With Gamma Group’s software FinFisher or FinSpy, it’s possible to break into computers, laptops, tablets and smartphones using a USB stick or remotely.
The FinFisher is a popular digital weapon. The Netherlands is among its customers, having acquired sixteen licences for FinFisher since 2012. As users of FinFisher, the Netherlands finds itself in rather questionable company. The weapon has also been purchased by a number of repressive regimes who use it to target opposition members, journalists, and human rights activists. The full scale of this became clear when Gamma Group was hacked in 2014 and 40GB of internal data was published via WikiLeaks.
Gamma Group’s activities generally take place outside the public realm. There are many questions about the company: about its financial integrity – with branches in tax havens like the Virgin Islands, Cyprus and Lebanon, and about the provenance of FinFisher – as it’s unclear who was involved in the development of the digital weapon, generating considerable security risks.
Gamma Group’s central figure is Louthean Nelson, who started his career in the 1980s at PK Electronic, a German company that grew as intermediary in the international arms trade. Louthean Nelson appears to have learned a few tricks in that time, which he has put to his advantage with Gamma Group’s international trade in digital weapons.
Peter Kluever arms trade
Louthean Nelson starts his career in the 1980s in Germany at the company PK Electronic or PK Electronic International. PK Electronic is owned by Peter Kluever, who garnered a dubious reputation in the international arms trade in the 1980s.
Kluever originally traded in electronics. His name appears as early as 1973 in the US embassies’ Cables that were published by Wikileaks. Cable ‘1973HAMBUR01517’ (‘Request for P.L. export transaction check on proposed shipment to: PK Electronic, Peter Kluver, Blumenstr. 52, 2 Hamburg 39, West Germany’) provides a brief description of PK Electronic, which it describes as a ‘fairly young firm, with good reputation in its field, but with limited financial resources.’
The new company wants to start manufacturing microchips and requires an export licence from the US for the necessary equipment : ‘PK Electronic has found a gap in the market in Germany for integrated circuits and therefore intends to begin the manufacture of IC-chips next spring.‘ The Cable describes a financier for the company from Hamburg and a Mr. Mueller who will join the company and has already visited the Department of State. The Americans have already been invited to inspect the machines as soon as they arrive from the US and are set up for production in Hamburg.
That Peter Kluever was doing very nicely indeed would become clear ten years later in 1985. The German weekly Der Spiegel dedicated a sizeable article to Kluever and his company PK Electronic: ‘Wie im Familienclan, Spiegel-Report über den Handel mit deutscher Kriegs-Elektronik’ (5 August, 1985). The article deals with the Saudi Crown Prince Abdullah Ibn Nasir IBn Abd al-Asis Al Saud’s visit to Hamburg in 1983. During this visit, Abdullah was courted with rides in a Leopard tank and a banquet, at which the highest-ranking boss of the West German army pulled up a chair and the champagne flowed freely. The Prince’s trip was organised and financed by Kluever. It yielded him an order for electronic equipment to the tune of 65 million Marks. This concerned a batch of listening devices, infrared and laser instruments, and night vision equipment, meant for the Saudi intelligence services.
PK Electronic was one of a few similar German companies who had ventured into a niche market in the 1980s by acting as intermediary and selling on products of multinationals like Philips, Siemens, AEG-Telefunken and Zeiss. According to Der Spiegel, they could sometimes export directly due to shoddy inspections, sometimes indirectly, usually by obscuring what was actually being exported. For example, PK Electronic would buy a batch of night vision equipment from Philips subsidiary Philips Elektro-Spezial and would sell it on to Saudi Arabia without the required export licenses.
Kluever not only traded with the Saudis, but also with Libyan dictator Muammar al-Qaddafi, the Assad family in Syria, and Indonesia’s Suharto. PK Electronic sold, for example, a batch of automatic radio scanners or scanning devices that are able to detect radio signals to Syria. Due to the export limitations in place in the US, the American company Ocean Applied Research Corporation couldn’t sell to the Middle East themselves, which is why the equipment was shipped to Syria through Kluever.
