Posts Tagged ‘Porton’


Firm based in Porton accused of selling spy equipment to harsh regimes

Considerable interest has been aroused in the last month or so concerning the use of Huawei technology to provide 5G connectivity in the UK.  Other countries in the ‘Five Eyes’ group – USA, Australia, Canada and New Zealand – will not use this equipment because of fears of intrusion by the Chinese state.  The worry is that the Chinese will gain a backdoor entry into our messages, emails and the like thus compromising our security.  For weeks, the issue has been discussed and could well have repercussions as far as our relationship with the Americans is concerned.

It was not that long ago that the UK and USA were revealed to be invading people’s messages on an industrial scale via the Prism and Tempora programmes.  21 petabytes of data are downloaded a day and there is huge process involved in sifting and selecting the messages which have been intercepted.  It therefore seems inconsistent to be worrying about Chinese intrusion when our own governments are heavily involved in doing the same thing.  The difference is one is our own people and the others are Chinese.  It is claimed that only metadata is collected by GCHQ.

The UK government sponsors an exhibition of security equipment at an event called Security and Policing held at Farnborough.  It is a similar exhibition to DSEI which takes place in London – also supported by the UK government – where arms firms exhibit their wares.  The guest list of both events reveal a range of authoritarian regimes as customers keen to get access to weapons and security equipment with which to maintain their hold on power.  Huawei has achieved considerable publicity for something they claim does not and will not happen while, by contrast, surveillance which is happening receives almost no coverage at all.

What do we mean by … ?

Of course, a lot depends on what we mean by ‘police’ and ‘security’.  Police forces around the world need equipment with which to tackle organised crime, drug smuggling, people trafficking and the like.  Countries might legitimately need equipment to intercept and interdict attempts to commit terrorist offences or attack their citizens.  The difference occurs when this equipment is used to silence critics of the regime, arrest and mistreat them or cause them to disappear.  If people who are peacefully protesting, seeking democracy, acting as human rights defenders or pursuing human rights, have their communications, emails and computers intercepted and compromised using UK manufactured kit then it can be argued this is wrong.  The government goes to great lengths to keep this activity confidential running the only closed event in the country, suggesting it knows that it is potentially damaging.  A member of the parliamentary Arms Export Committee, Lloyd Russell-Moyle, was barred from entering the 2019 exhibition which he said was deeply alarming.

Meanwhile, here in Salisbury …

In the village of Porton, just outside Salisbury – the same village as in Porton Down – is a firm, Gamma TSE which makes this equipment Finfisher and the aptly called Finspy.  What it does was hard to discover exactly but thanks to Wikileaks, details of its equipment are available for all to see.  A pdf which provides comprehensive details of the firm’s spying capabilities to covertly extract data from a computer system, bypass password protection and obtain information from a bank are all described in great detail.  Examples of its extensive interception capabilities are described in information sheets:

The FinIntrusion Kit was used to break the WPA encryption of a Target’s home Wireless network and then monitor his Webmail (Gmail, Yahoo, …) and Social Network (Facebook, MySpace, …) credentials, which enabled the investigators to remotely monitor these accounts from Headquarters without the need to be close to the Target.

Several customers used the FinIntrusion Kit to successfully compromise the security of networks and computer systems for offensive and defensive purposes using various Tools and Techniques.

The password ‘sniffer’ is described thus:

LAN/WLAN Active Password Sniffer
Captures even SSL-encrypted data like Webmail, Video Portals, Online-Banking and more.

It’s ability to gain access remotely:

Usage Example 1: Covert Operation
A source in an Organized Crime Group (OCG) was given a FinUSB Dongle that secretly extracted Account Credentials of Web and Email accounts and Microsoft Office documents from the Target Systems, while the OCG used the USB device to exchange regular files like Music, Video and Office Documents.

After returning the USB device to Headquarters the gathered data could be decrypted, analysed and used to constantly monitor the group remotely.

