Over the past few years, Qatar’s State Security Bureau (SSD) has been a customer of a German technology firm that sells software used to secretly monitor emails and other forms of online communication, according to a new report from WikiLeaks.
The SSD is responsible for internal security investigations and intelligence gathering, as well as sedition and espionage cases, according to the US State Department.
Wikileaks, known for publishing secret and classified information online, calls the software sold by Munich-based FinFisher “spyware” that’s “designed to be covertly installed on a Windows computer and silently intercept files and communications, such as Skype calls, emails, video and audio through the webcam and microphone.”
On its website, FinFisher – which was formerly part of the UK-based Gamma Group – said its products are designed to target individual suspects and are not mass surveillance tools.
Qatar is far from FinFisher’s only customer.
The WikiLeaks report, which was released today, identified some 17 clients – including governments and security agencies in several countries, such as Australia, Bahrain, the Netherlands, Pakistan, Singapore and Vietnam.
While Qatar may be far from the only country using FinFisher’s software, the new report sheds a rare light on the digital surveillance tools Qatar has at its disposal.
FinFisher
WikiLeaks’s report is based primarily on customer feedback and service requests sent to FinFisher.
The records related to Qatar show 11 licensing agreements active between October 2010 and April 2014. The brief entries cover difficulties that clients had in seeing “new targets” (individuals under surveillance).
Wikileaks estimates the licences sold to Qatar cost at least €683,700 (QR3.22 million).
However, the extent to which Qatar uses software developed by FinFisher – which says its products are for “targeted and lawful criminal investigation” purposes only – to monitor residents is not clear.
In the past, University of Toronto researchers found that the software was used to target activists in Bahrain.
In one 2012 case during Bahrain’s uprising, one of FinFisher’s clients sent an email from what appeared at first glance to be the personal email account of an Al Jazeera reporter. The message claimed to contain images and accounts of protesters being tortured following their arrest.
If the recipient opened the attachment, the cyber attackers gained clandestine remote access to the individual’s computer as well as the ability to steal data stored on it.
Further investigations by research and advocacy organization Bahrain Watch said FinFisher had been used to target dozens of individuals, including high-profile lawyers, politicians and journalists in that country.
Surveillance tools
Little is known about how authorities in Qatar police the internet, beyond an automated censorship tool that blocks websites deemed to contain obscene content.
In 2011, the morality censors temporarily prevented internet users in some Gulf countries from accessing the popular blogging site Tumblr.
That prompted a Harvard researcher to look into how countries such as Qatar block certain online material.
There are also isolated cases of authorities targeting residents for material posted publicly, including a Facebook comment and a YouTube video.
Earlier this year, the parent company of the country’s second-largest telecom firm said local laws prevented it from disclosing how often it turns over customer information to Qatari authorities.
Vodafone published its first-ever law enforcement disclosure report in June, analyzing demands for customer’s communications data by law enforcement agencies in 29 countries.
The company said it was unable to discuss its interactions with security officials here, but noted that authorities in Qatar have the right to demand unfettered “access (to) confidential information or communication relating to a customer.”
Meanwhile, the country’s advisory council is still mulling a draft cybercrime law, which won Cabinet approval in February.
Qatar’s state news agency has previously said that the proposed legislation would make it illegal to unlawfully access government departments or agencies through the internet.
It would also make it a crime to publish “incorrect news” online that endangers public order as well as factual information “related to the sanctity of the private and family life of individuals” or that “exceeds” the country’s social values.
Thoughts?
Makes me wish I had something more interesting to say.
That’s actually a good thing. I’m happy that their is a way to obtain information on someone if it’s needed. Qatar is the safest country in the world, and we would like to keep it like that 🙂
Unless of course due to lack of due process they authorities pick you up for something you didn’t do.
Every country is snooping, no exceptions. The issue is with those countries that snoop on their own citizens in order to quash freedom of thought and speech. Do you really think that is a “good thing”?
Exactly.
Safest country in the world? Like safe for building site workers? Safe for children in cars? Safe for pedestrians? Safe for bike riders? Safe for 4WDers in the sand dunes at Sealine? Safe for the 5 persons that recently died in an unreported fire at the detention centre? Safe for the poor irish girl who was terribly burnt by a falling burning faulty air conditioner in her own bedroom? Safe for the several children each year that die falling down holes left in sidewalks by incompetent workman? Safe for Villagio victims? Safe for all the poor service workers in bars etc that have to breath in 2nd hand cigarette smoke day in day out? Like that type of safety? Or do you mean crime wise? Well thats a joke because stats aren’t released and it is well known that many many people here do not report crime because there is no point as the police are not interested or they are scared of the police. Its not as safe as you think Billy Bob, it’s a jungle of incompetence, recklessness and scant regard for other humans.
Oh.. man.. I pity you for your never ending hatred towards Qatar.
Not hatred, honesty, truthfulness, I pity you and your blindness to reality, stay in the bubble it is safer.