According to the article in Der Spiegel, Peter Kluever and his PK Electronic did excellent business during the Cold War. The article quotes a defence specialist who claims Kluever was very active in the arms trade with mainly African and Middle Eastern countries. According to the article, several countries bought less advanced Russian tanks. These were much more affordable for many countries than, for instance, German tanks, even though they weren’t equipped with all the latest electronics. After a while, the electronics could be bought for a much lower price at PK Electronic.
Kluever sued Der Spiegel because of the article. The court in Hamburg forced the magazine to print his response. This was done a month after publication, in which Der Spiegel claimed the court hadn’t checked the validity of the statements in the article and that the magazine continued to stand by its content. In his response, Kluever denied any trade of PK Electronic with the Middle East.
During the mid-1980s, Peter Kluever extended his network in Great Britain and the US. This was partly due to problems raised concerning its expansion in Hamburg and the increasing interest of the German media for his company.
Louthean Nelson & PK Electronic International
Louthean Nelson has been working for Peter Kluever for some time when he becomes part of the company structure at PK Electronic in 1985. Intelligence Online writes on December 18th, 2013 that Louthean Nelson was working as ‘the sales representative of the German security products firm PK Electronic International, he prospected the Chinese market back in the early 1980s.’
The British branch of PK Electronic International Limited is founded on November 14th, 1985, two months after the article in Der Spiegel was published. Louthean Nelson is one of its founders and he becomes its sales director. Derek Alan Myers, one of Louthean’s business partners, becomes its managing director. Six months earlier, an American branch of PK Electronic had been established in New York: PK Electronic International Corporation.
Relations between Nelson and Kluever are so good that Nelson also becomes a partner in the German company PK Electronic International. During this period, Nelson uses for his correspondence address both the PK Electronic International (Marschnerstieg 5-7) address and the private addresses of Juthornstrasse 84 and Southerstrasse 84 in Hamburg.
The latter address reappears with the second company Nelson launches in the 1980s. On January 13th, 1987, he establishes Personal Protection Products Limited together with Myers. The initial company name is Mardenmanor Ltd, which is changed two weeks later. Intelligence Online cites the reason for the establishment of Personal Protection Products Ltd. as an alleged increase in the need for personal protection during the 1980s and 1990s: ‘In the wake of the IRA car bomb death of British MP Ian Gow at his home in Sussex, it (PK Electronic) tried to flog bomb detection technology to other British Mps.’
Rise and fall of PK Electronic International
During the 1980s, PK Electronic slowly grew too big for its premises. Around 1986 the company moved from the Heidenkampsweg via the Grasweg to the Marschnerstieg in North Hamburg. The last move almost didn’t go through because the Hamburg municipal council opposed the establishment in the Marschnerstieg. Kluever threatened to move his company to London, which would jeopardise 65 direct jobs and a further 150 jobs at suppliers. On April 26th, 1988, the Hamburg council relented and approved the move to the Marschnerstieg.
PK Electronic’s growth continued during the late 1980sand early 1990s. Its clientele was no longer limited to Saudi Arabia, Syria, Libya and Indonesia, but now includes Angola, Sudan, Nigeria, Jordan, Iraq and Taiwan.
The German weekly Focus reported in 1995 on PK Electronic in an article titled ‘Knüppel für Folterknechte’ (Club for the torturer’s servant). The article begins with a list of the company’s clients that aren’t known for their respect for human rights. It then goes on to describe a number of setbacks PK Electronic experienced. Focus writes that the company received a fine in 1991 for exporting equipment to Taiwan. In 1992, a shipment of tear gas and electric shock batons destined for Angola were intercepted in Belgium and confiscated. In 1994, PK Electronic supplied a company in Jordan which was known to be an intermediary to Iraq, in order to evade the embargo against that country.
PK Electronic’s successful trade depends on invisibility. But, bit by bit more details are coming out into the public about the dealings of the company. As the years pass, PK Electronic becomes increasingly less profitable. The Dutch government, for example, registered PK Electronic as a supplier of conventional weapons, which meant the company came under the purview of its weapons export policy (including its export limitations).
