connectivity in the UK.  Other countries in the ‘Five Eyes’ group – USA, Australia, Canada and New Zealand – will not use this equipment because of fears of intrusion by the Chinese state.  The worry is that the Chinese will gain a backdoor entry into our messages, emails and the like thus compromising our security.  For weeks, the issue has been discussed and could well have repercussions as far as our relationship with the Americans is concerned.

It was not that long ago that the UK and USA were revealed to be invading people’s messages on an industrial scale via the Prism and Tempora programmes.  21 petabytes of data are downloaded a day and there is huge process involved in sifting and selecting the messages which have been intercepted.  It therefore seems inconsistent to be worrying about Chinese intrusion when our own governments are heavily involved in doing the same thing.  The difference is one is our own people and the others are Chinese.  It is claimed that only metadata is collected by GCHQ.

The UK government sponsors an exhibition of security equipment at an event called Security and Policing held at Farnborough.  It is a similar exhibition to DSEI which takes place in London – also supported by the UK government – where arms firms exhibit their wares.  The guest list of both events reveal a range of authoritarian regimes as customers keen to get access to weapons and security equipment with which to maintain their hold on power.  Huawei has achieved considerable publicity for something they claim does not and will not happen while, by contrast, surveillance which is happening receives almost no coverage at all.

What do we mean by … ?

Of course, a lot depends on what we mean by ‘police’ and ‘security’.  Police forces around the world need equipment with which to tackle organised crime, drug smuggling, people trafficking and the like.  Countries might legitimately need equipment to intercept and interdict attempts to commit terrorist offences or attack their citizens.  The difference occurs when this equipment is used to silence critics of the regime, arrest and mistreat them or cause them to disappear.  If people who are peacefully protesting, seeking democracy, acting as human rights defenders or pursuing human rights, have their communications, emails and computers intercepted and compromised using UK manufactured kit then it can be argued this is wrong.  The government goes to great lengths to keep this activity confidential running the only closed event in the country, suggesting it knows that it is potentially damaging.  A member of the parliamentary Arms Export Committee, Lloyd Russell-Moyle, was barred from entering the 2019 exhibition which he said was deeply alarming.

Meanwhile, here in Salisbury …

In the village of Porton, just outside Salisbury – the same village as in Porton Down – is a firm, Gamma TSE which makes this equipment Finfisher and the aptly called Finspy.  What it does was hard to discover exactly but thanks to Wikileaks, details of its equipment are available for all to see.  A pdf which provides comprehensive details of the firm’s spying capabilities to covertly extract data from a computer system, bypass password protection and obtain information from a bank are all described in great detail.  Examples of its extensive interception capabilities are described in information sheets:

The FinIntrusion Kit was used to break the WPA encryption of a Target’s home Wireless network and then monitor his Webmail (Gmail, Yahoo, …) and Social Network (Facebook, MySpace, …) credentials, which enabled the investigators to remotely monitor these accounts from Headquarters without the need to be close to the Target.

Several customers used the FinIntrusion Kit to successfully compromise the security of networks and computer systems for offensive and defensive purposes using various Tools and Techniques.

The password ‘sniffer’ is described thus:

LAN/WLAN Active Password Sniffer
Captures even SSL-encrypted data like Webmail, Video Portals, Online-Banking and more.

It’s ability to gain access remotely:

Usage Example 1: Covert Operation
A source in an Organized Crime Group (OCG) was given a FinUSB Dongle that secretly extracted Account Credentials of Web and Email accounts and Microsoft Office documents from the Target Systems, while the OCG used the USB device to exchange regular files like Music, Video and Office Documents.

After returning the USB device to Headquarters the gathered data could be decrypted, analysed and used to constantly monitor the group remotely.

A worrying feature is the ability of Finspy to operate around the world:

FinSpy has been proven successful in operations around the world for many years, and valuable intelligence has been gathered about Target Individuals and Organizations.
When FinSpy is installed on a computer system it can be remotely controlled and accessed as soon as it is connected to the internet/network, no matter where in the world the Target System is based.  [our italics]

Since many dissidents or people in opposition to a particular regime have fled to Europe including the UK, it leaves open the question of whether this equipment is being used to monitor people now living in the UK.  This was a point made by Privacy International.

The firm also offers training and the list of courses tell their own chilling story:

Sample Course Subjects

· Profiling of Target Websites and Persons

· Tracing anonymous Emails

· Remote access to Webmail Accounts

· Security Assessment of Web-Servers & Web-Services

· Practical Software Exploitation

· Wireless IT Intrusion (WLAN/802.11 and Bluetooth)

· Attacks on critical Infrastructures

· Sniffing Data and User Credentials of Networks

· Monitoring Hot-Spots, Internet Cafés and Hotel Networks

· Intercepting and Recording Calls (VoIP and DECT)

· Cracking Password Hashes

The literature refers several times to ‘organised crime groups’ and this equipment is likely to be of value to police forces acting to stop such activity in their country.  The problem is that countries like Bahrain are likely to use these methods against democracy and human rights campaigners.

Implications

The law firm Leigh Day in London launched a claim in 2019 on behalf of four Bahraini nationals who had been targeted using information obtained using this technology.  Privacy International identified Gamma as having sold this technology to Bahrain:

In 2012, Citizen Lab, a think-tank operating out of the Munk School of Global Affairs at the University of Toronto, came across evidence suggesting that Gamma International, a multinational technology corporation with offices across the world, sold a form of malware called FinFisher to Bahrain. Bahraini activists, amongst others, were seriously concerned: FinFisher gives its operator complete access to a target’s computer and mobile phone. That kind of technology in the hands of a state like Bahrain, with its record of human rights abuse, would put at risk a great many people’s lives.