A worrying feature is the ability of Finspy to operate around the world:

FinSpy has been proven successful in operations around the world for many years, and valuable intelligence has been gathered about Target Individuals and Organizations.
When FinSpy is installed on a computer system it can be remotely controlled and accessed as soon as it is connected to the internet/network, no matter where in the world the Target System is based.  [our italics]

Since many dissidents or people in opposition to a particular regime have fled to Europe including the UK, it leaves open the question of whether this equipment is being used to monitor people now living in the UK.  This was a point made by Privacy International.

The firm also offers training and the list of courses tell their own chilling story:

Sample Course Subjects

· Profiling of Target Websites and Persons

· Tracing anonymous Emails

· Remote access to Webmail Accounts

· Security Assessment of Web-Servers & Web-Services

· Practical Software Exploitation

· Wireless IT Intrusion (WLAN/802.11 and Bluetooth)

· Attacks on critical Infrastructures

· Sniffing Data and User Credentials of Networks

· Monitoring Hot-Spots, Internet Cafés and Hotel Networks

· Intercepting and Recording Calls (VoIP and DECT)

· Cracking Password Hashes

The literature refers several times to ‘organised crime groups’ and this equipment is likely to be of value to police forces acting to stop such activity in their country.  The problem is that countries like Bahrain are likely to use these methods against democracy and human rights campaigners.

Implications

The law firm Leigh Day in London launched a claim in 2019 on behalf of four Bahraini nationals who had been targeted using information obtained using this technology.  Privacy International identified Gamma as having sold this technology to Bahrain:

In 2012, Citizen Lab, a think-tank operating out of the Munk School of Global Affairs at the University of Toronto, came across evidence suggesting that Gamma International, a multinational technology corporation with offices across the world, sold a form of malware called FinFisher to Bahrain. Bahraini activists, amongst others, were seriously concerned: FinFisher gives its operator complete access to a target’s computer and mobile phone. That kind of technology in the hands of a state like Bahrain, with its record of human rights abuse, would put at risk a great many people’s lives.

Gamma emphatically denied selling this kit to Bahrain.  However, documents subsequently discovered provided evidence that they had already done so.   The cruel treatment of these elderly individuals is described in an Amnesty report and includes the denial of medical treatment and medication.  A solicitor acting for Gamma says there is no evidence of the firm being involved in human rights abuses and they will defend the claim being made against them.

Gamma are not the only firm selling this equipment.  The UK government has been, and is planning to again, to run the secretive exhibition keeping close control over who attends and keeping anyone away who might question its ethics.  The UK government has made no comment on the actions of the Bahraini authorities, or the allegations of Gamma’s alleged involvement.  If the surveillance by the Bahraini authorities is carried out on computers located within the UK, it is unlawful.

It appears to be a worrying sign of increasing indifference by the UK government of the effects on ordinary people living under oppressive regimes who suffer from the use of arms and surveillance equipment supplied by firms based here in the Britain.  It is inconceivable that GCHQ is unaware of what this firm is doing and its client list around the world which includes several of these regimes.  This indifference is damaging to our reputation and parliamentarians should be asking searching questions of the minister.  The British government has many relationships with the Bahraini royal family.  The Queen and other members of the royal household meet quite regularly.  Today, (10 February 2020) it was reported that Liam Fox met the Bahraini crown prince to lobby on behalf of Petrofac, the owner of which is a major Conservative party donor (£800,000).  It seems quite clear that trade considerations trump human rights issues in government thinking.

Sources:  Amnesty International; Campaign Against the Arms Trade; Citizen’s Lab (Canada); WikiLeaks; Gamma; VICE; the Guardian; Privacy International


If you want to join the Salisbury group you would be most welcome.  We meet every second Thursday (except August) in Victoria Road at 7:30.  Otherwise keep an eye on this site, on Facebook or Twitter and make yourself known at one our events.