It appears Kluever made some attempts to turn over a new leaf in the 21st Century. In 2005/2006 Kluever changes the name from PK Electronic International to PKI Electronic Intelligence. The company moves to the Grossenseer Strasse 18 in Lütjensee, in the outskirts of Hamburg. Registered at the same address is the Motor Museum SchleswigHolstein, of which Kluever is director. It is an online shop for all kinds of electronics for both civil and military purposes. As far as is known, Kluever is not involved in the production and trade of digital weapons.
Louthean Nelson is connected to PK Electronic International until the end of the 1990s. He’s deregistered as a representative of PK Electronic on February 5th, 1997. The English branch is dissolved on September 22nd, 1998; the American branch exists until April 12th, 2005.
The building of the Gamma Group empire
Louthean Nelson starts building his corporate empire, which would later be known as the Gamma Group, in the 1990s. Gamma Group, as the company likes to present itself at fairs, is registered in the tax haven of the British Virgin Islands under the name of Gamma Group International Ltd. According to its website, Gamma Group is an ‘international manufacturer of surveillance & monitoring systems with technical and sales offices in Europe, Asia, the Middle East and Africa. We provide advanced technical surveillance, monitoring solutions and advanced government training as well as international consultancy to National and State Intelligence Departments and Law Enforcement Agencies.’
Gamma Group consists of numerous companies, of which Gamma International (UK) and Gamma TSE are the best known. According to Gamma’s website, Gamma International UK mainly occupies itself with ‘communications monitoring solutions, tactical communications monitoring data recovery and forensic lab.’
Gamma TSE ‘has been supplying government agencies worldwide with turnkey surveillance projects since the 1990s. Gamma TSE manufactures highly specialized surveillance vehicles and integrated surveillance systems, helping government agencies collect data and communicate it to key decision-makers for timely decisions to be made.’ According to the website, Gamma TSE has been co-operating with the British government in regards to surveillance projects since the 1990s. There are no further details mentioned. Gamma TSE is present at fairs in the UK, France and the Middle East; among others at the Security & Policing fairs in Farnborough, England.
Louthean Nelson fulfils a central position within the Gamma Group, together with his father, William Louthean Nelson. In the 1990s William Louthean Nelson (born 1932) became director and owner of a number of companies set up by his son. The only company registered in the name of William Nelson that dates from before his Gamma period is Compass Military Services Limited (established January 1st, 1970), an intermediary for military equipment. William lives in Wintersbourne Earls, near Salisbury in the South of England. According to the UK Companies House registry, his company address is Parsonage Mead. Louthean Nelson lives in Beirut, Lebanon, where several other Gamma companies (Gamma International Sal) are registered.
Gamma Group describes itself as a network or an alliance. But it’s a nebulous tangle, as is seen in an attempt to unravel the chronological development of the Gamma Group.
Chronology Gamma Group
In 1998, Louthean Nelson establishes Nelson Trophy Investments Limited. In May 1999, Trophy Investments changes its name. In June 1999, Nelson becomes its director and the company continues under the name Gamma 2000.
On August 6th, 1999, Computplus Limited is established with Louthean Nelson as director. That same day, Technical Surveillance Equipment Ltd is established. In 2005, this company’s name is changed to Gamma TSE. Since May 22nd, 2001, Louthean Nelson serves as its director.
At the beginning of his career, Louthean used established companies, like Instant Companies and Swift Incorporations, to start up a new company.
In 2000, Louthean Nelson becomes the director of Gamma Cyan Limited, established in the same year. That company has now ceased to exist.
Under his own name, Nelson establishes another company in 2000: BN Management Security Systems Ltd. A year later, this company’s name is changed to Axcition Europe; two years later to Gamma Tema Consultants; and finally, in August 2005, it gets its current company name of G2 Systems.
The following years, all is quiet on the establishing new companies’ front. Nelson joins Niels Tobiasen’s company CBRN Team as its director in March 2006. Tobiasen had started the company in 2004 in order to supply Uganda with ‘CBRN (Chemical, biological, radiological and nuclear) threat detection equipment’. This venture didn’t end well for Tobiasen: he was convicted for corruption and went to jail for a year. It’s unclear whether Louthean played a part in the corruption, but as director of the company he wasn’t prosecuted. Thesecuted. CBRN Team ceased to exist in 2011.