Gamma emphatically denied selling this kit to Bahrain.  However, documents subsequently discovered provided evidence that they had already done so.   The cruel treatment of these elderly individuals is described in an Amnesty report and includes the denial of medical treatment and medication.  A solicitor acting for Gamma says there is no evidence of the firm being involved in human rights abuses and they will defend the claim being made against them.

Gamma are not the only firm selling this equipment.  The UK government has been, and is planning to again, to run the secretive exhibition keeping close control over who attends and keeping anyone away who might question its ethics.  The UK government has made no comment on the actions of the Bahraini authorities, or the allegations of Gamma’s alleged involvement.  If the surveillance by the Bahraini authorities is carried out on computers located within the UK, it is unlawful.

It appears to be a worrying sign of increasing indifference by the UK government of the effects on ordinary people living under oppressive regimes who suffer from the use of arms and surveillance equipment supplied by firms based here in the Britain.  It is inconceivable that GCHQ is unaware of what this firm is doing and its client list around the world which includes several of these regimes.  This indifference is damaging to our reputation and parliamentarians should be asking searching questions of the minister.  The British government has many relationships with the Bahraini royal family.  The Queen and other members of the royal household meet quite regularly.  Today, (10 February 2020) it was reported that Liam Fox met the Bahraini crown prince to lobby on behalf of Petrofac, the owner of which is a major Conservative party donor (£800,000).  It seems quite clear that trade considerations trump human rights issues in government thinking.

Sources:  Amnesty International; Campaign Against the Arms Trade; Citizen’s Lab (Canada); WikiLeaks; Gamma; VICE; the Guardian; Privacy International


If you want to join the Salisbury group you would be most welcome.  We meet every second Thursday (except August) in Victoria Road at 7:30.  Otherwise keep an eye on this site, on Facebook or Twitter and make yourself known at one our events.

 

 


A Salisbury based firm, Gamma TSE, has been accused of supplying spyware to enable Bahraini activists to be arrested

UPDATE 15 March 17

Extract from a recent University of Toronto report:

[…] Far from using this spyware solely to track what might be considered legitimate targets, these countries and their shadowy agencies have repeatedly used them to get inside the computers of human rights activists, journalists, opposition politicians, and even health advocates supporting a soda tax in Mexico. Some of the victims of these campaigns have found themselves arrested and tortured. Leaked emails from certain companies reveal that, despite public assurances by executives, the vendors seem cavalier about these type of abuses, have few internal checks in place to prevent them, and, indeed, knowingly court the clandestine agencies responsible for such abuses. Despite these alarming incidents, however, the dynamics of and participants in the market at large remain opaque. 

While arguments rage in the USA concerning the alleged interference by Russia of the

Porton Business Centre

Porton Business Centre

presidential elections, a secretive Salisbury based firm, Gamma TSE, has been accused by the Organisation for Economic Cooperation and Development of supplying software called FinFisher or FinSpy to the authorities in Bahrain and elsewhere.  This software enables intelligence agencies to insert Trojan software into computers and mobile phones.  This in turn enables people critical of the regime to be tracked and if necessary arrested by the security services.  The University of Toronto’s Citizen Lab is documenting the widespread use of this spying software.

Privacy International, Bahrain Watch, the Bahrain Centre for Human Rights and Reporters Without Borders lodged a complaint with the European Centre for Constitutional and Human Rights.  They allege that the equipment is used by repressive regimes to harass and target dissidents, politicians and human rights activists.

Our involvement with repressive states – especially those in the Gulf – is well-known and Theresa May recently visited Bahrain to promote business interests in the kingdom.  As we have noted many times before, there seems little interest in the consequences of our arms and security companies activities on the ordinary people who live in those countries, the death and destruction in Yemen being particularly awful.

Part of the units occupied by Gamma in Porton

Part of the units occupied by Gamma in Porton

Gamma is again in the news today (9 January 2017, p13) in a Times article entitled ‘No 10 linked to spyware in human rights row’ which reveals that despite the criticism by the OECD, they have been invited to the Home Office sponsored International Security and Policing exhibition in London.  Amnesty reports show that the human rights situation in Bahrain is very poor with reports of torture and other forms of abuse:

[it] details dozens of cases of detainees being beaten, deprived of sleep and adequate food, burned with cigarettes, sexually assaulted, subjected to electric shocks and burned with an iron.  One was raped by having a plastic pipe inserted into his anus.

It said the report showed torture, arbitrary detentions and excessive use of force against peaceful activists and government critics remained widespread in Bahrain.

The OECD report was not conclusive about Gamma as it was a ‘reluctant participant in the proceedings refusing to productively engage in a September 2013 mediation and employed stalling efforts.’

Privacy International say:

Gamma has proven itself to be and irresponsible corporate actor that is indifferent to the human rights impacts of its activities.

The Amnesty report also says:

The government [of Bahrain] continued to curtail freedoms of expression, association and assembly and cracked down further on online and other dissent. Opposition leaders remained imprisoned; some were prisoners of conscience. Torture and other ill-treatment remained common. Scores were sentenced to long prison terms after unfair trials. Authorities stripped at least 208 people of their Bahraini nationality. Eight people were sentenced to death; there were no executions.

A firm helping regimes with a record of mistreating its citizens and regularly using torture, is based in the village of Porton, near Salisbury, Wiltshire.