In response to a WOB (Freedom of Information) request made by Buro Jansen & Janssen (Thomson & Thompson), the National Police has acknowledged that it has done business with the British company Providence. There are 39 invoices, but the police refuse to clarify which products or services they have purchased.
Providence is a British security company that offers trainings as well as equipment sales. Providence itself – as far as known – does not produce digital weapons, though the Wikileaks documents released in 2015 show that Providence does act as intermediary for digital weapons.
In response to the WOB request made by Buro Jansen & Janssen the police does acknowledge that they have done business with Providence: ‘Regarding the companies Providence (…) we have found documents.'(…) ‘The products and/or services of Providence have been acquired on an individual basis. This means that they have been acquired if and when the concerning department needed a specific tool for police and/or detection activities’.
Therefore, the National Police acknowledges that documents do exist regarding Providence. That’s as far as it goes: further information is not being disclosed. The documents made public by the police contain hardly any information at all. The police have stated that there are 39 invoices, but the only thing that’s been released is the title ‘Invoice Providence’. The released documents contain no further information, not even a date or a logo or an address. Not even a blacked out version of the invoices has been released.
So, the question remains: what did the National Police acquire from Providence?
Everything seems to point to the fact that the National Police, through the mediation of former Dutch police officer Peter Stolwerk, in all probability acquired the Unlocker alleged to have been produced by Israeli company Kailax. This became apparent after analysing the Wikileaks documents published in 2015 about Hacking Team, an analysis of the products on offer from Providence, and a digital search into any domain names that have been used by the manufacturer of the Unlocker.
It is plausible that Peter Stolwerk played a major role in forging the commercial ties between the National Police and Providence. Stolwerk is a former policer officer who became managing director of Providence BNLX, Providence’s branch in Haarlem, in 2012.
From the Wikileaks documents released in 2015 about Hacking Team it is evident that Stolwerk has many contacts within the Dutch police. For example, in 2015 Stolwerk arranged a meeting between Italian computer company Hacking Team and the Dutch police, during which the Italians were supposed to demonstrate their software. (This meeting was scheduled for July 6th, 2015, but it is unclear if it actually took place).
From email correspondence between Stolwerk and Hacking Team, it appears that he is familiar with several members of the digital crime department in The Netherlands. On June 15th, 2015, Stolwerk wrote to Hacking Team: ”Yes I know those Police Officers really well. Especially Jos van de Oetelaar. He is actually promoted as a chief of the National Technical Support unit. I don’t believe they will be present at this meeting as you will meet the cyber and digital forensics department.’
It is unknown whether Stolwerk’s contacts within the Dutch police force have been instrumental in establishing the business relation between the National Police and Providence, but it is plausible. The response to the WOB request does not offer any additional insight into this matter.
The National Police acknowledges that there are 39 invoices from Providence, but it is unclear what was purchased from Providence. The fact that the police has done business with Providence at all is remarkable in itself, because Providence’s usual selection does not appear to meet the needs of the Dutch police.
According to their own website, Providence offers trainings and equipment in the field of security and anti-terrorism. This entails trainings in observation and how to install listening devices, courses in different tracking methods, how to disguise equipment, trainings in burglary and a black catalogue containing in all probability military trainings. The equipment on offer includes a special toolkit for the installation of listening devices for both audio and video recordings and separate specialised burgling tools. They also offer complete burglary kits, as well as hidden cameras and microphones in fake rocks, tree trunks, roof tiles and other options to disguise equipment.
It is not very likely that the Dutch police would have purchased trainings, for example in observation or how to use listening devices from Providence. The police has a choice of Dutch trainers and training facilities at their disposal.
Neither is it very likely that the police would have purchased something from the standard selection of equipment Providence has on offer. For years similar products have been on offer, and have been acquired by the Dutch police, from regular suppliers like Cellebrite, Nice Systems and other companies.