Whether Louthean Nelson himself started a company for CBRN has not been established. According to a Gamma Group newsletter from the first quarter of 2011 that became publicly available, ’Gamma opened a company in the UK specializing in CBRN and VIP security.’ This would have taken place in 2005. The company isn’t registered in the name of either father or son Nelson.
In 2006, Nelson continues to expand the Gamma Group. That year he establishes Nelson TS Comms Ltd. He’s also the director of this company. One year later, the company’s name is changed to Gamma International (UK) Ltd.
He also establishes Gamma International Ltd the same year on September 18th, under number HE184042. The company is registered in Cyprus.
In 2006, Singapore Global Surveillance Systems is established.
In November 2007, Gamma Group International Limited establishes itself on the British Virgin Islands, a well-known tax haven. Nelson also establishes a Gamma Group International SAL in Beirut, Lebanon. Beirut is also Louthean Nelson’s place of residence.
Gamma Group GmbH/FinFisher GmbH, the German branch
The expansion of the Gamma Group in Germany starts in 2008. Germany is also the country where the digital weapon FinFisher was developed.
On November 25th, 2008, the group’s German branch, Gamma International GmbH, is registered with the German Chamber of Commerce in Munich. Initially the company is registered at the address of Tiepolostrasse 33 in Hamburg, but it moves to Munich later on. Louthean Nelson has a stake in Gamma International GmbH. Several other German subsidiaries are also established: Gamma International Sales GmbH, Gamma International GmbH and Gamma International Holding GmbH).
In May 2013, the name Gamma International GmbH is changed to FinFisher GmbH. Every other German subsidiary undergoes a similar name change. From then on, the German companies are known as: FinFisher GmbH (previously Gamma International Sales GmbH), FinFisher Labs (previously Gamma International GmbH) FinFisher Holding (previously Gamma International Holding GmbH). They are all registered in Munich.
In 2016, the following companies also form part of the German branch of the Gamma Group: Raedarius m8 GmbH and So m8 GmbH, all registered in Munich.
Apart from Germany, Louthean Nelson also expands his empire in Lebanon. Besides Gamma Group International SAL in Beirut, he establishes Elaman – German Security Solutions SAL (clearly part of the Gamma Group), Gamma Cyan SAL Offshore (same address and phone number as Elaman), and Cyan Engineering Services SAL (same address, different phone number).
The last address is directly linked to a digital weapon designed to break into the old Nokia Symbian. In the Wikileaks documents on Hacking Team, there is an email from Alberto Pelliccione (then a Senior Software Developer at Hacking Team) in which he mentions the Symbian weapon. Pelliccione thinks the company Cyan Engineering Services is an offshore subsidiary of the mother company and its website merely a front. ‘A giudicare dal sito sembra giusto una societa’ di facciata‘, he writes on August 1st, 2012. According to Pelliccione, the company Cyan Engineering Services SAL resides in the Hamra neighbourhood of Beirut, Lebanon. It therefore seems quite likely that Gamma Group trades its digital weapons through companies in Lebanon or elsewhere, out of sight of regulatory institutions.
It’s almost impossible to discern how all these companies tie together. Both the published documents about Gamma Group and the old websites of the company, as well as revelations about Gamma Group clients, paint a picture of a house of mirrors. In that sense, Gamma Group shows all the signs of a front organisation for intelligence.
Louthean Nelson is rarely seen in public, but he clearly has control of the Gamma Group, together with his father. Nelson is director and shareholder of Gamma Group International Ltd. A clear pattern is revealed when researching companies linked to Gamma Group. As soon as Louthean Nelson leaves the board of a company, his father takes over the role of director. In this way, the Nelsons keep control of their empire. Apart from Louthean and his father, only a handful of family members and friends get to be shareholder or director.
The way in which Gamma Group is organised appears to be a clever construction for transferring money to tax havens, directly or through other companies. Gamma Group, as is presented at trade fairs, is based in the tax haven of the British Virgin Islands under the name of Gamma Group International Ltd. Gamma Group also has branches in Lebanon (Gamma Group International Sal) and Cyprus – countries known to be tax havens.
What’s striking about Louthean Nelson’s companies, when you delve deeper into them, is that none of them appear to have been worth much.
