IT intrusion tools tested by Egyptian government.
Last month, activists stormed the offices of the Egyptian State Security Investigations Service (Mabahith Amn al-Dawla). Inside, they discovered a proposal offering SSIS access to IT intrusion tools used for surveillance. Given recent events in Egypt, and a free trial of the proposed software, there is little doubt what the SSIS used it for.
A risky vertical market:
As noted by Eli Lake of The Washington Times, the uncovered proposal from Gamma International - for what is pitched as an IT Intrusion system named FinFisher - is just another example of how Western companies who deal in surveillance and intelligence are expanding to other markets. In this case, the proposal made it to the security arm of Egypt's Ministry of Interior, a market with some questionable history.
Egypt’s SSIS has had “excellent and strong” relations with the FBI, as noted by remarks made by agency head, Hassan Abdul Rahman, during a meeting in 2007 with the now former FBI Deputy Director, John Pistole. These relations were a “great benefit” given the value derived from training opportunities at the FBI Academy in Quantico, VA. In addition to training, the FBI wanted to share other resources with the SISS, including fingerprint data and DNA. [Source]
During the meeting, the two directors talked about the Egyptian Muslim Brotherhood, political activists classified as terrorists by the Egyptian government, before the topic turned to freedom of expression, with a special focus on the Internet. At one point, Rahaman remarked that the “Internet is a dangerous place.”
Referencing the challenges posed by the Web, he said, “…a young Egyptian can become radicalized without even leaving his home - he just surfs various Jihadi websites.”
While the diplomatic talk centered on terrorism, both within Egypt and abroad, the undertone was how the Internet is being used to spread ideas. This is something the SSIS clearly did not want to happen. Controlling and denying access to information online is justified in the case of terrorism, but the problem is that the methods used to curb terror were also used to target activists and other civilians.
Over the years, the SSIS has been linked to torture, by both international watchdogs and citizens alike, as well as several other human rights violations. The Committee to Protect Journalists ranks Egypt as one of the ten worst countries in which to be a blogger, and reports that the authorities monitor internet traffic to gather information on potential targets for legal action.
“In one high-profile case in June, Alexandria-based blogger Khaled Said was beaten to death in public by security forces after he posted a video recording of police sharing the spoils of a drug bust. Widespread riots over the killing seemed to have no deterrent effect, as at least one other civilian, Ahmed Shabaan, was found beaten to death in October after being detained in the same police precinct as Khaled Said.” [Source]
According to the U.S. State Department’s 2010 Human Rights Report, Egypt, “…required Internet cafes to gather personal information of Internet users, including names, e-mail addresses, and telephone numbers. During the year police harassed, detained, and allegedly abused certain bloggers and Internet activists.” [Source]
In both examples, the actions taken would have come from the SSIS, as they controlled the Investigative Bureau, the Security Court, and Security Prosecution, arms of the Egyptian government. It has been reported in several media outlets that many of the people who took part in the protests earlier this year were viewed as terrorists or traitors by the government.
All things considered, Gamma International’s offering of a streamlined intrusion system would have been seen as a golden egg to the SSIS. But what exactly did they offer?
It was Gamma International, via a proxy listed as Modern Communication Systems (MCS), who pitched the use of FinFisher software SSIS. Gamma says on their website that FinFisher is sold only to government intelligence services and law enforcement. According to marketing information, Gamma’s FinFisher portfolio offers:
- The Remote Monitoring and Infection Solutions are used to access target systems giving full access to stored information with the ability to take control of the target systems functions to the point of capturing encrypted data and communications. In combination with enhanced remote infection methods, the Government Agency will have the capability to remotely infect target systems.
- The IT Intrusion Training Program includes courses on both, products supplied as well as practical IT Intrusion methods and techniques. This program transfers years of knowledge and experience to end users, thus maximizing their capabilities in this field.
[Note: MCS is not MCS Holdings. They are two separate companies.]
According to an outline of a 2010 presentation by Gamma’s Marketing Manager, Johnny Debs, the “need for IT intrusion within the intelligence community spawned the FinFisher portfolio. FinFisher combines offensive IT Intrusion methods of different applications and areas into one comprehensive portfolio covering all major fields of operation.”
His presentation would cover “hacking technologies” as well as “Trojan Horse Technologies” and “Hacking Training”, presumably using FinFisher as the main tool while covering these topics. [Source]
In addition to FinFisher, Gamma International offers a wide range of services including GSM, GPRS, and UMTS monitoring, passive telephone monitoring, SMS interception, speech identifying tools, and RF monitoring. [Source]
Based on translations of the documents recovered from what was left of the SSIS offices, the Egyptian government tested FinFisher for at least three weeks, but no longer than five months. The free trial was thanks to MCS, who offered a laptop preloaded with the needed software in order to move the deal along. After the trial ended, an internal memo reported positive results. [Source] [Details on the SSIS raid]
“The five month free trial showed the following [results]: The system has a high-level penetration of any type of email (Hotmail, Google, Yahoo). It’s also successful in penetration of Skype,” the memo explains.
“It also has the option of leaving a Trojan Horse, which enables recording of voice and video chats; recording the movement of the target by using his computer and even recording him if the computer has a camera; full control of the target computer and the ability to copy anything on his computer.”
Based on the documents, the total charge for the full FinFisher package, consisting of FinSpy Remote Intrusion, FinFly Remote Infection, licenses, training, and hardware, as well as additional support, equaled ŁE 3,382,998.81 EGP ($568,570.46 USD / €387,204.51 EUR)
Peter Lloyd, an attorney for Gamma International, told The Washington Times that Gamma complies, “in all its dealings with all applicable U.K. laws and regulations…Gamma did not supply to Egypt, but in any event it would not be appropriate for Gamma to make public details of its transactions with any customer.”
