Technology (2012)

Gamma International

The BigBrotherAward in the category “Technology” goes to Gamma Group, represented in Germany by Gamma International in Munich, personally by its general manager Stephan Oelkers, for their software “FinFisher”. Gamma advertises the ability of its product to exploit security vulnerabilities in iTunes and Skype to plant spyware on the target system, for example by using fake software updates. It also markets the ability of its software “FinSpy Mobile” to remotely access Blackberry personal mobile devices. Gamma software products are being sold to domestic and foreing state agencies. Among other locations it was found during the storming of the headquarters of the Egyptian secret service in Cairo by civil rights activists.
Frank Rosengart am Redner.innenpult der BigBrotherAwards 2021.
Frank Rosengart, Chaos Computer Club (CCC)

The BigBrotherAward in the “Technology” category goes to Gamma Group, represented in Germany by Gamma International in Munich, personally by its general manager Stephan Oelkers, for their software FinFisher. FinFisher is used by authorities to penetrate computer systems in order to install surveillance software.

An excerpt from their sales brochure reads as follows: “Remote surveillance and software-installation products enable access to the target systems (computers and telephones), allowing remote control, data analysis, eavesdropping on encrypted communications and data collection. …”

With frightening frankness, Gamma offer their services on their German website – despite the fact that development and distribution of this kind of spyware is prohibited by German criminal law (Par. 282c StGB). However, this only applies to dealing with private customers, not to sales to domestic official agencies, or the secret police of a foreign dictatorship. At least that was the reason why the Munich prosecution refused to open a case against Gamma.

The so-called “Federal Trojan” (Bundestrojaner) is one of the most controversial investigation tools for the German police and secret services. Once installed on somebody’s personal computer, it enables government agencies to search the machine’s contents remotely and covertly, snoop through e-mails, or record passwords. Even the computer’s microphone and web cam can be activated for surveillance. Although the Federal Constitutional Court has strictly regulated the use of such programs in Germany, other countries are much less squeamish: in Syria, Turkmenistan or Oman the secret police will routinely spy on computers of opposition members, and persecute them for advocating a more democratic state.

Pro-democracy movements are increasingly using the Internet for their activities. Consequently, government agencies would like to be able to observe the “electronic life” of a targeted person. Large-scale control of the Internet as well as targeted examination of private computers, e-mails and Facebook accounts are methods of choice.

Documents found during of the storming of the headquarters of the Egyptian state security agency prove that the secret police was going to hunt down members of the opposition using a Trojan made by Gamma group. The agency ran extensive tests on a Gamma laptop and rated the FinFisher software very positively.

In cooperation with Swiss company Dreamlabs, Gamma have offered a so‑called “Infiltration Proxy” from the FinFisher product family to countries such as Oman or Turkmenistan. With this software, thousands of computers can be equipped with snooping software en masse.

There has been a lot of discussion in Germany about how spyware is planted onto a suspect’s computer. We know from recent cases that the usual method is for agencies to choose direct physical access: a faked break-in to bug the PC at night, or a security check at an airport, where officers would be able to get their hands on a laptop for a few minutes under a false pretence. But there are more elegant solutions: Security holes in applications or in the operating systems can be exploited by agencies using so-called “man-in-the-middle” attacks to install spyware on the computer. The spyware vendor in this case obtains knowledge about software security vulnerabilities on the black market and offers wire-tapping services for the user’s internet connection, in most cases with assistance from the service provider. Whenever affected users run a piece of software with a vulnerability, for instance the iTunes music shop, they will unwittingly install the spy trojan on their machine. A presentation by Gamma explicitly names Apple’s iTunes as an intrusion path for their software.

Gamma Group offer their services in this specific market segment, known as remote intrusion. Their FinFisher product provides agencies with a comfortable tool to intrude into their target person’s computer and place the spy software on it.

Gamma are one of the main sponsors of international security shows such the ISS in Dubai, and there they also offer their FinFisher software to government agencies of countries where human rights are respected to a far lesser degree than here in Germany.

The German Federal Criminal Police Office (Bundeskriminalamt, BKA) has shown interest in Gamma’s FinFisher software and has purchased a test license, as confirmed by the federal government in response to an parliament inquiry.

Structures behind the internationally operating Gamma Group are less than transparent; their exports are handled via other companies. We do therefore not know if we have picked the correct recipient for our award: we do not know who really is behind Gamma in Germany. We have chosen Mr. Stephan Oelkers because he repeatedly appears in presentations and the trade register contains his name with general commercial power of representation.

Congratulations Mr. Oelkers, of Gamma Group.


Updates to this awardee

Unfortunately, we do not have the capacity to translate our updates into English.

Frank Rosengart am Redner.innenpult der BigBrotherAwards 2021.
Frank Rosengart, Chaos Computer Club (CCC)

About BigBrotherAwards

In a compelling, entertaining and accessible format, we present these negative awards to companies, organisations, and politicians. The BigBrotherAwards highlight privacy and data protection offenders in business and politics, or as the French paper Le Monde once put it, they are the “Oscars for data leeches”.

Organised by (among others):

BigBrother Awards International (Logo)

BigBrotherAwards International

The BigBrotherAwards are an international project: Questionable practices have been decorated with these awards in 19 countries so far.