Buro Jansen & Janssen

Buro Jansen & Janssen is een onderzoeksburo dat politie, justitie, inlichtingendiensten, de overheid in Nederland en Europa kritisch volgt. Een grond-rechten kollektief dat al 30 jaar publiceert over uitbreiding van repressieve wetgeving, publiek-private samenwerking, bevoegdheden, overheids-optreden en andere staatsaangelegenheden.
Buro Jansen & Janssen Postbus 10591, 1001EN Amsterdam, 020-6123202, 06-34339533, signal +31684065516, info@burojansen.nl (pgp)
Steun Buro Jansen & Janssen. Word donateur, NL43 ASNB 0856 9868 52 of NL56 INGB 0000 6039 04 ten name van Stichting Res Publica, Postbus 11556, 1001 GN Amsterdam.

Publicaties

Observant#81 2023 Politie Black Box
Observant#80 2022 Protesteren is Terrorisme
Observant#79 2022 VASTech / Cyberupt
Observant#78 2021 De burger is staatsgevaarlijk
Observant#77 2021 Fox-IT in Rusland
Observant#76 2021 Integrale Nepwetenschap
Observant#75 2020 Fox-IT en exportvergunningen
Observant#74 2020 Stasi NL Benaderingen in 2019
Observant#73 2019 Fox-IT in het Midden-Oosten
Arrestantenhandleiding 2018
Observant#72 2018 Geheime politie van Nederland
Referendum WIV 2017 magazine 2018
Observant#71 2018 Niet Transparante Wetenschap
Observant#70 2017 Social Media Surveillance
Observant#69 2017 Politie Mercenaries
Observant#68 2016 Wetenschappers en Politie
Observant#67 2015 Data Bedrog
Observant#66 2015 Terroriseren politiek protest
Observant#65 2014 G4S, Facebook en de AIVD
Observant#64 2014 Vreemdelingendetentie
Observant#63 2013 Ideologische orde, Chiquita
Observant#62 2012 De Psyche van een Mol
Observant#61 2012 RID bespioneert jongeren
Observant#60 2012 Duurzaam afwimpelen
Security Industry: Israel - the Netherlands 2011
Observant#59 2011 RID protest Twente
Observant#58 2011 Kraaijer, AIVD, De Telegraaf
Observant#57 2011 Shell, imago AIVD, India
Europese politie en Justitie Infozine 2010
Observant#56 2010 Ochtendgloren, politie phishing
Observant#55 2010 Politieke Politie
Observant#54 2009 ID-plicht, Demonstratierecht
Observant#53 2009 Haags Fouilleren
Observant#52 2009 200.000 professionals?
Observant#51 2009 Chocolade spionnen
Observant#50 2008 Sloop Deporatiemachine
Observant#49 2008 Bewaarplicht en Onmacht
Observant#48 2008 De Onschuld is Dood
Identificatieplicht Infozine 2007
Observant#47 2007 WUID & buitenland
Observant#46 2007 Aanslagen, Prüm, toezicht
Observant#45 2007 Blauw Waas, terrorisme
Observant#44 2007 Preventief Strafrecht
Terrorismebestrijding in Nederland infozine 2006
