https://netzpolitik.org/2013/secret-government-document-reveals-german-feder... The German Federal Police office has purchased the commercial Spyware toolkit FinFisher of Eleman/Gamma Group. This is revealed by a secret document of the Ministry of the Interior, which we are publishing exclusively. Instead of legitimizing products used by authoritarian regimes for the violation of human rights, the German state should restrict the export of such state malware. In October 2011, German hacker organization Chaos Computer Club (CCC) analyzed a malware used by German government authorities. The product of the German company DigiTask was not just programmed badly and lacking elementary security, it was in breach of German law. In a landmark case, the Federal Constitutional Court of Germany ruled in 2008 that surveillance software targeting telecommunications must be technologically limited to a specific task. Instead, the CCC found that the DigiTask software took over the entire computer and included the option to remotely add features, thereby clearly violating the court ruling. Since then, many German authorities have stopped using DigiTask spyware and started to create their own state malware. For this task, a b Center of Competence for Information Technology Surveillance (CC ITC )b was established, sporting a three million Euro budget and a team of 30 people. Today, the Federal Ministry of the Interior is informing the Federal Parliament Bundestag about the centers progress and work. Members of the Finance Committee of the German Parliament are receiving a classified document, that we are now publishing. (text) According to the document (in German only) dated December 7, the Federal Criminal Police Office plans to finish the development of their own surveillance malware until the end of 2014. There is no word on the progress or even how many developers have applied for the job, which seems to be frowned upon by many German hackers. In the meantime, the Federal Police plans to continue using commercial software. In a b market surveyb, they have assessed b three products as generally suitableb. The result:

The Federal Criminal Police Office has acquired, for the event a use is necessary, a commercial product of the company Eleman/Gamma.

The Gamma Group of Companies, a network of companies linked to offshore secrecy, is behind the infamous FinFisher/FinSpy IT intrusion software kit developed in Germany and used by authoritarian regimes across the world to spy on political activists. The software is highly sophisticated and can completely take over a veriety of devices, including Windows, OS X, Linux, iOS, Android, Symbian, Blackberry and Windows Mobile. A promotional video advertises the ability of b remote intrusionb via fake updates from mobile carriers and Internet providers. The experienced team behind FinFisher/FinSpy is less likely to implement b significant design and implementation flawsb, as the CCC diagnosed for DigiTask. But with strong clues that authoritarian regimes such as Bahrain, United Arab Emirates, Qatar, Ethiopia, Mongolia and Turkmenistan are using those products, the German state is sending a dangerous political message by using exactly the same software itself. In Britain, the Secretary of State put FinSpy software under export restrictions, requiring the Gamma company to acquire a licence to export these tools. In Germany, we are also calling for export restrictions to stop the sale of western surveillance technology to regimes known for their violation of human rights. Besides this fundamental criticism, it also remains unclear if this spyware developed for international customers can meet the high standards set by the Constitutional Court for the use of such software in Germany. As discovered by the CCC, DigiTask was breaking the law by allowing to update installed malware and adding new features from remote. Although Gamma keeps its software secret, current research suggests that the FinFisher/FinSpy toolkit consists of a basic module (the trojan) that can also remotely load additional b feature modulesb, for example a module for recording Skype conversations. Analysts who have looked at FinFisher parts told netzpolitik.org that they have not seen limits on what additional modules can be loaded or even a signature verification of additional modules. If this is indeed the case, this would clearly violate German law. Since the CCC analysis showed that the current German state trojan was able to do more than allowed, it should be obvious that all future spyware must be verified before use. According to the document, both the Federal Commissioner for Data Protection and Freedom of Information and the Federal Office for Information Security are not able to audit the source code of the program to check if it complies with the legal requirements. For this reason, the German part of IT corporation Computer Sciences Corp was tasked with the review, which was supposed to be finished in December. The document does not mention the progress or results of such an audit. There are also no mentions of a amount which the Federal Police is paying to Gamma, the terms of a sale or licensing, or whether German officials have already used the software. Gamma spokesperson and developer Martin J. MC

With the purchase of Gamma FinFisher, the Federal Criminal Police Office has chosen a vendor that has become a symbol for the use of surveillance technology in oppressive regimes worldwide. FinFisher also consists of various components, which can be loaded when needed, thereby allowing the installation of spying capabilities that go far beyond the already questionable b wiretapping at the sourceb .

-- ilf C ber 80 Millionen Deutsche benutzen keine Konsole. Klick dich nicht weg! -- Eine Initiative des Bundesamtes fChttps://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE