FinFisher Spyware overview

August 22, 2023

In the course of several years Buro Jansen & Janssen has collected data on the use of FinFisher spyware. This overview is not at all complete. It could be that some of the countries mentioned did not use the spyware from FinFisher, but we listed these countries nevertheless because their names came up in research from WikiLeaks, Citizen Lab, Privacy International or other organizations/media because, for example, ‘control servers’ were located in these countries and/or demonstrations were given. This does not necessarily mean anything but the lack of formal denial, formal and open investigation into the existence of these servers and other reluctance to give openness and transparency about the use or existence of spyware in these countries compelled Buro Jansen & Janssen to list them.

Then there are three other aspects of the listing which are important to mention. Some countries, for example Cyprus, but also Germany, Italy, and Israel are known for harbouring the firms which produce the spyware or export or facilitate the export. Then as already said there are of course the meetings, negotiations and demonstrations, which might or might not have resulted in the purchase of FinFisher. In any case, because transparency is lacking and countries do not give any accountability to why they meet up with companies which have relations with repressive regimes and could be labelled as criminal organization, these countries appear on the list. Finally there is the case of ‘Black Oasis’, ‘Neodymium’ or ‘Promethium’.

These names are assigned to an unspecified mysterious group which can be a hackers group whether or not related to a company, a state or a governmental body apparently using FinFisher tools in relation to several countries. Mostly it is assigned to some Russian hackers group. The problem is that in a world of spyware that is entangled with secrecy and secret services, it is also possible that the targets do not tell the whole story of the group or organization behind the name. It is difficult to tell.

So the countries connected to Black Oasis are also added to the list, especially because no specific investigation into the usage of FinFisher by this group is officially and openly reported or announced. All in all the countries on this list can be labeled as in one way or another connected to FinFisher in much the same way the authorities always explain their actions towards presumed suspects of terrorism or organized crime: ‘Where there’s smoke, there’s fire’.

Then lastly there is the amount of publishing about FinFisher in a country. In some countries a lot is published about Finfisher, partly because there were some specific cases or other reasons. About other countries much less is published. Some only related to ‘Black Oasis’. These countries, like Cyprus, Iran, Iraq, Kuwait, Madagascar, Myanmar, Russia, Sweden, Switzerland, Syria, Thailand and Yemen are still added.

The same applies to the numerous companies and persons involved in FinFisher. What started with one company spiraled into a web of companies from the UK to Germany, Cyprus, Virgin Islands, Lebanon, Bulgaria, Malaysia, Singapore and other countries. The web consists of dismantled, sleeping, silent, active and other registries. All creating a web which has all the hallmarks of a money laundering and organized crime operation. Question remains why all these companies, amongst which a lot are registered in so-called democratic states, were able to sell their goods to these western countries that paid for spyware from a company about which not only ethical questions could be asked, but also issues of tax avoidance, money laundering and consequently of organized crime.

Therefore the list of companies is also long. Some companies might only be related to property ownership of one or more of the employees involved in one of the companies which provide spyware, but this is impossible to say because of the nature of the web. Unless persons involved are clear (supported with documents) about their position towards Gamma Group, the trade to repressive regimes, the tax policy of the companies and other aspects of professional and legitimate business operations nothing conclusive can be said about their involvement. So again, ‘where there’s smoke, there’s fire’.

Gamma Group/ FinFisher is regularly mentioned in relation to two other sets of companies which are formally not connected. These are Elaman and Trovicor. Elaman looks like the typical reseller which has its own network of companies in Germany, Switzerland, Lebanon, the Emirates and probably Singapore, Indonesia and South Africa. Although it looks like an intermediary, Elaman seems much more connected to the Gamma Group network. It presents itself as closely connected to Gamma TSE, Gamma Group and G2 Systems. As a Technical Sales and Consultancy specialist Elaman seems much more as a covered Gamma Group sales department, less connected then for example the Raedarius network.