Ruimte voor het recht 2006 Demonstratierecht
Onder Druk, Terrorismebestrijding NL 2006
Observant#43 2006 Kiezen verdwijnen terreur
Observant#42 2006 Schaduw terreur
Observant#41 2006 Willekeurig Strafrecht
Observant#40 2006 Vuile terreur oorlog
Observant#39 2006 Terreur van grootmachten
Gestraft zonder veroordeling 2005
Observant#38 2005 Bedrijfsspionage terrorisme
Observant#37 2005 Terrorisme fabels
Observant#36 2005 Terroristen lijsten
Observant#35 2005 EU Grondwet
Observant#34 2005 Gewist AIVD bewijs
Observant#33 2005 ID-weigeraars Nat. Recherche
Observant#32 2005 Misleidende inlichtingen
Observant#31 2005 Cyclopisch Recht
Observant#30 2004 Bedrijfsspionage acties
Observant#29 2004 Rasterfahndung NL
Observant#28 2004 Veganisten barbeque
Observant#27 2004 EU2004, dieren en camera's
Observant#26 2004 Vreemdelingen inlichtingen
Observant#25 2004 Incidentenpolitiek
Observant#24 2004 Europese Terreur
Observant#23 2004 Boeven en buitenlui
Observant#22 2004 Terroristische Activist
Misleidende methode 14 november 2003
Keizer in lompen, 1 november 2003
Observant#21 2003 Vreemdelingen en de AIVD
Observant#20 2003 Snuffelstaat
Observant#19 2003 Globalisten onder de loep
Observant#18 2003 EU & AIVD, list & bedrog
De Snuffelstaat, NL en de BVD 1 november 2002
Schone schijn, 1 juni 2002
Observant#17 2002 Schone Schijn
Observant#16 2002 EU Europol snuffelen
Observant#15 2002 Politie betaalt studie
Observant#14 2002 Op jacht naar links
Observant#13 2002 IMSI DNA BVD kip
Observant#12 2002 De vader van de bruid
Observant#11 2001 War on Terror
Observant#10 2001 Europa tegen demonstranten
Observant#9 2001 Burenruzie en oliegiganten
Observant#8 2001 Veiligheid en zekerheid
Observant#7 2001 Camus Echelon Greenpeace
Zoom, cameratoezicht, 1 augustus 2000
Tips tegen tralies, 1 juli 2000
Dossier Cryptografie, 1 mei 2000
Dossier Cryptografie (GB), 1 mei 2000
Dossier Pepperspray, 1 maart 2000
Observant#6 2000 BVD en vluchtelingen
Observant#5 2000 Begrotingen politie justitie
Observant#4 2000 Zoom: dossier cameratoezicht
Observant#3 2000 Europol
Observant#2 2000 Crypto Pepperspray
Observant#1 2000 Crime in Cyberspace, EK2000
Luisterrijk, 1 november 1999
Dossier Europol II, 1 april 1999
Het Europese asielbeleid, 1 september 1999
VD-Amok inlichtingendiensten, 1 december 1998
Dossier Europol I, 1 mei 1997
Welingelichte Kringen, 1 juli 1995
Nederland, open U, 1 juli 1994
De muren hebben oren 1 januari 1994
Opening van Zaken, 1 maart 1993
De vluchteling achtervolgd, 1 april 1991
Regenjassendemokratie, 1 april 1990