This is completely true, as the usage of FinFisher by the SSIS appears to be allowed under U.K. law. While researching, we found nothing that would suggest it is illegal for a U.K.-based firm to sell products to the Egyptian government. Still, it’s clear that the SSIS didn’t purchase FinFisher. Instead, they leveraged the free trial, as evident in the internal notes on the testing.
During this time, there were countless reports from Egypt of protesters who were intimidated, arrested, beaten, and killed for their roles in what is now called the Egyptian Revolution. These protestors were in the streets as well as online, making them easy targets for the SSIS.
“A word of caution… Just because this recent disclosure is all about FinFisher’s use in Egypt, it doesn’t mean that non-Egyptian individuals or businesses aren’t being similarly monitored. If you’ve been traveling to Egypt over the last few months or using your laptop in the region, you may have been targeted and subsequently infected...,” Gunter Ollmann, the VP Research at Damballa noted in a blog post on FinFisher.
The idea that Egypt was testing and using this sort of technology shouldn’t surprise anyone. It is another example of how technical innovations can be abused by a government. Clearly, this problem isn’t just confined to Egypt.
Here in the U.S., three data intelligence firms were busted attempting to pitch plans, which would have amounted to a criminal abuse of authority by the U.S. government and a serious violation of law by firms in the private sector. [Story]
As the Egyptian Revolution gained momentum earlier this year, one of the largest demands was the abolishment of the SSIS entirely. Those demands were met in March, when the Ministry of Interior dissolved the agency. Still, there are some complaints from the public, as members of the old SSIS are taking positions in other parts of the government.
For now, the head of the SSIS, as well as his immediate successor, are reported to have been arrested on suspicion of ordering demonstrators killed. Earlier this month, an Egyptian court ruled that funds and property are to be turned over to the government, as it dissolved the former ruling National Democratic Party (NDP).
As reported by Al Jazeera, the NDP stood accused of corruption.
“The move to dissolve NDP was the latest concession by Egypt's military rulers to demands of the protest movement, coming days after Mubarak and his sons were put under detention for investigation on allegations of corruption and involvement in the killing of protesters,” the new agency reported.
From our Other Sites
This Japanese guy cooks up some pancakesâ€¦nothing special there right? Well he uses tiny implements to do it and makes perfect little pancakes. Kinda cool and they look tasty!
Well this one has been trending all over the web, just what color is this dress? It all started in Scotland when the mother of a bride-to-be sent a picture to her daughter asking what she thought of the dress. The bride and groom each saw the image differently, this then got posted online and picked up by some viral sites. The lighting in photo is probably causing different people to see it as either white and gold or blue and black. Prof Stephen Westland, chair of color science and technology at a University in the UK told the BBC that it was impossible to see what other people see but that it was most [â€¦]
Some great shots of the forthcoming McLaren 675LT. This coupe will get you to 60mph in less than 2.9 second and go all the way to 205mph.
McLarenâ€™s 675LT will debut at this yearâ€™s Geneva show and promises some eye-popping performance. The coupe only 675LT has a 3.8 liter V8 that will get you from 0-60mph in less than 2.9 seconds and to 124mph in less than 7.9 secondsMore than a third of the parts have been changed compared with its stable mate [â€¦]
Some cool McLaren 675LT Wallpaper. The McLaren 675LT is the latest coupe to come from the supercar maker and has a top speed of 205mph.Click on an image to open a page with multiple sizes that you can download to use as wallpaper for your mobile or desktop.More McLaren Wallpaper.
This crab is minding its own business searching the rock pools for food when suddenly an octopus leaps out of the water and grabs it. The amazing thing is that the octopus does not just jump on the crab it actually pulls it all the way back to the rock pool it came from. If you check the second video you will see it is not unknown for octopus to come out of the water and the one in the second video has a crab with it, though is not hunting one! Octopus Walks on Land at Fitzgerald Marine Reserve The video was taken by Porsche Indrisie in Yallingup, Western [â€¦]
This image by the Curiosity Mars rover is not exactly your typical selfie. It is made up of a bunch of images taken by the rover during January 2015 by the Mars Hand Lens Imager. This (MAHLI) camera is at the end of the robotâ€™s arm. For a sense of scale the roverâ€™s wheels are about 20 inches diameter and 16 inches wide. Check the annotated image below for more information on the surroundings. Also if you really want to see some detail click this very large image, 36mb, at NASA.
This cool video from NASA shows how dust is transferred across the Atlantic to the Amazon rainforest and helps nourish the plants growing there. For the first time scientists have measured the amount of dust and the amount of phosphorus in the dust. The later acts like a fertiliser and helps replenish the phosphorus the rainforest loses each year, around 22,000 tons. Amazing how something we perceive as being desolate like a desert actually has an important role in sustaining somewhere we see as teeming with life. Image and video from NASAâ€™s Goddard Space Flight Center.
This amazing video shows a laser guided bomb bouncing back up after hitting its target. We actually think this is a non-explosive bomb designed to test guidance systems but it is still pretty remarkable and somewhat scary.
This amazing footage taken from the CCTV on a passing bus shows the moment two pedestrians in South Korea fall down a sinkhole in the street! Rescue workers managed to save the pair, who were treated in a nearby hospital for minor injuries. According to reports the city authorities and the Korean Geotechnical Society are looking into the cause.