http://www.bloomberg.com/news/2012-11-08/mjm-as-personified-evil-says-spyware-saves-lives-not-kills-them.html
MJM as Personified Evil Says Spyware Saves Lives Not Kills Them
By Vernon Silver - 2012-11-08T23:01:00Z
In the secretive world of surveillance technology, he goes just by his
initials: MJM.
His mystique is such that other security professionals avoid using wireless
Internet near him. MJM himself suggests that those he meets allay their
paranoia by taking batteries out of their mobile phones.
Special Report: Unsafe at Any Bitrate
MJM -- Martin J. Muench -- is the developer of Andover, U.K.-based Gamma
Group’s FinFisher intrusion software, which he sells to police and spy
agencies around the world for monitoring computers and smartphones to
intercept Skype calls, peer through Web cameras and record keystrokes.
In the past year, the hacker-turned-executive has himself been under attack
as the 2011 Arab Spring uprisings unravelled the cloak of secrecy he’d
operated behind.
FinFisher’s once-elusive FinSpy tool has been exposed targeting activists
from the Persian Gulf kingdom of Bahrain; decoded for the first time by
computer-virus hunters; placed under export control by the U.K.; and traced
to countries with poor human rights records, such as Turkmenistan in Central
Asia.
As evidence mounts that repressive regimes routinely use surveillance gear to
track and capture dissidents, FinSpy has been singled out as one of the most
invasive weapons. The attention has subjected Muench to death threats, he
says, and government scrutiny.
It’s against this backdrop -- which Muench, 31, calls a “witch hunt” -- that
he’s decided to explain himself, opening his Munich offices to a journalist.
‘Personified Evil’
“I’m the personified evil,” Muench says of his role as the face of FinFisher,
which he defends as a tool for catching pedophiles and terrorists. Muench,
who was born in northern Germany and grew up in a town (population 800) that
he won’t name out of concern for his family’s security, started hacking at
around age 13. As managing director of Gamma’s German-based unit, Gamma
International GmbH, he’s developed FinFisher spyware since 2007, and leads
its marketing.
“The product helps to catch serious criminals and helps to save lives,” says
Muench, who stands about 1.9 meters tall (almost 6 feet 3 inches), has
close-cropped hair and is dressed in a black, collared shirt, distressed blue
jeans and black shoes. He won’t provide examples of crimes solved, saying it
could jeopardize clients’ methods. “So we have to live with the bad guy
image,” he says.
Other units of Gamma Group provide intelligence training and sell
surveillance vans, wireless microphone systems and interrogation rooms
outfitted with audio and video capabilities. The company is controlled by
members of a British family, the Nelsons. Transforming Surveillance
Of Gamma’s products, FinFisher has become the flashpoint. It represents the
leading edge of a largely unregulated trade in cybertools that is
transforming surveillance, making it more intrusive as it reaches across
borders and spies into peoples’ digital devices, whether in their living
rooms or back pockets.
A Bloomberg News investigation this year into the abuses of intrusion
products and the threats of computer espionage has shown how technologies
from companies such as Gamma and its competitor, Milan-based HackingTeam,
represent the next step in a digital arms race between governments and the
people they watch.
Political dissidents who discovered FinSpy trying to infect their e-mail
inboxes heap scorn on Muench for what they say is complicity in rights
abuses.
“I have little respect for this man for his role in the violation of my
privacy rights and for risking the work we are doing,” says Ala’a Shehabi,
31, a U.K.-born democracy advocate and economist hit by FinSpy in Bahrain
this April and May.
Misunderstood Spyware
Muench responds that he and his spyware have been misunderstood, and that any
product can be used for harm. “So can a can of fizzy drink or a car battery,”
he says.
To drive that point home, Gamma Group’s communications director, Robert
Partridge, points to a glass bottle of Coca- Cola in the middle of a table in
the company’s conference room. Carbonated beverages, he explains, could be
very painful when poured in the noses of interrogation subjects who have been
turned upside down.
Muench says Gamma acts responsibly by only selling FinFisher to governments
and obeying the export laws of the U.S., the U.K. and Germany. After he sells
a system, it’s out of his hands, says Muench.