Providence is a newcomer on the market of trainings and digital weapons. Employees of Hacking Team have not been convinced about the qualities of Providence and have noted at the start of 2015 that the leaflets of Providence are quite new and they contain no up to date contact details. ‘Still have to read all documents carefully, but all of them have been written on January 2015 (versions 1.0), so it seems they’re recently organizing contents. P.S. All their e-mail addresses on the last pages are wrong‘.
In their response to the WOB request, the National Police claims that it would harm their detection abilities if they would reveal more information about Providence. This reasoning can hardly be applied to Providence’s regular selection of trainings and equipment, because they do not concern the field of detection. The argument about damaging their detection abilities, however, can be applied to digital weapons.
The phrasing of the answer to the WOB request provides another clue to the police having acquired a digital weapon from Providence: ‘The products and/or services and/or means have been purchased from Providence on an individual basis. This means that they have been acquired at the moment the concerning department has the need for a specific tool for police and/or detection activities’. This doesn’t appear to have any bearing on the regular selection of trainings and equipment Providence offers.
Therefore, there is plenty to suggest that the National Police acquired a digital weapon from Providence. In that case, everything points to the acquisition of the Kailax Unlocker.
Providence does not publicly profile itself as an intermediary for the Kailax Unlocker. But from the Wikileaks files on Hacking Team it becomes clear that Peter Stolwerk does act as an intermediary for the Kailax Unlocker on behalf of Providence.
The Kailax Unlocker gives a burglar access to a Windows computer without the need to log in and without the owner becoming aware of this. This concerns Windows Vista/7/8/8.1 Server 2008/Server2012 -32/64 bit. The Unlocker can be used in combination with a keylogger or a digital weapon like Galileo RCS or Finfisher. With the Unlocker a computer can be unlocked and spy software can be installed undetected. After which the suspect can be remotely monitored.
There is very little information available publicly about the Unlocker and its manufacturer. According to its manufacturer the Kailax Unlocker has been supplied to seventy countries. This cannot be verified, but the fact that Hacking Team wanted to add the weapon to their offers in 2015 points to the fact that it is indeed a very desirable digital weapon.
It is plausible that the National Police acquired the Kailax Unlocker from Providence. If this is the case it is highly doubtful whether the police is fully aware of the tool’s background and its manufacturer.
Providence is the intermediary and not the manufacturer; it is doubtful if the police is aware of this. From email correspondence between Stolwerk and Hacking Team it would appear that he does offer the Unlocker, but reveals nothing about its origins.
Even if the police are aware of the company name Kailax, it still remains highly doubtful whether they have any insight into the origins of the company. Its website contains nothing more than address details of the company (an address in Singapore).
However, Kailax is an Israeli company. From Wikileaks files it emerges that Max/Nir Levy runs it. There is no further information about him available, either on the Kailax website or in any other public source. From a digital search into domain names it appears that Max/Nir Levy has worked for Israeli intelligence for 25 years.
If the Dutch Police have acquired the Kailax Unlocker, they have brought in a black box. With the Kailax Unlocker computers can be unlocked, using an internet connection. Max/Nir Levy says in the correspondence with Hacking Team that he offers them a black box that keeps the technique and IP address of the Unlocker server hidden. ‘Option 1 is feasible only if you are prepared to supply to customers as a sub distributer black box technology which you do not own, have no deal understanding of the IP or maintain’ (E-mail Kailax to Hacking Team 6 February 2015).
If the Dutch police used the Kailax Unlocker, they will have brought in a second Israeli black box. This time even more obscure than the listening devices from Nice Systems that The Netherlands earlier acquired, which already raised questions by the minister for Security and Justice who indicated in February 2016 that there needs to be more clarity about the functioning of the device. ‘With the many telephone taps the police executes, the supplier of the device is closely involved. But essential information about the taps is not being shared by that same supplier. There is no guarantee that the police has an overview of all interferences in the tap system’. (NOS, 12 February 2016)
Article in Dutch