With so much negativity in mind, I wonder how your friends and colleagues bear you! I have never seen you appreciating a thing related to Qatar. Its clear that you spent a major part of your time thinking and spitting venom on Qatar. #GetWellSoon
Because my friends and colleagues see the truth. And yes I have posted praise for Qatar, but given your relative short time on DN , perhaps you’ve missed them. I have merely called out someone who stated Qatar is the safest country in the world. On what basis is that broad statement made. I highlighted why it just may not be. Anyway hows your pity for those I mention? Any yet? No, to busy spitting venom at me to spare a thought for them?
Cybercrime law is for people like you.
How so? Its the truth isn’t it? Everything I’ve said has happened.
I bet your the kind no one wants to be around in the office. Always seeing the negative in the positive. Easy fix, if you don’t feel safe here, then you can leave. Am I right?
Always the pat Qatari answer. Love it or Leave it. Lets not change to make a better society for all. As with everything, those who see and call out the problems are wrong not the ones ignoring them and burying their heads in the sand.
Chill out bro. God’s land is huge. You can go where ever you want 🙂 I hear USA is pretty safe, with a lot of money to make eh? Land of the free 😀 Check it out, and leave us here with our heads buried in the ground 🙂
Thank you for reaffirming my statement and letting everyone know that the opinion I expressed is in truth, a fact.
Is that you Love it or Leave it? Have you gone and got yourself a new name? Again I ask Is it really the “safest country in the world”? You upvoted yourself, not real sporting of you, or did you make a mistake and mean to do it under your other names you use here? Also what is the positive within people dying on roads, children falling in holes, workers dying on construction sites, people dying in 4WD on sand dunes , ect, what positive do you see there sir? Seems to me to be all negative. Thats what we are talking about here’Safety’.
He’s not me, but he makes perfect sense. Qatar is a safe country, much safer than where you came from.
Chill out bro. God’s land is huge. You can go where ever you want 🙂 I hear USA is pretty safe, with a lot of money to make eh? Land of the free 😀 Check it out, and leave us here with our heads buried in the ground 😉
Have you even read the law?
Doesn’t matter if what you say is true or not. Somethings are not allowed to be said. Go read it before pretending your white laws apply everywhere.
Exactly what we need another westerner who doesn’t understand the laws and then gets jailed ‘for no reason’
How is OO breaking the law?
Holly molly! everything you mentioned are accidents. Let’s see the crime stats and compared it to other countries, Qatar have one of the lowest, but it will no longer have it if Westerners keep moaning.
Must be pretty boring for them.
9am – “email regarding sending millions of dollars to Sunni militants in Syria”. Passed. Nothing unusual.
9.05am – “Indian expat discussing having illicit relations with a Filipina”. Red Alert! Call the police, launch a raid in Al Sadd! These criminals must be found!
Looooool
The last bit is some nefarious foreshadowing of what may come to Qatar. You’d be hard pressed to find a government these days that doesn’t spy on its own citizens in some way or another, but what governments may act on varies from place to place. The veil of “decency” almost always cover up the government thug’s jackboot.
VPN, VPN, VPN
A VPN is of no use against this type of monitoring tool unfortunately.
Quite a few VPN do offer end to end encryption. This does work.
The tool discussed in this article does not capture traffic as it is being transmitted, it captures data prior to transmission through keystroke logging, screen capturing, file transfer, webcam viewing etc. therefore whether you are using a VPN or not is irrelevant.
The software is basically a commerial RAT (Remote Access Tool) Torjan. You can read more on RATs here: http://en.wikipedia.org/wiki/Remote_administration_software
…seems Mac computers are less prone to this sort of spying.. VPN and Mac 😉
@mctunder:disqus … There are solutions for Mac and Linux …
Correct, there are RATs/Trojans available for all OS’ however it is fair to say that there are less written for the Mac OS, but unfortunately less doesn’t get you very far so it would be wrong to assume that any OS is free from this type of threat.
The key is stopping the RAT from being installed on your computer in the first place which is no easy task if you are being targeted. One option would be to use a Linux LiveCD for all internet based activity, this method has been recommended by security experts for conducting online banking for quite a few years.
For those interested this is a good article:
http://krebsonsecurity.com/2012/07/banking-on-a-live-cd/
I’m sure they found a few Rials in the budget to allocate to Mac OS…
Linux LiveCD install (use a few popular distros and default settings to avoid system fingerprinting) running as an ephemeral (reset at each boot) virtual machine, and presented only with a TOR network connection would be the basic minimum I’d use should I ever be doing something really naughty.
The host would be blocked from the internet except for TOR traffic, and not used for anything other than hosting the VM. Preferably use something a bit obscure and security focussed for this such as OpenBSD, just not Windows as it has too many people poking at it and not sharing. Bonus points for stashing the lot on a hidden TrueCrypt partition.
