Wikileaks SpyFiles Show Surveillance Industry ‘Thriving Unchecked’

Thomas Brewster,
surveillance cyber crime, cyber intelligence

TechWeek digs into Wikileaks files to find a British supplier is implicated in selling to repressive regimes for significant sums

Wikileaks has released a fresh trove of files on the surveillance industry, raising concerns about an “unchecked” market where Western companies are selling Trojans and other spying kit to repressive regimes for vast sums of money.

Companies that have previously faced scrutiny from human rights bodies, including British supplier Gamma International, exploit seller VUPEN and Italian organisation HackingTeam, featured heavily in the leaks.

Privacy and security experts told TechWeekEurope the Wikileaks SpyFiles show “studies of, installations in and trips to highly repressive countries” by surveillance suppliers, who are doing business “unchecked”.

British surveillance seller in repressive nations

Wikileaks Julian Assange © haak78 / Shutterstock.comGamma was shown to be selling its FinSpy kit, which includes Trojans for infecting mobile and desktop machines, for hundreds of thousands of pounds, working closely with a reseller called Dreamlab. FinSpy support, for instance, cost over €255,000 (£215,000) for one year, according to the document.

The global trade of surveillance technology is estimated to be worth up to $5 billion a year.

Gamma and Dreamlab salespeople appear to have travelled to a number of nations with poor reputations when it comes to human rights too, including Qatar, UAE, Ethiopia and Equatorial Guinea.

One file details a Gamma and Dreamlab FinFly ISP project seemingly for the Turkmenistan government. “The System(s) to be deployed in this project can only INFECT international traffic of ADSL, dial-up and the fixed IP-Address broadband subscribers in Turkmen Telecom network and Mobile Subscribers using a Notebook / PC as the terminal to access the Internet via the Gateways between the Mobile Network Provider TMCell and Turkmen Telecom,” the file read.

Citizen Lab said the document was consistent with its discovery of a FinSpy command and control server on a Turkmenistan government network.

FinFly appears to have several modes of operation, one of which is infecting updates to popular software, including OpenOffice and the Winamp media player, Citizen Lab’s Bill Marczak told TechWeekEurope. It appears FinFly sends out spy kit masquerading as an installer for almost any executable imaginable, from Google Chrome to flash players.

“One thing that particularly struck me, especially from the Turkmenistan infection proxy docs, is that there was a very deliberate consulting and study process, involving members of Gamma and DreamLab on the ground in country,” Marczak said.

“This is a country whose president was elected in 2007 in polls described as ‘blatantly falsified’, and again in 2012 with 97 percent of the vote.

“I wonder, what did these Gamma and DreamLab people think they were doing in Turkmenistan?  What did they think this was going to be used for?  If you don’t draw a line at Turkmenistan, where do you draw it?”

Marczak was also concerned about where VUPEN could be selling its zero-day exploits, given one leak showed it was willing to sell to NATO, ASEAN, and AZNUS partner countries, including the UAE and Morocco. Both countries have been implicated in using malicious software and hacking techniques to watch over citizens.

Global surveillance boom

Calls are now emerging from the privacy community to fix regulation that lets Western companies sell such digital spy kits to apparently repressive regimes.

Many privacy advocates also want more transparency from governments and industry players. Gamma, Dreamlab and VUPEN had not responded to requests for comment at the time of publication.

Privacy International, which worked on the FinSpy documents with Wikileaks, is taking the UK government to court after the HMRC refused to release information about Gamma export practices.

“The documents released [by Wikileaks] highlight the surveillance industry that continues to grow unchecked around the world. The documents reveal just how involved surveillance contractors are with the purchasing governments, refuting company denials that they don’t know how their technology is being used,” Eric King, head of research at Privacy International, told TechWeek.

“The companies are selling surveillance as a consultancy service, directly assisting repressive regimes in their targeting of pro democracy activists and human rights defenders.”

Along with the revelations of NSA whistleblower Edward Snowden, the leaks have shown mass surveillance is carried out globally, with vendors benefitting greatly from the boom in digital interception.

Shhh! Don’t look at our whistleblowers quiz!