A prosecutor in Germany has indicted former executives of surveillance technology company FinFisher GmbH, accusing them of unlawfully supplying the Turkish secret services with spyware that could be used to hack into phones and computers.
(Bloomberg) — A prosecutor in Germany has indicted former executives of surveillance technology company FinFisher GmbH, accusing them of unlawfully supplying the Turkish secret services with spyware that could be used to hack into phones and computers.
In an announcement on Monday, a spokesperson for the Munich Public Prosecutor’s said that the office had carried out an “extensive and complex” investigation of the company following searches of 15 properties. Four of the company’s managing directors had violated foreign trade laws, according to the prosecutor’s office. The prosecutor’s office named the indicted directors only as “G,” “H,” “T” and “D.”
FinFisher, prosecutors say, signed a contact in January 2015 worth €5.04 million ($5.4 million) to supply spyware to Turkey’s National Intelligence Organization, but did not receive the necessary export approval from German authorities. Instead, company executives sought to conceal the deal by transferring the technology through another company they had established in Bulgaria, according to the prosecutor, though all business activities were still controlled and coordinated out of Munich.
Violations of export licensing requirements under Germany’s Foreign Trade and Payments can be punishable with a prison sentence of between three months and five years. The prosecutor’s office pointed to a particular provision of the law that states a prison sentence of not less than one year shall be imposed if a person if found to have acted for the secret service of a foreign power.
Representatives of FinFisher did not respond to a request for comment on the indictment.
The Munich prosecutor began investigating FinFisher in the summer of 2019, after a coalition of advocacy groups filed a criminal complaint against the company, alleging that it had supplied its spyware to Turkey without obtaining the required license from Germany’s federal government.
The spyware had been used in Turkey to infect the phones of government critics, monitoring their calls, text messages, photos and location data, according to a technical report published by the digital rights group Access Now.
In February last year, FinFisher and two other firms – FinFisher Labs GmbH and raedarius m8 GmbH – filed for insolvency and shut down its offices, according to the German insolvency administrator JAFFÉ Rechtsanwälte Insolvenzverwalter.
FinFisher marketing documents published by WikiLeaks show the company offered its spyware, which it called “FinSpy,” as a means to “access target computer systems around the world.” It boasted the ability to hack computers and phones, bypassing anti-virus tools to carry out “live surveillance” of a person by secretly watching and listening to them through their own camera and microphone.
The company’s technology first came to widespread public attention in 2011 during the Arab Spring protests. Amid an uprising in Egypt, protesters ransacked a state security office and found documents showing that Egyptian authorities had obtained a trial of the spyware.
In 2012, Bloomberg News reported that Bahraini activists were targeted with spyware traced to FinFisher. Meanwhile, the University of Toronto’s Citizen Lab published a series of investigations that said governments in more than 30 countries were suspected of using FinFisher, including Bangladesh, Ethiopia, Oman, Saudi Arabia and Venezuela.
(Updated to include additional context about German law in fourth paragraph.)
More stories like this are available on bloomberg.com
©2023 Bloomberg L.P.