If, on top of that, I was doing something the local state really objected to, I’d also look at tunnelling out of the country via IPSEC VPN, SSH tunnel, or SSL proxy first, then TOR over that.
A Mint Linux LiveCD is enough for normal person sensitive stuff though. 🙂
There goes my plausible deniability.
ps it goes without saying that you never use a smartphone for anything sensitive or risky since they are invisibly compromisable and even clean, they leak quite nicely making snooping by telcos/state operators really easy.
Suffering Sucatash !!! who would have thought
Its just so unbelievable isnt it, wow governments using IT to spy on citizens etc? No different to before IT just different platform, no revelation really now is it. But the masses go……really? How dare they. hmmmm
So Qatar’s government is telling us that they’re proposing a law that will make it “illegal to unlawfully access government departments or agencies through the internet?” So your saying it’s illegal to do something unlawful? To me that’s the same level of ridiculous redundancy of telling us that even though smoking is currently unlawful in certain places, they’re going to make a new law making it more unlawful. Their heads must be spinning with all the work getting done in those ministry buildings!
That’s nothing compared to the US and the Five Eyes. What Snowden files taught us is that the West’s hypocrisy is beyond limits. Even the most “civilized and democratic” countries (Sweden, Norway) turned out to be snooping on their citizens as well as other people. There is no lesson to be learned from them, and all those NGOs invading our territories to lecture us about Human Rights ought better stay there and teach Western politicians and decision-makers how to respect people and laws.
I don’t think it is hypocrisy as they never said they didn’t snoop, however I think everyone was surprised how much stuff they were looking at.
On this particular issue, Obama and his aides lied more than once.
Are you one of those who think politicians don’t lie?
Tell that to an abused maid, or a Nepalese workers family who just fell from a building project and died because health and safety doesn’t exist, or the ten ‘bachelors’ living in a 4 x 4 labour camp room. I’m sure they will feel much better knowing that ‘Western’ politicians are being told to respect people and laws. Totally different spheres of human rights and really cant be connected from my point of view.
19 guys hijacking 4 planes kind of determined that history. Do I need to specify where they were from? You’re so naive.
An inside job.
Yeah right. All the hundreds of people it took to pull off the job have kept their silence for all these yrs. I found the clock you need to go back in. Coo Coo for Cocoa Cocoa Puffs!
If they speak they will be the first to be executed. Are you not aware that thousands of officials and covert agents have been involved in creating mess in Latin America in the 60s, 70s and 80s and none of them spoke? Why is it that we only discover many plots only after the declassification of some materials decades after the plots take place? It is exactly because those who engineered the mess have to choose between keeping quiet or dying.
You really believe that all those people involved in a mass murder of their fellow citizens would be quiet. You really have been conditioned by your environment then haven’t you.
Deleting this thread for going off-topic.
You deleted my comments?
You are always chasing me but leaving the others 🙁
Yes I’m sure Shabina is just sitting there waiting for you to comment so she can delete
They were saudi so why is the US spying on Germany?
Yacine’s comments was about snooping on citizens. Spying on govt’s is as old as time.
Maybe Obama has a crush on Merkel
Kudos to you Yacine, spot on.
So that’s what the “we are watching you” campaign is all about.
Frightening.
only 3.2 million…. im disappointed frankly
how we block ? a foreign company’s server categorizes websites .. we block certain categories .. other than that block and unblock is done from government request and from common people’s request too ..its all done to keep Qatar safe
But let’s let 5 Taliban guys walk our streets. LOL
My comment was deleted….. but by whom…..
Was it interesting?
MIMH is always interesting!
I’m comfortable with governments being able to track my internet, aside from some downloaded tv shows, I’ve nothing to hide. I just hope that draft cybercrime law doesn’t make it through in it’s entirety. I dread the day that I have to access this site, or others like it, through a VPN simply because its protecting itself against prosecution for publishing factual information.
Really? So you know downloading that TV show is punishable by huge fines and possibly jail time right?
Thats not specific to Qatar or the middle east though.
No where did I say it was.
They did say – aside from some downloaded tv shows. Besides, I don’t know if piracy laws for tv shows are applicable here.
If it was a law here, we all know that it would be surely enforced. Right?
He did say but he acted like that was no big deal. Piracy laws are international. The consequences can be harsh.
Wow. Just because everything you do now is legal is no certainty that it will not become illegal next year.
I think Mr Niemöller said something in 1946 you might want to look up.
wiki leaks published the software online
http://thenextweb.com/insider/2014/09/15/wikileaks-releases-finfisher-weaponized-malware-help-people-build-defenses/
Ohh I don’t forget at all, I have a very close affiliation with both.
This shouldn’t shock anyone, you should just assume that anything online or connected to the internet or any phone is accessible to pretty much any government. And don’t kid yourself that VPN or anonymous browsers are a solution, those might be fine to bypass insignificant firewalls but won’t protect you at all
especially PPTP VPNs which are only marginally more secure than sending it out in the clear.