Company accused of selling surveillance software outside the EU without an export license

German police raid FinFisher over spyware allegations

German customs officials have raided the offices of surveillance tech firm FinFisher, after it was accused of selling surveillance software, or ‘spyware’, to oppressive regimes around the world.

The public prosecutor, Munich and German Customs Investigation Bureau, searched 15 business premises and private apartments associated with the company, as well as a connected organization, in Munich and Romania, for three days between October 6-8, according to German digital rights publication Netzpolitik.org.

The investigation, launched in 2019, was triggered by a criminal complaint filed by the publisher and several human rights organizations, alleging that FinFisher had exported its eponymous surveillance software – also known as ‘FinSpy’ – outside the EU without first obtaining an export license.

Other signatories included the Society for Freedom Rights, Reporters Without Borders, and the European Center for Constitutional and Human Rights.

FinFisher denied the accusations and sent a cease-and-desist letter to Netzpolitik.org, which the courts upheld.

In the wild

The criminal complaint (PDF) centered on reports that the Turkish government had planted the spyware on a domain impersonating the website of its political opponents in 2017.

FinSpy variants are also said to have been used by the governments of Ethiopia, Bahrain, the UAE, and Egypt to spy on dissidents, journalists, and human rights activists, according to various NGOs and security researchers.

In 2013, Netzpolitik.org also claimed that it had seen secret documents showing that both German federal police and Berlin police had purchased the surveillance tool.


RELATED Fitbit allowed spyware on official app store – research


FinFisher says its technology is intended to assist law enforcement and intelligence agencies in profiling criminals and aiding “the collection of target related information”.

Evidence that FinSpy was active in the wild was first disclosed in 2011 by Wikileaks. A year later, Citizen Lab analyzed samples allegedly sent to Bahraini pro-democracy activists. Last month, Amnesty International’s Security Lab presented analysis of further samples.

Phishing entry point

FinSpy typically infects desktop PCs running Windows, macOS, or Linux, or mobile devices operating iOS or Android, via phishing emails.

Kaspersky said in July 2019 that the app, which it had detected “on dozens of mobile devices”, gives attackers “almost total control over the data on an infected device”, with contacts, call history, geolocation data, voice and VoIP calls, and messages on instant messaging services vulnerable to eavesdropping or exfiltration.

In the Netzpolitik.org article published yesterday (October 14), investigative journalist Andre Meister said the public prosecutor had told him that investigations were ongoing against FinFisher and at least two other companies in relation to alleged violations of Germany’s Foreign Trade and Payments Act.

Meister said he had sent questions to FinFisher and its partner companies but had not received a reply.

The Daily Swig has contacted FinFisher and the public prosecutor in Munich for comment and will update the article accordingly if we receive responses.


YOU MAY ALSO LIKE The cybersecurity helpline protecting citizens from digital attacks