Gamma International

logo Gamma InternationalGamma International offers advanced spyware, which has repeatedly been discovered in countries who mistreat journalists, like Bahrain and the United Arab Emirates. The Finfisher Technology sold by Gamma International is able to read encrypted files, emails and listen in to voice over IP calls. Among the targeted was Ala'a Shehabi, a journalist, university lecturer and activist from Bahrain, now living in London.

The company:

Gamma International is part of the UK-based Gamma Group, which specializes in surveillance and monitoring equipment (both on- and offline) as well as training services. Gamma has offices and subsidiaries in the United Kingdom, including the Channel Islands, and Germany, but also in Southeast Asia and the Middle East.[1]

The Gamma Group of companies, established in 1990, provides advanced technical surveillance, monitoring solutions, and advanced government training, as well as international consultancy to national and state intelligence departments and law enforcement agencies.[2]

Gamma International is owned by Louthean John Alexander Nelson,  son of Gamma Founder William Louthean Nelson, and Martin Johannes Münch (MJM). [3] Gamma is closely connected to German company Elaman ; the two companies are sharing an address and a phone number. Gamma has confirmed to Reporters Without Borders that Elaman is a retailer for its products.

Portfolio:

Gamma International sells interception equipment to government and law enforcement agencies exclusively. Its FinFisher Suite (which includes Trojans to infect PCs, mobile phones, other consumer electronics and servers, as well as technical consulting) is regarded as one of the most advanced in today's market. A computer or smartphone is remotely infected by a Trojan, which is then controlled by government agencies through command and control servers. A computer can be infected via false update notifications of software, malicious emails or through physical access to a machine. Finfisher also offers technology to infect an entire Internet cafe in order to survey all possible users. When installed, it is almost impossible to safely remove the Trojan. Also, there are no safe ways to circumvent Finfisher on an infected machine.

The software is said to be able to bypass common methods and anti-virus detection. It can listen in to Skype talks, chats and encrypted emails and is even able to turn on a computer’s microphone or webcam remotely. With FinFisher technology, it is even possible to gain access to encrypted files on a hard drive. Those Finfisher-features are promoted by the firm in different advertising videos.[4]

Involvement in Bahrain

In July 2012 news broke about a possible involvement of Finfisher Technology in Bahrain, where the situation for journalists is especially severe, and many are imprisoned or tortured. Bahraini journalist, activist and university lecturer Ala'a Shehabi, now residing in London, was sent infected emails, which she found to be suspicious. She forwarded them to experts for technical analysis. This led to the detection of signatures from Gamma's Finfisher Software.[5]

In a still ongoing process, Reporters Without Borders, together with Privacy International, the ECCHR, the Bahrain Centre for Human Rights and Bahrain Watch filed an OECD complaint, asking the National Contact Point in the United Kingdom to further investigate Gamma’s possible involvement in Bahrain.

Martin Münch, Chief developer and soon to be human rights officer of Gamma, claims that Bahrain stole a demo version of the software, modified it and now uses it to spy on journalists and dissidents[b].[6] Eric King, head of research at Privacy International said: "Integrating FinFisher in a country’s network is not an easy task. It requires careful planning and physical installation of proxy's and command and control servers to work. Simply stealing a demo copy is incredibly unlikely as no county sophisticated enough to be able to re-purpose FinFisher would bother using a commercial trojan in the first place." Bahrain Watch also obtained evidence that the FinFisher Servers in Bahrain receive regular updates. This is unlikely to happen if the software had been stolen.

Offer to Egypt

During a search of an Egyptian intelligence agency office in 2011, human rights activists found a contract proposal with an offering from Gamma International to sell FinFisher to Egypt. The company said that no deal has been made.

Other known appearances

Earlier this year, a study by Rapid7, an Internet security firm, identified FinSpy – the control software for FinFisher command-and-control servers – as being active in Australia, the Czech Republic, Estonia, Ethiopia, Indonesia, Latvia, Mongolia, Qatar, the UAE, and the United States.

"We have identified several more countries where FinSpy command and control servers were operating," said Citizen Lab, a University of Toronto institute that specialises in digital issues. "Scanning has thus far revealed two servers in Brunei, one in Turkmenistan's Ministry of Communications, two in Singapore, one in the Netherlands, a new server in Indonesia, and a new server in Bahrain." Citizen Lab also comments that some of the detected servers have been taken offline, after being discovered.[7]

Reporters Without Borders has contacted Gamma International in February 2013.