The figures used in the research into Gamma Group were taken from the British Chamber of Commerce. In principle, English companies with shareholders are required to publish a limited number of financial figures each year. These concern a balance with the starting capital at the beginning of the year, outstanding accounts, the value of assets, and the end capital of the financial year.
Gamma 2000, for instance, established in 1999, has never made any profit and has never been worth anything either. Computplus, also established in 1999, was valued around 7,000 pounds for some time, but recent figures indicate the company is worthless now.
On November 30th, 2015, Gamma TSE supposedly was worth about one million pounds, a loss of over a million compared to 2013. In 2015, the English company had a negative equity of 250.000 pounds. Money appears to vanish at the English branches, even though those are the companies that present themselves as the sellers of Finfisher both at fairs and on the Gamma Group website.
On top of this, Louthean Nelson and his father William Nelson own shares in companies that aren’t part of Gamma Group formally, but with which they co-operate closely. For example, father William Nelson holds shares in Elaman GmbH, TS Comms, and Fink Secure Communications. On the face of it, these companies appear to have no formal relationship with Gamma Group.
But nothing is what it seems with Gamma Group. One example is the relationship with Elaman company. The German Elaman is sometimes presented by Gamma Group as one of its retailers. Gamma Group’s website reports that the alliance with Elaman has been fruitful: ‘The successful Gamma-Elaman partnership has successfully been involved over the past five years in multi-million Euro projects. Gamma and Elaman operate (sales, manufacturing, development, and technical support) out of offices located in Europe, Africa, the Middle East, and Far East.’
Elaman formally might not be a part of Gamma Group, but father William owns shares in Elaman GmbH, and Louthean Nelson has a stake in its Swiss branch, Elaman AG.
The development of FinFisher, Bad Aibling Station and the NSA
Louthean Nelson enters the digital weapons market . In 2008, FinFisher first appears on the Gamma Group’s website as an item for sale. At the start of 2009 (February 16th, 2009), FinFisher also gets a mention on its website: ‘Leading IT experts from the Intrusion field are part of Gamma International’s team. They are constantly developing and enhancing solutions to gather information from a variety of IT systems‘, according to FinFisher’s caption. Also listed for sale are FinUSB Suite, FinSpy, FinFly, and FinIntrusion Kit.
It’s not easy to determine which companies and individuals have been part of the development of FinFisher. Gamma International GmnH (which changed its name to FinFisher GmbH in 2013) and Elaman are constantly mentioned as FinFisher’s German manufacturers. The question remains whether this means they’re also the actual makers of the digital weapon. What research has clearly shown is this: FinFisher was developed in Germany, with the co-operation of the company Elaman, but it also involved a developer from the American company CloudShields, and possibly the NSA.
In the Insider Surveillance article ‘Reborn in the U.S.A.: The long, winding story of Gamma Group’ (December 24, 2015) a relationship is suggested between Gamma Group and the Bad Aibling Station (BAS) of the US army.
The Bad Aibling Station, which was set up in 1947 sixty kilometres from Munich, was run by the National Security Agency (NSA) until 2004. It was a listening post that was part of the Echelon network, an interception and analysis network run by Australia, Canada, New Zealand, the UK and the US. On September 30th, 2004, BAS was transferred to the Germans and since then it is supposedly run by the Bundesnachrichtendienst (BND), German Intelligence.
In 2013, the weekly Der Spiegel revealed that the NSA was still active in Bad Aibling, based on the published Edward Snowden files, and was working together with the BND on something called Operation Eikonal.
In the Insider Surveillance article, a connection is made regarding the development of digital weapons produced by the Americans, mainly by the NSA. The Snowden files show that the NSA was in the middle of developing digital weapons that don’t require actions of the target, like opening an attachment or visiting a website, in order to be able to break into a computer or a smartphone. The technology/programme was called ‘Quantuminsert’. The NSA was also looking for similar digital weapons that were being developed by other parties.
NSA involvement with the development of FinFisher has never been proven. It was determined, however, that the American company CloudShield was involved.