And then there is the Trovicor network which was known as Nokia Siemens Networks or NSN, a joint venture between the Finnish Nokia and the German Siemens. Trovicor looks like a competitor of Gamma Group but the world of spyware companies show similarities of the world of spies, a world or mirrors. Gamma Group worked in the past closely together with Siemens Pte. Elaman sells not only products from Gamma Group, but also Trovicor and Nokia Siemens Networks, VASTech and Utimaco. The Swiss branch of Trovicor is closely connected to the Swiss branch of Elaman. Personnel has been switching from Nokia Siemens Networks to Elaman. Although there are no formal connections between Gamma Group and Trovicor, definitely there are very close relations. If that is still the case remains unclear since the acquisition of Trovicor by the French Boss Industries. Boss Industries also owns Nexa Technologies, formerly known as Amesys.

Then what about the people involved. Starting with father and son Nelson only a few people have come in the limelight over the years, these are mainly Stefan of Stephen Oelker of Stephan Ölkers, who died in 2016, and Martin Johannes Münch (Muench). For the rest the listed persons are connected to one or more companies related to the network of Gamma Group and FinFisher. Interesting example is for example Christoph Diekhöfer. A person who is vaguely related to the network although he pops up in relation to a company in Cyprus, connected to Louthean Nelson and connected to export of FinFisher. So again, are these people involved in providing spyware to repressive regimes, tax avoidance, money laundering, criminal activities? Question mark yes, but also no, because if you define the Gamma Group as an organized crime group providing repressive regimes and other criminal activities with tools to violate human rights then every person in that group could be a suspect in an investigation. So definitely smoke, and ‘when there’s smoke, there’s fire’.

Related companies (dismantled, sleeping, silent, active and other registries):

In the United Kingdom: Gamma International (UK) Ltd, Gamma TSE Limited, Gamma 2000 Limited, Gamma 2000 Waste Management Limited, G2 Systems Limited, The CBRN Team Limited, Computplus Limited, Finfisher Limited, T.S. Comms Limited, Gamma Cyan Limited, Personal Protection Products Limited, Compass Military Services Limited

In Germany: PK Electronic International Limited, Gamma International GmbH, Gamma International Sales GmbH, Gamma International Holding GmbH, FinFisher GmbH, FinFisher Labs GmbH, FinFisher Holding GmbH, Raedarius m8 GmbH, So m8 GmbH, Lench IT Solutions Plc, SIS Eastern Europe GmbH, SIS Romania GmbH, Vilicius Holding GmbH, Martin J. Muench GmbH, MuShun GmbH

In Germany, probably not directly related to the production of spyware, although not conclusive but might be related to trade and/or trade relations: Villa Deta GmbH, SO Verwaltungsgesellschaft mbH, VGL Verwaltungsgesellschaft mbH, hph Immobilienberatung GmbH, hph consulting GmbH, Objekt 5001 GmbH, Quaestus Alp47 GmbH, Quaestus alpha GmbH, AK Invest Gmbh, SIS Solar Installation Service, AdSum UG, H & D Holding GmbH, GM Vermögensverwaltung GmbH, IQbyte GmbH, NTT Security (Germany) Services GmbH,

In Switzerland: Gamma Sales AG, FinFisher AG, Amador AG, Raedarius AG, Gamma Global Holding AG, Global Environnement Capital SA

In Bulgaria: Raedarius M8 EOOD (РАЕДАРИУС М8 ЕООД)

In Singapore: Mindstone International Pte. Ltd., Global Surveillance Systems, BizCorp Management Pte Ltd.,

In Malaysia: Raedarius M8 Sdn. Bhd., Mu Shun (Malaysia) Sdn. Bhd.

In Lebanon: Gamma Group International SAL, Alaman – German Security Solutions SAL, Gamma Cyan SAL Offshore, Cyan Engineering Services SAL, Mtrac?

In the British Virgin Islands: Gamma Group International Limited, Mindstone International LTD

In Cyprus: GTSC LTD, Gamma International Ltd, Gamma 2000 (Cyprus) Limited, Raedarius Limited

In the United Arab Emirates: Mu Shun Fze (?), Raedarius (Media, IT & Telecommunication)

The several branches of Elaman: Elaman GmbH (Germany), Alaman – German Security Solutions Sal Offshore (Lebanon), Elaman ME FZE (UAE/Dubai), Elaman AG (Switzerland)(probably also companies in Singapore, Indonesia and South Africa)