FinFisher Spyware overview

August 22, 2023

In the course of several years Buro Jansen & Janssen has collected data on the use of FinFisher spyware. This overview is not at all complete. It could be that some of the countries mentioned did not use the spyware from FinFisher, but we listed these countries nevertheless because their names came up in research from WikiLeaks, Citizen Lab, Privacy International or other organizations/media because, for example, ‘control servers’ were located in these countries and/or demonstrations were given. This does not necessarily mean anything but the lack of formal denial, formal and open investigation into the existence of these servers and other reluctance to give openness and transparency about the use or existence of spyware in these countries compelled Buro Jansen & Janssen to list them.

Then there are three other aspects of the listing which are important to mention. Some countries, for example Cyprus, but also Germany, Italy, and Israel are known for harbouring the firms which produce the spyware or export or facilitate the export. Then as already said there are of course the meetings, negotiations and demonstrations, which might or might not have resulted in the purchase of FinFisher. In any case, because transparency is lacking and countries do not give any accountability to why they meet up with companies which have relations with repressive regimes and could be labelled as criminal organization, these countries appear on the list. Finally there is the case of ‘Black Oasis’, ‘Neodymium’ or ‘Promethium’.

These names are assigned to an unspecified mysterious group which can be a hackers group whether or not related to a company, a state or a governmental body apparently using FinFisher tools in relation to several countries. Mostly it is assigned to some Russian hackers group. The problem is that in a world of spyware that is entangled with secrecy and secret services, it is also possible that the targets do not tell the whole story of the group or organization behind the name. It is difficult to tell.

So the countries connected to Black Oasis are also added to the list, especially because no specific investigation into the usage of FinFisher by this group is officially and openly reported or announced. All in all the countries on this list can be labeled as in one way or another connected to FinFisher in much the same way the authorities always explain their actions towards presumed suspects of terrorism or organized crime: ‘Where there’s smoke, there’s fire’.

Then lastly there is the amount of publishing about FinFisher in a country. In some countries a lot is published about Finfisher, partly because there were some specific cases or other reasons. About other countries much less is published. Some only related to ‘Black Oasis’. These countries, like Cyprus, Iran, Iraq, Kuwait, Madagascar, Myanmar, Russia, Sweden, Switzerland, Syria, Thailand and Yemen are still added.

The same applies to the numerous companies and persons involved in FinFisher. What started with one company spiraled into a web of companies from the UK to Germany, Cyprus, Virgin Islands, Lebanon, Bulgaria, Malaysia, Singapore and other countries. The web consists of dismantled, sleeping, silent, active and other registries. All creating a web which has all the hallmarks of a money laundering and organized crime operation. Question remains why all these companies, amongst which a lot are registered in so-called democratic states, were able to sell their goods to these western countries that paid for spyware from a company about which not only ethical questions could be asked, but also issues of tax avoidance, money laundering and consequently of organized crime.

Therefore the list of companies is also long. Some companies might only be related to property ownership of one or more of the employees involved in one of the companies which provide spyware, but this is impossible to say because of the nature of the web. Unless persons involved are clear (supported with documents) about their position towards Gamma Group, the trade to repressive regimes, the tax policy of the companies and other aspects of professional and legitimate business operations nothing conclusive can be said about their involvement. So again, ‘where there’s smoke, there’s fire’.

Gamma Group/ FinFisher is regularly mentioned in relation to two other sets of companies which are formally not connected. These are Elaman and Trovicor. Elaman looks like the typical reseller which has its own network of companies in Germany, Switzerland, Lebanon, the Emirates and probably Singapore, Indonesia and South Africa. Although it looks like an intermediary, Elaman seems much more connected to the Gamma Group network. It presents itself as closely connected to Gamma TSE, Gamma Group and G2 Systems. As a Technical Sales and Consultancy specialist Elaman seems much more as a covered Gamma Group sales department, less connected then for example the Raedarius network.

And then there is the Trovicor network which was known as Nokia Siemens Networks or NSN, a joint venture between the Finnish Nokia and the German Siemens. Trovicor looks like a competitor of Gamma Group but the world of spyware companies show similarities of the world of spies, a world or mirrors. Gamma Group worked in the past closely together with Siemens Pte. Elaman sells not only products from Gamma Group, but also Trovicor and Nokia Siemens Networks, VASTech and Utimaco. The Swiss branch of Trovicor is closely connected to the Swiss branch of Elaman. Personnel has been switching from Nokia Siemens Networks to Elaman. Although there are no formal connections between Gamma Group and Trovicor, definitely there are very close relations. If that is still the case remains unclear since the acquisition of Trovicor by the French Boss Industries. Boss Industries also owns Nexa Technologies, formerly known as Amesys.

Then what about the people involved. Starting with father and son Nelson only a few people have come in the limelight over the years, these are mainly Stefan of Stephen Oelker of Stephan Ölkers, who died in 2016, and Martin Johannes Münch (Muench). For the rest the listed persons are connected to one or more companies related to the network of Gamma Group and FinFisher. Interesting example is for example Christoph Diekhöfer. A person who is vaguely related to the network although he pops up in relation to a company in Cyprus, connected to Louthean Nelson and connected to export of FinFisher. So again, are these people involved in providing spyware to repressive regimes, tax avoidance, money laundering, criminal activities? Question mark yes, but also no, because if you define the Gamma Group as an organized crime group providing repressive regimes and other criminal activities with tools to violate human rights then every person in that group could be a suspect in an investigation. So definitely smoke, and ‘when there’s smoke, there’s fire’.