CloudShield developed defensive digital weapons for the American army. The Washington Post published an article on August 15th, 2014 – ‘U.S. firm helped the spyware industry build a potent digital weapon for sale overseas’ – that describes a meeting in the fall of 2009 between a senior developer of CloudShield Technologies, Eddy Deegan, and a German contact, Martin J. Muench.
Deehan worked for Gamma for a while, although without a contract. Muench had joined Gamma International GmbH in November 2008, the same period that FinFisher was first on offer. He was involved with Gamma for quite some time by then, most likely via Elaman or other companies with which the Group co-operates. Within IT circles, Muench is mostly known as the developer of BackTrack Linux, an operating programme specifically designed for testing security.
It’s remarkable that CloudShield Technologies, a company that develops hardware and software for the US army, would send an employee to Germany to cooperate with Gamma Group’s Muench without a contract or report of any kind. When CloudShield developer Deegan traveled to Munich in 2009 he met someone from a company already engaged in developing digital weapons. The Washington Post writes, ‘Over several months, the engineer adapted Gamma’s digital weapons to run on his company’s specialized, high-speed network hardware. Until then CloudShield had sold its CS-2000 device, a multipurpose network and content processing product, primarily to the Air Force and other Pentagon customers, who used it to manage and defend their networks, not to attack others.’
The development of digital weapons was at that moment (2008-2010) at a stage that playing a YouTube film or visiting a Microsoft Live place sufficed to activate the digital weapons and break into the victims’ computers. ‘Merely by playing a YouTube video or visiting a Microsoft Live service page, for instance, an unknown number of computers around the world have been implanted with Trojan horses by government security services that siphon their communications and files.‘ (The Washington Post, 15-09-14).
The published Snowden files show that at that time the NSA was developing such digital weapons using the programme ‘Quantuminsert’. YouTube is infected with a harmful computer virus; the user clicks on the video and through a fault in a programme, for instance Adobe Flash, control of the computer can be taken over. The same applies to gaps in Oracle Java technology or leaks in browsers.
The digital weapons exploit so-called zero days, faults or leaks in software that have not yet been discovered by the manufacturers and therefore haven’t been fixed. Large internet companies like Google and Microsoft are worried about this method of breaking in, according to The Washington Post, because it not only affects suspects of criminal activity but everyone who uses the internet.
FinFisher, as well as Hacking Team’s digital weapon Galileo RCS, employs a similar injection technique. It’s reasonable to assume this technology found its way to Gamma via CloudShield and the NSA. What can’t be determined with any certainty is to which degree the US government played an active role in this.
It is plausible that several specialists worked on the development of digital weapons, which the NSA was already working on. This may have happened in a commercial setting – possibly under the umbrella of the Gamma Group, possibly under the guidance of Elaman or Trovicor, two companies that trade in digital weapons in Munich.
Elaman was involved in the development of FinFisher. This can be seen on their website, amongst other things, on which Elaman writes in 2010: ‘Leading IT experts from the Intrusion field are part of Elaman’s team. They are constantly developing and enhancing solutions to gather information from a variety of IT systems. FinUSB Suite: The FinUSB Suite is a tactical USB device, which extracts predefined information from a target PC.’
Gamma Group reports on its website: ‘The Remote Monitoring and Infection Solutions are used to access target systems. They give full access to stored information, the ability to take control of the target systems’ functions, and even capturing encrypted data and communications.’
Formally, Elaman is not part of Gamma Group. However, Louthean Nelson has a stake in its Swiss branch: Elaman AG.
According to Elaman’s website, customers for FinFisher can contact the office on 15, Baierbrunner Strasse in Munich. The Gamma website and brochures refer to the same address (15, Baierbrunner Strasse, Munich) in case of help questions, specifically to a Stephen Oelkers.
Oelkers is involved with the German companies of the Gamma network: FinFisher GmbH, FinFisher Labs GmbH, FinFisher Holding GmbH, Raedarius m8 GmbH and So m8 GmbH. (FinFisher GmbH, FinFisher Labs GmbH and FinFisher Holding carried the name Gamma International GmbH until 2013.) Besides Oelkers, Louthean Nelson and Martin Johannes Muench are also involved with Gamma’s German branch. Gamma International GmbH was registered to the same address as Elaman in Munich; all companies linked to FinFisher have remained there.
