Looking back in hindsight at the FinFisher Spyware leak from 2014 shows many aspects of the major intelligence leaks of the last three years were all already out of the bag for those willing to look closely.
Although it failed to generate the same publicity level of Vault 7, it largely foreshadowed the illegal tools that were being created by private contractors for Federal intelligence agencies. Furthermore, its offshore structure used to enable documentation to be stored out of reach of legal bodies would be revisited a year later when the ICIJ group of journalists would break the Panama Papers revelations.
FinFisher is a range of spyware software created by Munich-based Gamma International, largely developed in Hampshire, England. The software boasts the ability to log keystrokes, record Skype conversations and transmit this data back to a central government server. Aside from the UK and US, who are able to surveil huge amounts of public data through their respective GCHQ and NSA agencies, this software is popular with government intelligence agencies worldwide as it bypasses encryption messengers and can report back information from the source without interception being necessary.
Despite it’s shadowy line of work, Gamma International ticked along without any significant controversy (aside from when Wikileaks obtained some marketing documents) until the Arab Spring revolutions in 2014 exposed how its software was a favourite of some of the world’s most brutal dictators. As citizens broke through the doors of Egyptian president Hosni Mubarek’s offices and his papers and computers were trawled though, it was eventually discovered that his administration had invested almost $300,000 for the German company’s services.
The spyware was installed onto the personal computers of an endless range of Egyptian subversive groups, from feminist bloggers to rappers, film critics and political candidates. It disguised itself as the Firefox browser, provoking a furious response from its developer Mozilla, as well as an iTunes software update. Once it was covertly installed it began to relay the personal communications of its victims.
Following the discovery of its use by the Egyptian regime, the Canadian group Citizen Lab began to analyse Gamma International. Through investigating client servers, they managed to make a full list of governments who were using the software, and this research was eventually reinforced by an internal leak of data including invoices.
Most damningly, the leaks proved that the software was sold directly to the leaders of Bahrain and Uganda, who subsequently used it to make life very difficult for dissidents and political opposition. This directly contradicted the earlier stance of Gamma, who claimed that they only did business with transparent and democratic governments.
Gamma International was established using a network of shell companies set up in the British Virgin Islands, enabling the anonymity of shareholding and keeping documentation containing the names of those purchasing the software well away from the prying eyes of European Union legal bodies. A mere year later the Panama Papers bombshell was dropped, exposing the same kind of setup being utilised by Central American druglords, European royal families and Middle-Eastern despots in order to launder money, hide assets from taxmen, and purchase weapons (and sarin gas, in the case of Bashar Al-Assad).
Ultimately, as the media furore surrounding the Panama Papers died down, so did attempts plug loopholes in legislation that enable offshore shell companies to thrive. Enquiries and commissions were set-up and ultimately disbanded, but no significant global treaties or international legislation have been signed in order to bring offshore financiers of crime to justice.
Another two years later, and CIA malware was published by Wikileaks in a release called Vault 7. This detailed software exploits that the CIA developed to infiltrate popular gadgets’ operating systems in order to collect public data.
In many ways the Vault 7 release came far too late; the malware and operating system exploits that the CIA had developed recklessly and often even without classification spread like wildfire, as one would expect considering the circulation of smartphones and laptops in 2017. There is no telling who currently is in possession of much of the source code.
Likewise back in 2014, the FinFisher surveillance software was operating under European Union data protection laws and international trade regulations that are supposed to prevent these kind of weapons from ending up the hands of violent and repressive end-users – it did not work. The software quickly circulated through the hands of security agents in Qatar, Turkmenistan, Nigeria and Venezuela – all of which had been vehemently criticised by the United Nations Human Rights Council long before the software was marketed and sold to parties in these nations.
If we needed any more proof that the development and implementation of surveillance tools with such capabilities as these can never successfully be quashed and maintained solely in the hands of responsible leaders then the Wikileaks Vault 7 release provided it 3 years later, echoing exactly the same problems as FinFisher.
We have hit the tip of the iceberg in regards to Government-sanctioned surveillance technology and the networks of private companies leaching off its profits. Increasingly unaccountable private contractors operate with impunity under the wing of government contracts and establish their businesses in a way that prohibits intrusion from tax or legal authorities from the nations in which they do business.
Until the government manage to seize back control of deep state organisations run amok, digital vigilantes and whistleblowers are the only ones dedicated to making an increasingly powerless public aware of what may be hidden in their laptops and smartphones.
Wikileaks Decrypted | FinFisher | Vault 7