Spyware Firms In Breach Of Export Sanctions

Spy equipment producers are breaking laws and circumventing international sanctions by agreeing to sell stock to countries known for human rights abuses, and to clients who do not declare the end user.

This means surveillance tools could easily fall into the hands of armed groups, corporations, governments cracking down on dissent, or opposition leaders, an exclusive investigation by Al Jazeera reveals.

During Spy Merchants, a four-month undercover operation, Al Jazeera secretly filmed representatives of two Italian companies and one Chinese business agreeing to sell spyware that is capable of tracking millions of people online and able to intercept phone calls and text messages without anyone finding out.

The vendors boasted of being able to side-step the law by using sister and shell companies and explained how to possibly circumvent export regulations by lying about the details of shipments and using third countries exempted from certain rules as stopping places.

Posing undercover as a middle man buying equipment for the South Sudanese and Iranian governments, our reporter James (not his real name) was able to negotiate deals to acquire surveillance tools that Iran is prohibited from buying and that would cause serious human rights concerns in South Sudan.

The two Italian companies, IPS and AREA, indicated that they were open to the possibility of violating European laws to sell equipment that would end up in the hands of Iranian and South Sudanese clients, where they could potentially be used to spy on citizens.

China-based business Semptian, meanwhile, was ready to sell spying gear worth nearly $3 million without knowing who the recipient would be.

When our reporter asked Semptian cofounder Frank Feng if previous buyers had used shell companies, Feng responded: "We have done it. We don't know who is the private company and who is the end user. And we don't care about it. This way is good, because we have done it before."

Nuclear weapons of 21st century

Former British intelligence officer Julian Richards described powerful surveillance tools as "the nuclear weapons of the 21st century".

"These are the things that states that want to get ahead in, in their security capabilities. These are the things they'll pay big money for," he told Al Jazeera.

The equipment these surveillance companies make is used to monitor phone and internet traffic on a large scale.

The so-called IMSI catchers and IP Intercept systems are respectively used to listen in on phone calls and text messages, and can be used to spy on the internet usage of millions of people.

"When these technologies end up in the wrong hands. They end up with agencies which have a very proven and bloody history of repression and human rights abuse," Claire Lauterbach, a researcher at Privacy International, told Al Jazeera.

"It's truly remarkable, when you consider what the implications of this might be."

The surveillance systems do have legitimate uses for intelligence and law enforcement agencies, but they are often used by repressive governments to track political dissidents.

"I found that activists, students, journalists, opposition figures in North Africa and the Middle East would be [targeted] and sometimes be imprisoned as a result of these systems coming from Europe," said Marietje Schaake, a member of the European parliament focused on foreign affairs trade and technology.
After viewing Al Jazeera's investigation, she said: "I found that unacceptable then, and I find it unacceptable today."

The companies our undercover reporter approached seemingly had no problem in forging documents to make sure the deal would go ahead.

"First, we are ok with Iran. Of course, it's subject to export restriction. But this is something that we can manage," said IPS sales manager Ugo Santillo.

By using a sister company and describing the hardware sold by IPS as a "traffic management system", IPS said it could sell IP intercept systems to Iran.

In response to these allegations, IPS told Al Jazeera that they operate with full respect of the regulations.

They added: "We had no intention of completing this or any deal with the individual our staff met with. Any deal that we may have discussed with him would have to be dependent on obtaining the full legal authorisation from the authorities."

Freedom of speech curtailed

AREA, meanwhile, was prepared to discuss selling IMSI catchers, tools that can spy on mobile phones without users' knowledge, to South Sudan, despite serious human rights concerns and EU sanctions.

In South Sudan, according to Human Rights Watch , government forces and opposition fighters "committed serious abuses against civilians" in the civil war, and authorities there "harass, intimidate, and arbitrarily arrest and detain journalists".

Pagan Amum, a South Sudanese politician, was forced to flee the country in 2013 when the war began after becoming the target of government surveillance. He was arrested and accused of plotting a coup.

"The government with that surveillance has reduced the political space for our citizens to speak, the right of freedom of speech has been curtailed, even to speak in private," he told Al Jazeera.

"To conduct this surveillance, in violation of the law, this is absolutely very dangerous, it becomes actually, just like weapons of mass destruction," he said.

AREA explained what it described as a typical industry tactic: theoretically one could sell surveillance equipment by getting a licence to export to Tanzania , it said, from where the IMSI catcher would be "donated" as a "gift" to South Sudan.

Ultimately, AREA did nothing more than set up a meeting with a Turkish partner, BTT.

To obtain this export license the Turkish partner, offered to lie by stating that the hardware is telecom equipment and not used to spy on people.

"I say this is dual use telecom equipment, okay," BTT's Alper Tosun told our reporter. "And most of the time, it is telecom testing equipment. This is the main purpose that I am declaring."