Other people involved are Thomas Fisher and Carlos Gandini. In Gamma Group’s quarterly newsletter from 2011, the company writes: ‘Thomas Fisher joined Gamma International GmbH as the IP Monitoring Specialist. Gamma Group was fortunate to add Mr. Carlos Gandini to its growing team of experts in 2010. Carlos joined Gamma International GmbH in October, and is based in Munich, where he heads the Sales Department for our exclusive FinFisher lt Intrusion Portfolio.’
Whether Gamma Group gained their knowledge for the development of FinSpy from former NSA employees, the NSA itself, CloudShield, or from some other Swiss or German computer experts, FinFisher will go on to become a popular item.
Who are Gamma Group’s clients? The websites of Gamma Group, Elaman, and FinFisher shed no light on this. The companies do not publish annual reports that could provide a window into the make-up of their clientele either.
However, in the course of time it has become clear that FinFisher was purchased by repressive regimes that use the digital weapon against members of the opposition, journalists and human rights activists. From 2011 onwards, several examples of this emerge in the media.
During the 2011 Arab Spring, activists discovered that Egyptian dictator Mubarak had purchased three tons’ worth of FinFisher spyware.
Revelations about the use of FinFisher in Bahrain followed a year later, in 2012. With the publication of the WikiLeaks documents in 2014 and the hacked data of Gamma Group, more details about its clientele have come to light.
The Netherlands is among its clientele. Since 2012, the National Police purchased sixteen licences for the use of FinFisher. The Netherlands joined the ranks of European countries that had previously decided to buy Gamma Group’s digital weapons. The group includes Central and Eastern European states, Austria, Bulgaria, Czech Republic, Estonia, Finland, Hungary, Latvia, Lithuania, Macedonia, Romania, Serbia, the Netherlands, Great Britain and Germany.
The Wikileaks files show that the following countries with repressive regimes are also part of Gamma Group’s clientele: Egypt, Uganda, Ethiopia, Vietnam, Venezuela, Turkey, Turkmenistan, and Bahrain.
The WikiLeaks files also reveal Gamma Group did business in Turkmenistan, in co-operation with the Swiss company Dreamlab Technologies. In 2010, Gamma International from Munich’s Thomas Fisher spent time in Turkmenistan with Dreamlab CEO Nicolas Mayencourt. The companies jointly set up ‘an Infection Proxy Infrastructure and Solution applicable nationwide for all international traffic through the Turkmentel and TMCell networks‘ for the Turkmenistan government. Dreamlab Technologies and Gamma Group helped the repressive regime develop the infrastructure to monitor all mobile phone traffic. In Oman, Gamma and Dreamlab co-operated in a similar fashion. Gamm Group paid Dreamlab Technologies around one million US dollars for these projects.
Martin J. Muench, Gamma spokesperson, talks gibberish
Gamma Group doesn’t make a huge effort to publicly justify or defend its digital weapons’ deliveries to repressive regimes. Louthean Nelson hardly ever appears in public at all.
The only spokesperson for the company, Martin Muench, communicates in an almost surreal manner with the media about Louthean Nelson’s involvement with Gamma Group.
Martin J. Muench claims in The Guardian on November 28th, 2012, that Louthean Nelson has nothing whatsoever to do with Gamma Group and that he is the Group’s sole spokesperson: ‘He initially denied to us that Nelson was linked to Gamma, and denied that Nelson owned the anonymous BVI affiliate. Martin Muench, who has a 15% share in the company’s German subsidiary, said he was the group’s sole press spokesman, and told us: “Louthean Nelson is not associated with any company by the name of Gamma Group International Ltd. If by chance you are referring to any other Gamma company, then the explanation is the same for each and every one of them”.’
When The Guardian presents evidence that Louthean Nelson is definitely involved, Muench attempts a bit of a U-turn but not quite. ‘After he was confronted with evidence obtained by the Guardian/ICIJ investigation, Muench changed his position. He told us: “You are absolutely right, apparently there is a Gamma Group International Ltd. So in effect I was wrong – sorry. However I did not say that Louthean Nelson was not associated with any Gamma company, only the one that I thought did not exist”.’