‘No Control’
“We have no control; once it’s out there it’s basically with the country,” he
says during the five-hour interview that veered from a product demonstration
in Gamma’s conference room to lunch at a Bavarian restaurant serving
specialties from Munich’s Oktoberfest tents to getting lost driving his
company’s black BMW 528i sedan back to the office. “That’s why we check, ‘Are
they bad guys?’ before we deliver it.” He doesn’t reveal which governments
have purchased FinFisher.
Muench, whose only formal education after high school was a part-time
university course in jazz piano, is trying to set the record straight about
himself and his company after a blistering year.
In May, Bloomberg News obtained spyware that had been sent to activists from
Bahrain and gave copies to a San Francisco- based security expert, Morgan
Marquis-Boire, for analysis. Marquis-Boire dissected the samples and found
they were Muench’s product. His research, published by the University of
Toronto Munk School of Global Affairs’ Citizen Lab, and Bloomberg News
stories about it appeared in July.
Also in July, London-based Privacy International, which monitors surveillance
abuses, informed the British government it planned to file a lawsuit to force
regulation of surveillance technology sales, including those of FinFisher.
Targeting Dissidents
The next month, following the disclosures that the software had targeted
dissidents, the U.K. government informed Gamma it must obtain export licenses
to sell FinSpy outside the European Union.
At the same time, researchers including Claudio Guarnieri of Boston-based
security risk-assessment company Rapid7; Bill Marczak, a computer science
doctoral candidate at the University of California Berkeley; and
Marquis-Boire, whose day job is working as a security engineer at Google
Inc., found computers that appeared to be command servers for FinSpy in at
least 15 countries.
They also documented FinSpy’s ability to take over mobile phones -- turning
on microphones, tracking locations and monitoring e-mails.
The pressure has continued to build.
On Oct. 12, U.S. law enforcement officials warned smartphone users to protect
themselves against FinFisher, calling it malware, or malicious software.
Government Warning
“FinFisher is a spyware capable of taking over the components of a mobile
device,” the Internet Crime Complaint Center, a partnership between the
Federal Bureau of Investigation and National White Collar Crime Center, said
in a Website alert to the public. “FinFisher can be easily transmitted to a
Smartphone when the user visits a specific web link or opens a text message
masquerading as a system update.”
Muench has put himself forward as Gamma’s point man on the issue, as Gamma’s
controlling shareholders, the Nelsons, remain in the background. He says they
act only as investors, providing money and customer contacts for FinFisher.
The family declined requests to be interviewed for this story through
Partridge, who acts as a spokesman for both Gamma and the Nelsons.
Before joining the Gamma group of companies 13 years ago, Partridge says,
family patriarch William Nelson, now 80, held a half ownership of Wallop
Holdings Ltd., a pyrotechnics and defense company that made flares,
riot-control equipment and smoke generators.
Iraq Questions
Questions that arose from Nelson’s time at Wallop, also based in Andover in
southern England, foreshadowed the current FinFisher controversy.
Wallop twice denied published reports that it may have had dealings with
Saddam Hussein’s Iraq. In one instance, the company said it had rejected an
Iraqi request for rocket launcher samples in 1984. Then, in the 2003 invasion
of Iraq, Scottish troops found grenades in boxes outside Basra bearing
Wallop’s name. That led Wallop to disclose that it had sold smoke grenades to
Kuwait in 1986, and to suggest that the weapons must have been seized by
Iraqi troops during their earlier occupation of the neighboring country,
according to news reports at the time.
“Wallop Industries at no time supplied Saddam Hussein or Iraq,” Gamma
spokesman Partridge says. The items found in Iraq bore codes that matched the
Kuwaiti sale, and Wallop never made rocket launchers, he says.
Surveillance Shift
Nelson sold his stake when new owners purchased Wallop in September 1987 in a
deal that valued the company at 7.6 million pounds ($12 million), according
to a company announcement.
After the sale, Nelson retired until 1999, when he joined Gamma, which had
been founded in Beirut in 1990 as a trading company dealing in general and
electrical goods, Partridge says. Today, under Nelson family control, the
U.K. and German companies that comprise what is now Gamma Group specialize in
surveillance and security.
The transformation shows why governments seeking to protect human rights must
modernize their export controls to keep up with changing technology, says Ben
Scott, a former policy advisor for innovation to U.S. Secretary of State
Hillary Clinton.