 

 


F1 race to go ahead despite widespread human rights infringements in Bahrain

All you need to know about Halo ahead of the 2018 F1 seasonSport is being used more and more to present a sanitised view of a country and to hide or obscure human rights abuses.  Russia with the Olympics and Qatar with the World Cup are both examples of dubious regimes using sport to enhance their image.  In the case of FIFA there is the issue of massive corruption within the organisation itself.

The latest example is Formula 1 and the race to take place in Bahrain.  The country has scant regard for human rights.  Arrests, unfair trials, the use of torture are all commonplace.  In 2017 the last newspaper was closed down.  In a previous blog, we highlighted a local firm in Porton (a village near Salisbury, UK) which supplies spyware to this regime.

As the US State Dept. said in a report on the country in 2017:

The most significant human rights issues [in Bahrain] included reports of arbitrary or unlawful killings by security forces; allegations of torture of detainees and prisoners; harsh and potentially life-threatening conditions of detention; arbitrary arrest and detention; political prisoners; unlawful interference with privacy; restrictions on freedom of expression, including by the press and via the internet; restriction of academic and cultural events; restrictions on the rights of association and assembly; allegations of restrictions on freedom of movement, including arbitrary citizenship revocation; and limits on Shia political participation.

Further examples of abuse of human rights can be found in a Human Rights Watch report.  Amnesty international has also produced a report saying similar things.

The F1 site itself claims to respect human rights issues in its policy;

  1.  The Formula 1 companies are committed to respecting internationally recognised human rights in its operations globally.

The problem is they do not.  Before races there is a severe clampdown in the area and protestors can be shot.  The Bahrain Institute for Rights and Democracy is one of 15 human rights organisations to have written to F1 president Jean Todt calling on them to act in the case of Najah Yusuf who was imprisoned last year for criticising the regime on Facebook.  The response yesterday is not encouraging:

It’s quite easy,” he said. “We are here for a sport event, not for a political event. That means – first of all, I was surprised that there are still some political turmoil which I don’t think is the reality.

I think that the reality is just that a few people want to create troubles and Formula One is here to make sport, to entertain the people.  We should not be involved in any political questions.  This, people should do, who are here, who are living here. The government, whoever, that’s their job, not our job.  [Statement 30 March 2019, Our italics]

Which rather conflicts with its policy statement above.  It seems as though nothing a country does can stop the likes of F1 or other sporting regimes from carrying on their activities in a country with dubious or dire human rights.  As long as the money’s right …


Observer publishes article about use of spyware

Today’s (17 March 2019) UK Observer newspaper published a story about the use of spyware around the world and in particular by countries known for their poor human rights record.  These include Indonesia, Saudi Arabia and Bahrain.

Readers of this blog will know that this has been going on for some time and a report by the University of Toronto’s Citizen’s Lab has been compiling evidence of this activity and publishes reports of the use of spyware around the world.  Other organisations like Privacy International are also concerned.

What the Observer article reveals is the scale of the UK’s exports which have amounted to £75m since 2015.  Human Rights groups are concerned at this trade since it enables authoritarian governments to penetrate the devices of anyone it doesn’t like and gather information at will from their equipment.   The equipment is capable of intercepting email, instant messaging and VoIP communications, as well as spying on users through webcams and microphones and transmitting the data to a command-and-control server.

In addition to the scale of trade, is the issue of secrecy and attempts to get details of what and who is being supplied from Department of International Trade using FOI are largely fruitless.  The concern is that what matters is trade and not the purposes to which the equipment is put.

Part of the units occupied by Gamma in Porton

Porton Business Centre

This is of interest in the Salisbury area because one of the firms which manufactures this equipment called Finspy is a firm called GammaTSE based in the village of Porton not far from the city (and not far from Porton Down, the chemical weapons centre – the same Porton).  A report by the University of Toronto in 2013 found Finspy installed in 36 countries.  The firm’s website coyly describes its service thus;

GammaTSE has been supplying government agencies worldwide with turnkey surveillance projects since the 1990s.  GammaTSE manufactures highly specialized surveillance vehicles and integrated surveillance systems, helping government agencies collect data and communicate it to key decision-makers for timely decisions to be made.