Related companies (dismantled, sleeping, silent, active and other registries):

In the United Kingdom: Gamma International (UK) Ltd, Gamma TSE Limited, Gamma 2000 Limited, Gamma 2000 Waste Management Limited, G2 Systems Limited, The CBRN Team Limited, Computplus Limited, Finfisher Limited, T.S. Comms Limited, Gamma Cyan Limited, Personal Protection Products Limited, Compass Military Services Limited

In Germany: PK Electronic International Limited, Gamma International GmbH, Gamma International Sales GmbH, Gamma International Holding GmbH, FinFisher GmbH, FinFisher Labs GmbH, FinFisher Holding GmbH, Raedarius m8 GmbH, So m8 GmbH, Lench IT Solutions Plc, SIS Eastern Europe GmbH, SIS Romania GmbH, Vilicius Holding GmbH, Martin J. Muench GmbH, MuShun GmbH

In Germany, probably not directly related to the production of spyware, although not conclusive but might be related to trade and/or trade relations: Villa Deta GmbH, SO Verwaltungsgesellschaft mbH, VGL Verwaltungsgesellschaft mbH, hph Immobilienberatung GmbH, hph consulting GmbH, Objekt 5001 GmbH, Quaestus Alp47 GmbH, Quaestus alpha GmbH, AK Invest Gmbh, SIS Solar Installation Service, AdSum UG, H & D Holding GmbH, GM Vermögensverwaltung GmbH, IQbyte GmbH, NTT Security (Germany) Services GmbH,

In Switzerland: Gamma Sales AG, FinFisher AG, Amador AG, Raedarius AG, Gamma Global Holding AG, Global Environnement Capital SA

In Bulgaria: Raedarius M8 EOOD (РАЕДАРИУС М8 ЕООД)

In Singapore: Mindstone International Pte. Ltd., Global Surveillance Systems, BizCorp Management Pte Ltd.,

In Malaysia: Raedarius M8 Sdn. Bhd., Mu Shun (Malaysia) Sdn. Bhd.

In Lebanon: Gamma Group International SAL, Alaman – German Security Solutions SAL, Gamma Cyan SAL Offshore, Cyan Engineering Services SAL, Mtrac?

In the British Virgin Islands: Gamma Group International Limited, Mindstone International LTD

In Cyprus: GTSC LTD, Gamma International Ltd, Gamma 2000 (Cyprus) Limited, Raedarius Limited

In the United Arab Emirates: Mu Shun Fze (?), Raedarius (Media, IT & Telecommunication)

The several branches of Elaman: Elaman GmbH (Germany), Alaman – German Security Solutions Sal Offshore (Lebanon), Elaman ME FZE (UAE/Dubai), Elaman AG (Switzerland)(probably also companies in Singapore, Indonesia and South Africa)

The several branches of Trovicor: Trovicor gmbh (Germany), Trovicor holding GmbH, Datafusion Systems GmbH (Germany), Datafusion Holding GmbH (Germany), Intelligence Solutions Holding GmbH (Germany), Blitz 08-500 GmbH (Germany), Trovicor AG (Switzerland), Trovicor (Smc Pvt.) Ltd. (Pakistan), Trovicor SOLUTIONS FZ LLC (UAE/Dubai), Trovicor Fz-Llc (UAE/Dubai), Trovicor Technology Sdn. Bhd. (Malaysia), TROVICOR SDN. BHD. (Malaysia), Eirene – Trovicor Solutions India Pvt.Ltd (India), Trovicor s.r.o. (Czech Republic), Trovicor LLC (Oman), Trovicor solutions asia limited (Hong Kong), Trovicor (full name?, Lebanon)

Related persons:

