FIRST PUBLISHED ON THE BBC WEBSITE – SEPTEMBER 20th 2011
By Stephen Grey File on 4, BBC Radio 4
A UK firm offered to supply “cyber-spy” software used by Egypt to target activists, the BBC has learned.
Documents found in the headquarters of the country’s security service suggest it was used for a five-month trial period at the end of last year.
Hampshire-based Gamma International UK denies actually supplying the program, which infects computers with a virus that bugs online voice calls and email.
The foreign secretary says he will “critically” examine export controls.
William Hague, who speaks for the government on computer security issues, said: “Any export of goods that could be used for internal repression is something we would want to stop.”
He also admitted the law governing software exports was a grey area.
The documents seen by the BBC were found at the looted headquarters of the Egyptian state security building earlier this year.
They describe an offer by Gamma International UK Ltd to supply a software programme called Finfisher.
Finfisher is described as a toolkit “used by many global security and intelligence services” for secretly gaining access to people’s computers.
The files from the Egyptian secret police’s Electronic Penetration Division described Gamma’s product as “the only security system in the world” capable of bugging Skype phone conversations on the internet.
They detail a five-month trial by the Egyptian secret police which found the product had “proved to be an efficient electronic system for penetrating secure systems [which] accesses email boxes of Hotmail, Yahoo and Gmail networks”.
Another document discovered by German public television network MDR is thought to reveal the first-known victims of the Finfisher program.
The document describes how, during the period of the software trial, the secret police successfully broke into and recorded encrypted Skype calls.
Sherif Mansour, from the US democracy group Freedom House, was in Egypt last year to help monitor parliamentary elections.
Named in the document as a victim of the bugging, he blamed the Finfisher software and urged the British government to take action.
“We democracy and human rights activists already face a lot of troubles and get a lot of threats. I expect that from government but not from software companies.
“We have never looked to them to [be] enabling repression, to outsourcing repression.”
It was amazing when they showed me some text messages from my phone and told me about my calls”
Abdul Ghani al-Khanjar Bahrain activist
According to the Department for Business Innovation and Skills, Finfisher does not require an export licence because it does not use encryption.
Mr Hague told File on 4 that the UK had a strong export licence system.
He said a number of licences had been withdrawn from companies exporting items of concern to Libya, Tunisia and Bahrain – but he conceded software was a difficult product to legislate for.
“This will be a greyer area because there can be many many uses for a given piece of software.
“But nevertheless, we will look at that critically and if any evidence is supplied to the government – or we come across any evidence of British technology used for internal repression in other countries – then we will take the same very tough line on that as we do on other items.”
Gamma International UK Ltd is owned by a 49-year-old Briton, Louthean Nelson, who is listed as having addresses in Salisbury, Hamburg and Beirut.
The BBC wanted to ask Mr Nelson about the contradiction between Gamma’s claim it did not supply the software, and the information contained in the Egyptian documents. He did not reply.
‘Abuse of technology’
But although Gamma has refused to comment publicly, a company representative called Martin Muench is due to speak next week at a conference in Berlin on cyber warfare.
Gamma is listed as a “sponsor and exhibitor” with a speaker due to address the conference on “applied hacking techniques used by governmental agencies”.
Also speaking at the conference are colonels from the British, US and German armies, and the director of intelligence at US Cybercommand.
Find out more
File on 4 is on BBC Radio 4 on 20 September at 20:00 BST and Sunday 25 September at 17:00 BST
Elsewhere in the Middle East, reports emerged this month of claims that French and South African firms helped monitor phones and the internet for Libya’s Col Muammar Gaddafi.
In Bahrain – where the regime has so far survived the protests – human rights activist Abdul Ghani al-Khanjar says he only learned the extent of surveillance in his country after being arrested.
He had just returned from London where he spoke at a meeting in the House of Lords.
“Within two days, masked civilians and riot police raided my house and arrested me and I have been tortured about my many activities,” he told the BBC.
“It was amazing when they showed me some text messages from my phone and told me about my calls.”
He added: “This is a bad abuse of technology.”
The Bahraini government says it has launched an inquiry into torture allegations. But Siemens and Nokia have both been implicated in the bad publicity surrounding the case.
In the past Siemens sold Bahrain a “monitoring centre”, which is thought to have allowed the regime to secretly track and bug its citizens’ phones. The company is said to have sold the same system to 60 countries worldwide.
But Ben Roome, a spokesman for Nokia Siemens Networks – a joint venture between the two companies, says it has now pulled out of making interception tools, precisely because of concerns that they can be abused.
“If you provide technology you cannot be blind to how potentially it can be used,” he said.