Absolutely unacceptable

In the past, AREA has been caught selling spy equipment to a country with a history of abusing its citizens.

In 2011, the company made a deal with the Syrian government worth almost $14 million.

Although AREA claimed it had a valid export license to supply Syria, company executives were recently accused of falsifying export documents relating to the 2011 deal.

"I find it absolutely unacceptable that there are people willing to sell to places where human rights violations are obvious," said MEP Schaake.

In the case of South Sudan, she said, the country "is on the brink of massive violence. I do believe that every individual, no matter who their employer is, should really look at themselves in the mirror and wonder, 'What am I doing?'"

BTT did not respond when asked for comment about these allegations.

AREA said it "works with the relevant governments to ensure the proper export and legal use of our equipment."

The company declined further comment until seeing the evidence.

Huge effects for democracy

Semptian, the Chinese company, was also ready to sell IMSI catchers.

At one point, impatient company cofounder Feng encouraged our reporter to buy sooner rather than later because he had to reach a sales "performance" target.

Using a shell company, Semptian was ready to sell our reporter 10 IMSI catchers without knowing who would end up using the spying tools.

To remain anonymous, Feng told our undercover reporter that the company would remove all logos and branding from the surveillance equipment.

Semptian did not respond to a request for comment for this programme.

"Anyone with enough money is able to buy these highly sophisticated systems which could proliferate all over the world. I would like to see more accountability and transparency in this very, very dark and dangerous market," said MEP Schaake.

For Privacy International's Lauterbach, continued illegal trading of surveillance could threaten the foundations of many societies.

"If we can't find a way to bring surveillance and the practice of surveillance within the rule of law, it's going to have huge effects for democracy," she said.

After Spy Merchants was completed, Al Jazeera received a letter from lawyers acting for IPS denying all wrongdoing. They specifically denied that Chief Executive Officer Fabio Romani or any other person in a position of authority at IPS ever attempted to sell its products and services in Iran.

Al Jazeera

You Might Also Read:

We Are In A New Era Of Espionage:

The Future of Government Surveillance - Looks Like This:

Phineas Fisher Fingered: Hacking the Turkish Government:

Hacking Team Inside Job:

African States Quick To Adopt Network Surveillance:

 

 

« Around Half Of Human Jobs Can Be Automated Now
Turkey Blocks Wikipedia »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Netteam

Netteam

Netteam designs, implements and services networking solutions for companies of all sizes.

Datacom Systems

Datacom Systems

Datacom Systems is a leading manufacturer of network visibility solutions.

WetStone Technologies

WetStone Technologies

WetStone develops software solutions that support investigators and analysts engaged in eCrime Investigation, eForensics and incident response activities.

Alsid

Alsid

Alsid helps corporates to anticipate attacks by detecting breaches before hackers can exploit them.

KOVRR

KOVRR

Kovrr financially quantifies cyber risk on demand. Our technology enables decision makers to seamlessly drive actionable cyber risk management decisions.

German Accelerator

German Accelerator

German Accelerator supports high-potential German startups in successfully entering the U.S. and Southeast Asian markets.

Chicago Quantum Exchange (CQE)

Chicago Quantum Exchange (CQE)

Chicago Quantum Exchange is an intellectual hub and community of researchers with the common goal of advancing academic and industrial efforts in the science and engineering of quantum information.

TAG Cyber

TAG Cyber

TAG Cyber's mission is to provide world-class cyber security research, advisory, and consulting services to enterprise security teams around the world.

Madrona Venture Group

Madrona Venture Group

Madrona Venture Group invests in seed and early-stage technology companies in areas including cybersecurity.

Polymer

Polymer

Polymer is a Data Governance & Privacy Platform for third party SaaS apps. A modern Data Loss Protection (DLP) approach to remove sensitive data exposure on collaboration tools in real-time.

Norma Inc.

Norma Inc.

Norma provides the secured wireless environment (WiFi and Bluetooth) with the unauthorized AP detection, and secures your IoT assets from various threats.

Archon Secure

Archon Secure

Archon GoSilent Cube delivers a CSfC-certified, plug-and-play security solution for classified and unclassified communication when using the public Internet.

ViewDS Identity Solutions

ViewDS Identity Solutions

ViewDS Identity Solutions develops innovative identity software including cloud identity management solutions, directory services, access and authorization management solutions.

Cyber Ranges

Cyber Ranges

Cyber Ranges is the next-generation cyber range for the development of cyber capabilities and the validation of cyber security skills and organizational cyber resilience.

MAUSHIELD

MAUSHIELD

MAUSHIELD is the national platform for sharing cyber threat information and intelligence that can help organisations to improve their cybersecurity posture, minimize risks and prevent cyber-attacks.

Iolo

Iolo

Iolo develops patented technology and award-winning software that repairs, optimizes, and protects computers, to maximize system speed and performance while keeping them safe.