Peter Klüver (PKI Electronic Intelligence GmbH)

William Louthean Nelson (Gamma TSE Limited, FinFisher Limited, Gamma 2000 Waste Management Limited, Gamma International (UK) Limited, Gamma 2000 Limited, Gamma Cyan, Limited, G2 Systems Limited, Computplus Limited, Compass Military Services Limited)

Louthean John Alexander Nelson (PKI Electronic Intelligence GmbH, PK Electronic International Limited, PK Electronic International Corporation, Gamma TSE Limited, FinFisher Limited, Gamma 2000 Waste Management Limited, Computplus Limited, Gamma International (UK) Limited, the CBRN Team Limited, Gamma 2000 Limited, Gamma Cyan, Limited, G2 Systems Limited, BN Management Security Systems Ltd, Axcition Europe, Gamma Tema Consultants, Gamma International Ltd, Gamma International GmbH, Gamma Group International SAL, GTSC LTD, Gamma International Ltd, Gamma 2000 (Cyprus) Limited, Raedarius Limited, Mindstone International Pte. Ltd., Global Surveillance Systems, BizCorp Management Pte Ltd, Gamma Group International Limited, Mindstone International Ltd)

Brydon Stewart Deas Nelson (Gamma Cyan, Limited, G2 Systems Limited)

Pauline Louise Nelson (G2 Systems Limited, Computplus Limited, Gamma 2000 Waste Management Limited, Gamma 2000 Limited)

Jacob Perch Nelson (the CBRN Team Limited)

Derek Alan Myers (Gamma TSE Limited, PK Electronic International Limited)

Martyn Russell Myers (Gamma TSE Limited)

Christine-Ann Myers (Gamma TSE Limited)

Thomas Fisher (Gamma International)

Mohamed Farid Matar (Gamma Group International SAL)

Edgar Bucheli (Gamma International Asia)

Johnny Debs (Cyan Engineering Services Sal)

Emmanuel Chagot

David John Wood (Gamma Cyan Limited)

Julian Oliver Snell (Gamma Cyan Limited)

Karen Jean Seymour (G2 Systems Limited)

Stefan of Stephen Oelker of Stephan Ölkers (died in 2016): (Vilicius Holding GmbH (FinFisher Holding GmbH, Gamma International Holding GmbH), so m8 GmbH, raedarius m8 GmbH, FinFisher GmbH, FinFisher Labs GmbH, Mtrac? (Libanon)

Sascha Markus Kampf (Vilicius Holding GmbH, so m8 GmbH, FinFisher Holding GmbH, Villa Deta GmbH, SO Verwaltungsgesellschaft mbH, VGL Verwaltungsgesellschaft mbH, hph Immobilienberatung GmbH, hph consulting GmbH, Objekt 5001 GmbH, raedarius m8 GmbH, Quaestus Alp47 GmbH)

Andreas Knab (Villa Deta GmbH, SIS Eastern Europe GmbH, AK Invest Gmbh, SIS Solar Installation Service)

Georg Glatzeder (VGL Verwaltungsgesellschaft mbH)

Katja Gogalla (VGL Verwaltungsgesellschaft mbH)

Martin Johannes Münch (Muench) (raedarius m8 GmbH, FinFisher GmbH, Vilicius Holding GmbH, Martin J. Muench GmbH, MuShun GmbH, FinFisher GmbH, FinFisher Labs GmbH, FinFisher Labs GmbH)

Carlos Hugo Gandini (Trovicor, AdSum UG, H & D HOLDING GMBH, FinFisher GmbH, Gamma Group, Gamma International)

Holger Tesche (GM Vermögensverwaltung GmbH, FinFisher Labs GmbH, Gamma International GmbH)

Lucian of Lucien Hanga (FinFisher Labs GmbH, Gamma International GmbH)

Daniel Maly (FinFisher GmbH)

Christoph Diekhöfer (raedarius m8 GmbH, Raedarius Limited)