An earlier post described the firm’s activities in more detail.  The UK is therefore heavily involved in a trade which allows governments to intercept messages of human rights activists, opposition members, journalists and more or less anyone it does not like.

 

 


A Salisbury based firm, Gamma TSE, has been accused of supplying spyware to enable Bahraini activists to be arrested

UPDATE 15 March 17

Extract from a recent University of Toronto report:

[…] Far from using this spyware solely to track what might be considered legitimate targets, these countries and their shadowy agencies have repeatedly used them to get inside the computers of human rights activists, journalists, opposition politicians, and even health advocates supporting a soda tax in Mexico. Some of the victims of these campaigns have found themselves arrested and tortured. Leaked emails from certain companies reveal that, despite public assurances by executives, the vendors seem cavalier about these type of abuses, have few internal checks in place to prevent them, and, indeed, knowingly court the clandestine agencies responsible for such abuses. Despite these alarming incidents, however, the dynamics of and participants in the market at large remain opaque. 

While arguments rage in the USA concerning the alleged interference by Russia of the

Porton Business Centre

Porton Business Centre

presidential elections, a secretive Salisbury based firm, Gamma TSE, has been accused by the Organisation for Economic Cooperation and Development of supplying software called FinFisher or FinSpy to the authorities in Bahrain and elsewhere.  This software enables intelligence agencies to insert Trojan software into computers and mobile phones.  This in turn enables people critical of the regime to be tracked and if necessary arrested by the security services.  The University of Toronto’s Citizen Lab is documenting the widespread use of this spying software.

Privacy International, Bahrain Watch, the Bahrain Centre for Human Rights and Reporters Without Borders lodged a complaint with the European Centre for Constitutional and Human Rights.  They allege that the equipment is used by repressive regimes to harass and target dissidents, politicians and human rights activists.

Our involvement with repressive states – especially those in the Gulf – is well-known and Theresa May recently visited Bahrain to promote business interests in the kingdom.  As we have noted many times before, there seems little interest in the consequences of our arms and security companies activities on the ordinary people who live in those countries, the death and destruction in Yemen being particularly awful.

Part of the units occupied by Gamma in Porton

Part of the units occupied by Gamma in Porton

Gamma is again in the news today (9 January 2017, p13) in a Times article entitled ‘No 10 linked to spyware in human rights row’ which reveals that despite the criticism by the OECD, they have been invited to the Home Office sponsored International Security and Policing exhibition in London.  Amnesty reports show that the human rights situation in Bahrain is very poor with reports of torture and other forms of abuse:

[it] details dozens of cases of detainees being beaten, deprived of sleep and adequate food, burned with cigarettes, sexually assaulted, subjected to electric shocks and burned with an iron.  One was raped by having a plastic pipe inserted into his anus.

It said the report showed torture, arbitrary detentions and excessive use of force against peaceful activists and government critics remained widespread in Bahrain.

The OECD report was not conclusive about Gamma as it was a ‘reluctant participant in the proceedings refusing to productively engage in a September 2013 mediation and employed stalling efforts.’

Privacy International say:

Gamma has proven itself to be and irresponsible corporate actor that is indifferent to the human rights impacts of its activities.

The Amnesty report also says:

The government [of Bahrain] continued to curtail freedoms of expression, association and assembly and cracked down further on online and other dissent. Opposition leaders remained imprisoned; some were prisoners of conscience. Torture and other ill-treatment remained common. Scores were sentenced to long prison terms after unfair trials. Authorities stripped at least 208 people of their Bahraini nationality. Eight people were sentenced to death; there were no executions.

A firm helping regimes with a record of mistreating its citizens and regularly using torture, is based in the village of Porton, near Salisbury, Wiltshire.