The company also publicly reacts in a remarkable manner concerning the revelations that Gamma Group products were sold to Egypt in 2011 and Bahrain in 2012.
Gamma International GmbH lawyers deny in the Frankfurter Rundschau of March 11th, 2011 that the Germans did business with Egypt’s dictator Mubarak: ‘Das Angebot, auf das Sie sich möglicherweise beziehen, stammt nicht von unserer Mandantschaft, sondern von der rechtlich unabhängigen Firma Gamma International UK Ltd. mit Geschäftssitz in Großbritannien.‘ According to the German lawyers, the Gamma companies Gamma International GmbH and Gamma International UK have nothing to do with each other.
Nevertheless, Martin J. Muench responds to questions from Bloomberg a year later. Muench is introduced as ‘managing director of Gamma International GmbH.’ In this capacity, the director denies selling FinFisher to Bahrain.
However, Muench then becomes defensive. On July 27th, 2012 he states to Bloomberg: ‘The company was investigating whether the product in the CitizenLab study was a demonstration copy of the product stolen from Gamma and used without permission.’
Muench even takes it a step further: ‘It is unlikely that it was an installed system used by one of our clients but rather that a copy of an old FinSpy demo version was made during a presentation and that this copy was modified and then used elsewhere.”
According to Bloomberg, Muench even suggests the demo version was stolen: ’He went further to suggest that the demonstration version may have been stolen using a flash drive while conceding.’
Muench’s explanation that a demo version of FinFisher could have been stolen is not very plausible. The September 15th, 2014 WikiLeaks files about Gamma Group show beyond any doubt that Gamma Group certainly did collaborate with Bahrain. The issue of a FinFly USB licence started in October 2010 and the economic relationship lasted until February 2013.
In this particular case, Muench clearly isn’t telling the truth. There’s another reason these claims are quite remarkable and frankly alarming. Muench apparently believes it’s possible for FinFisher to be stolen in a relatively easy manner. This raises serious questions about its security. Just like traditional weapons, digital weapons can be obtained by third parties. Whether by stealing it or by copying it from a model.
Besides theft, there are a number of other things concerning the use of FinFisher that raise security issues. In the clients’ questions in FinFisher’s public helpdesk, there are questions about the discovery of the digital weapon on computers or laptops by virus scanners. This would indicate that several break-ins with FinFisher will fail, but also that the weapon can be discovered and neutralised. What consequences this might have for gathered evidence or the utility of the weapon is unclear.
The obscure development history of FinFisher raises different security issues altogether, particularly remembering that Hacking Team’s digital weapon Galileo RCS was found to have a backdoor. Gamma Group’s public documents contain little specific information about the programme; yes about what it does, but not about the tool’s specific functioning. Its unclear development history and the involvement of several parties in the development of the weapon are enough to raise doubts about the integrity of the tool, something Muench only seems to confirm in his media appearances. There’s no doubt whatsoever about the development of Galileo RCS; Hacking Team developed the tool itself andthey devised their own backdoor into the software, so they can get to it themselves without their clients realising it. It doesn’t seem unreasonable to assume the same is true for FinFisher.
Business as usual
Gamma Group doesn’t appear to be much bothered by the controversies of recent years. FinFisher is still a very sought-after digital weapon and the company appears to be thriving economically.
In that sense, Louthean Nelson appears to be a successful entrepreneur, one who has learned a great deal from his experiences in the 1980s and 1990s as intermediary for PK Electronic’s international weapons trade. From Louthean Nelson’s perspective, he’s continued the work of PK Electronic, including its corresponding clientele. The analogy between PK Electronic in the 1980s and 1990s, and post-millennium Gamma Group is striking. PK Electronic acquired weapons from Philips Elektro-Spezial, Siemens, AEG-Telefunken, and Zeiss, and sold these to repressive regimes in Asia, the Middle East, and Africa. PK Electronic started out trying to produce its own microchips, but later on discovered it was much more lucrative to act as an intermediary. Gamma Group acquires digital weapons from manufacturers in Germany and sells them to similar clients. Gamma International GmbH/FinFisher and Elaman are constantly mentioned as German manufacturers, but are they really the makers of these weapons?
Translation of the Dutch article
Links from the Dutch article