Georg Johann Magg (FinFisher Labs GmbH, Raedarius m8 GmbH, IQbyte GmbH, NTT Security (Germany) Services GmbH, Integralis Deutschland GmbH, Integralis Services GmbH, Activis Ismaning GmbH, Activis GmbH, NTT Com Security (Deutschland) Services GmbH, NTT Com Security (Germany) Services GmbH), Integralis AG, Nocitra Limited (voorheen Articon-Integralis Limited, Integralis Limited, Intercede 601 Limited), NTT Security UK Limited (voorheen NTT Com Security (UK) Limited, Integralis Limited, Integralis Network Systems Limited, Coleslaw 355 Limited, Silversky EU GmbH)

Harald Heid (IQbyte GmbH, MTI Technology GmbH)

Michael Marr (IQbyte GmbH)

Nicolas Mayencourt (Dreamlab)

Peter Habertheuer (Vastech AG, Nokia Siemens Networks, Elaman GmbH)

Monika Frech-Hänggi (Vastech AG, Elaman AG, FAI AG, Famoex AG, Kialo AG, S.A. de la Communication Sécurisée SCS, SBI Consulting- und Verwaltungs- AG, Priparop S.A., Falcontec SA, Marphil AG)

Henning Möller (Elaman AG, Trovicor AG, Falcontec SA, FAI AG, Kialo AG (Ciphire Labs GmbH/ Kialo GmbH))

Markus Michael Meiler (Elaman AG, Elaman GmbH, inseen UG)

Holger Günther Rumscheidt (Elaman GmbH, Elaman AG, MAELU Franchise Gmb, Toleo GmbH)

Eugen Fissl (Elaman GmbH)

Wolfgang Sandow (Famoex AG, Falcontec SA, WKW AG)

Georg Johann Magg (FinFisher Labs GmbH, raedarius m8 GmbH, IQbyte GmbH, NTT Security (Germany) Services GmbH (Integralis Deutschland GmbH, Integralis Services GmbH, Activis Ismaning GmbH, Activis GmbH, NTT Com Security (Deutschland) Services GmbH, NTT Com Security (Germany) Services GmbH), Integralis AG, Nocitra Limited (voorheen Articon-Integralis Limited, Integralis Limited, Intercede 601 Limited), NTT Security UK Limited (voorheen NTT Com Security (UK) Limited, Integralis Limited, Integralis Network Systems Limited, Coleslaw 355 Limited))

Disclaimer

Buro Jansen & Janssen does not claim that this research is fully satisfactory, but it is an attempt to protect the rule of law by which suspects have insight in the way evidence is gathered and by which the legitimacy of evidence can be proven beyond a reasonable doubt. Spyware, and in this case FinFisher, has all the whole marks of a black box by which evidence is collected which cannot be verified beyond a reasonable doubt that it is truly evidence and not fabricated proof of guilt by a state or even a non-state actor. This doubt is enlarged because of the secrecy and the lack of transparency by both states and companies of the usages, inner workings, limitations, security entity breaches and other aspects of the used spyware. In the case of FinFisher the use by a non-identified, for now named ‘Black Oasis’, questions also the fact if law enforcement agencies are the only actors targeting the suspects. It opens Pandora’s Box of possibilities to fabricate evidence of wrongdoing. And in the case of FinFisher there is not only the possibility of violation of export regulations, but also the questions about tax evasion, money laundering, espionage and other criminal activities in relation to the export and usage of spyware by repressive regimes. Because isn’t there a possibility that ‘Black Oasis’ is part of the FinFisher network. This is not an unreasonable conclusion. No official investigation has been started in relation to ‘Black Oasis’, no official publication and statement has been issued in relation to ‘Black Oasis’, so everything is possible.

In the case that you or your company is listed here and this is not correct, Buro Jansen & Janssen will correct this if beyond a reasonable doubt the claim of not being connected to the Gamma Group network is made public.

Publicaties

Thema's

Migratie

Politieklachten