The several branches of Trovicor: Trovicor gmbh (Germany), Trovicor holding GmbH, Datafusion Systems GmbH (Germany), Datafusion Holding GmbH (Germany), Intelligence Solutions Holding GmbH (Germany), Blitz 08-500 GmbH (Germany), Trovicor AG (Switzerland), Trovicor (Smc Pvt.) Ltd. (Pakistan), Trovicor SOLUTIONS FZ LLC (UAE/Dubai), Trovicor Fz-Llc (UAE/Dubai), Trovicor Technology Sdn. Bhd. (Malaysia), TROVICOR SDN. BHD. (Malaysia), Eirene – Trovicor Solutions India Pvt.Ltd (India), Trovicor s.r.o. (Czech Republic), Trovicor LLC (Oman), Trovicor solutions asia limited (Hong Kong), Trovicor (full name?, Lebanon)

Related persons:

Peter Klüver (PKI Electronic Intelligence GmbH)

William Louthean Nelson (Gamma TSE Limited, FinFisher Limited, Gamma 2000 Waste Management Limited, Gamma International (UK) Limited, Gamma 2000 Limited, Gamma Cyan, Limited, G2 Systems Limited, Computplus Limited, Compass Military Services Limited)

Louthean John Alexander Nelson (PKI Electronic Intelligence GmbH, PK Electronic International Limited, PK Electronic International Corporation, Gamma TSE Limited, FinFisher Limited, Gamma 2000 Waste Management Limited, Computplus Limited, Gamma International (UK) Limited, the CBRN Team Limited, Gamma 2000 Limited, Gamma Cyan, Limited, G2 Systems Limited, BN Management Security Systems Ltd, Axcition Europe, Gamma Tema Consultants, Gamma International Ltd, Gamma International GmbH, Gamma Group International SAL, GTSC LTD, Gamma International Ltd, Gamma 2000 (Cyprus) Limited, Raedarius Limited, Mindstone International Pte. Ltd., Global Surveillance Systems, BizCorp Management Pte Ltd, Gamma Group International Limited, Mindstone International Ltd)

Brydon Stewart Deas Nelson (Gamma Cyan, Limited, G2 Systems Limited)

Pauline Louise Nelson (G2 Systems Limited, Computplus Limited, Gamma 2000 Waste Management Limited, Gamma 2000 Limited)

Jacob Perch Nelson (the CBRN Team Limited)

Derek Alan Myers (Gamma TSE Limited, PK Electronic International Limited)

Martyn Russell Myers (Gamma TSE Limited)

Christine-Ann Myers (Gamma TSE Limited)

Thomas Fisher (Gamma International)

Mohamed Farid Matar (Gamma Group International SAL)

Edgar Bucheli (Gamma International Asia)

Johnny Debs (Cyan Engineering Services Sal)

Emmanuel Chagot

David John Wood (Gamma Cyan Limited)

Julian Oliver Snell (Gamma Cyan Limited)

Karen Jean Seymour (G2 Systems Limited)

Stefan of Stephen Oelker of Stephan Ölkers (died in 2016): (Vilicius Holding GmbH (FinFisher Holding GmbH, Gamma International Holding GmbH), so m8 GmbH, raedarius m8 GmbH, FinFisher GmbH, FinFisher Labs GmbH, Mtrac? (Libanon)

Sascha Markus Kampf (Vilicius Holding GmbH, so m8 GmbH, FinFisher Holding GmbH, Villa Deta GmbH, SO Verwaltungsgesellschaft mbH, VGL Verwaltungsgesellschaft mbH, hph Immobilienberatung GmbH, hph consulting GmbH, Objekt 5001 GmbH, raedarius m8 GmbH, Quaestus Alp47 GmbH)

Andreas Knab (Villa Deta GmbH, SIS Eastern Europe GmbH, AK Invest Gmbh, SIS Solar Installation Service)

Georg Glatzeder (VGL Verwaltungsgesellschaft mbH)

Katja Gogalla (VGL Verwaltungsgesellschaft mbH)

Martin Johannes Münch (Muench) (raedarius m8 GmbH, FinFisher GmbH, Vilicius Holding GmbH, Martin J. Muench GmbH, MuShun GmbH, FinFisher GmbH, FinFisher Labs GmbH, FinFisher Labs GmbH)

Carlos Hugo Gandini (Trovicor, AdSum UG, H & D HOLDING GMBH, FinFisher GmbH, Gamma Group, Gamma International)

Holger Tesche (GM Vermögensverwaltung GmbH, FinFisher Labs GmbH, Gamma International GmbH)

Lucian of Lucien Hanga (FinFisher Labs GmbH, Gamma International GmbH)

Daniel Maly (FinFisher GmbH)

Christoph Diekhöfer (raedarius m8 GmbH, Raedarius Limited)

Georg Johann Magg (FinFisher Labs GmbH, Raedarius m8 GmbH, IQbyte GmbH, NTT Security (Germany) Services GmbH, Integralis Deutschland GmbH, Integralis Services GmbH, Activis Ismaning GmbH, Activis GmbH, NTT Com Security (Deutschland) Services GmbH, NTT Com Security (Germany) Services GmbH), Integralis AG, Nocitra Limited (voorheen Articon-Integralis Limited, Integralis Limited, Intercede 601 Limited), NTT Security UK Limited (voorheen NTT Com Security (UK) Limited, Integralis Limited, Integralis Network Systems Limited, Coleslaw 355 Limited, Silversky EU GmbH)

Harald Heid (IQbyte GmbH, MTI Technology GmbH)

Michael Marr (IQbyte GmbH)

Nicolas Mayencourt (Dreamlab)

Peter Habertheuer (Vastech AG, Nokia Siemens Networks, Elaman GmbH)

Monika Frech-Hänggi (Vastech AG, Elaman AG, FAI AG, Famoex AG, Kialo AG, S.A. de la Communication Sécurisée SCS, SBI Consulting- und Verwaltungs- AG, Priparop S.A., Falcontec SA, Marphil AG)

Henning Möller (Elaman AG, Trovicor AG, Falcontec SA, FAI AG, Kialo AG (Ciphire Labs GmbH/ Kialo GmbH))

Markus Michael Meiler (Elaman AG, Elaman GmbH, inseen UG)

Holger Günther Rumscheidt (Elaman GmbH, Elaman AG, MAELU Franchise Gmb, Toleo GmbH)

Eugen Fissl (Elaman GmbH)

Wolfgang Sandow (Famoex AG, Falcontec SA, WKW AG)

Georg Johann Magg (FinFisher Labs GmbH, raedarius m8 GmbH, IQbyte GmbH, NTT Security (Germany) Services GmbH (Integralis Deutschland GmbH, Integralis Services GmbH, Activis Ismaning GmbH, Activis GmbH, NTT Com Security (Deutschland) Services GmbH, NTT Com Security (Germany) Services GmbH), Integralis AG, Nocitra Limited (voorheen Articon-Integralis Limited, Integralis Limited, Intercede 601 Limited), NTT Security UK Limited (voorheen NTT Com Security (UK) Limited, Integralis Limited, Integralis Network Systems Limited, Coleslaw 355 Limited))

Disclaimer

Buro Jansen & Janssen does not claim that this research is fully satisfactory, but it is an attempt to protect the rule of law by which suspects have insight in the way evidence is gathered and by which the legitimacy of evidence can be proven beyond a reasonable doubt. Spyware, and in this case FinFisher, has all the whole marks of a black box by which evidence is collected which cannot be verified beyond a reasonable doubt that it is truly evidence and not fabricated proof of guilt by a state or even a non-state actor. This doubt is enlarged because of the secrecy and the lack of transparency by both states and companies of the usages, inner workings, limitations, security entity breaches and other aspects of the used spyware. In the case of FinFisher the use by a non-identified, for now named ‘Black Oasis’, questions also the fact if law enforcement agencies are the only actors targeting the suspects. It opens Pandora’s Box of possibilities to fabricate evidence of wrongdoing. And in the case of FinFisher there is not only the possibility of violation of export regulations, but also the questions about tax evasion, money laundering, espionage and other criminal activities in relation to the export and usage of spyware by repressive regimes. Because isn’t there a possibility that ‘Black Oasis’ is part of the FinFisher network. This is not an unreasonable conclusion. No official investigation has been started in relation to ‘Black Oasis’, no official publication and statement has been issued in relation to ‘Black Oasis’, so everything is possible.

In the case that you or your company is listed here and this is not correct, Buro Jansen & Janssen will correct this if beyond a reasonable doubt the claim of not being connected to the Gamma Group network is made public.

FinFisher Spyware overview

Reacties (0)

Voeg nieuwe reactie toe