“Shipping guns and grenades over an ocean leaves a physical trail in a way
that downloading software does not,” says Scott, senior advisor to the
Washington-based Open Technology Institute, a policy group that promotes
affordable and universal communications networks and studies the social
impact of new technologies.
Expanding Business
As Gamma expanded, it sold governments eavesdropping gear for intercepting
communications, Muench says. In recent years, such passive surveillance,
which includes phone tapping, became less effective as Internet
communications boomed.
“More customers came and complained, basically saying ‘Oh, we can’t get this
and that and that, so we need to find a way to intercept,’” Muench says.
By 2007, Muench had gained recognition as a developer of BackTrack, one of
the best-known free tool kits for computer penetration testing.
That year, Gamma approached him and, according to Muench, said, ’Listen we
need professional government tools to face these kinds of challenges.’” He
made the jump to corporate life.
Muench built the German business from a home office to a unit that now
employs about 30 people on the second floor of a modern building with
floor-to-ceiling windows in a neighborhood filled with technology companies.
He owns 15 percent of the German-based Gamma International, he says.
Tables Turn
Muench stayed under the radar until the Arab Spring, which exposed
surveillance technologies used by regimes across the Middle East, turned the
tables on him. As the purveyor of technology for secret stalking, he has
himself become the hunted.
Muench and FinFisher first came under scrutiny after a sales pitch made to
Egyptian state security for a system priced at 388,604 euros ($499,084) was
uncovered following that country’s February 2011 revolution. A sale was never
completed, Muench says.
The secret FinFisher software became an object of fascination within the
virus-hunting world. In March 2011, Mikko Hypponen, chief research officer at
Helsinki-based data security company F-Secure Oyj, vowed that if a copy were
ever found, he’d write anti-virus protection against it.
Exposing FinSpy
From then, the attention didn’t let up. In December, anti- secrecy website
WikiLeaks posted Gamma promotional videos showing how police could plant
FinSpy on a target’s computer.
This year, the Citizen Lab and Bloomberg News reports about Bahrain on July
25 started the clock on a race between Muench, who needed to quickly rewrite
his software, and the researchers and security companies, who began tracing
where FinSpy was in use and crafting protection for its potential targets.
“It’s a cat and mouse game,” says Muench, who was in Brasilia that day
pitching FinFisher at the Latin American installment of the ISS World
surveillance tradeshow, known as the Wiretapper’s Ball.
While Muench says the samples analyzed were demonstration versions, and not
the operational software used by clients, they were close enough to require
modifications, he says. Changing characteristics of the product would make it
harder to detect by anyone who had seen the Bahraini samples. For the first
time ever, he found himself in a position of having to put the company’s
emergency plan in action.
Emergency Plan
Colleagues in Munich opened a safe (the combination is “666,” he jokes) and
removed a hard drive about the size of a large box of matches, which
contained a modified version of the spyware, Muench says.
“We always have a spare, just in case,” he says.
It took two days for programmers to prepare the new software for release on
FinSpy systems around the world, and to inform customers of the update, he
says.
To respond to the critics, Muench says he wants to demonstrate that FinSpy is
a responsible product that includes features that make the data it gathers
suitable for presentation in a court of law.
In the Munich conference room, where cabinets display black, plastic
suitcases filled with cyber-interception gear, he fires up FinSpy on his
Apple laptop, which projects what he’s doing onto a screen at the front of
the room. The console that intelligence agents use to monitor infected
computers comes to life, in blue, black and white.
Live Demonstration
“Understand, I can’t show you 100 percent, but I’ll show you most,” Muench
says.
He moves the arrow on his computer across the top of the screen, where tabs
indicate two choices: “PC Targets” and “Mobile Targets.” The targets for the
live demonstration are Gamma computers used for such purposes, Muench says.
Clicking into the PC tab, he brings up a page filled with line after line of
names and flags representing countries around the globe. The colors of
Brazil, Indonesia, Malaysia, Singapore and the U.K. and several other nations
are represented.
“What we have here is an overview of PC targets that are currently infected,”
Muench says.
He clicks into one line and pulls up the transcript of a Skype text chat.
Another click takes him to a recorded Skype call, on which he points to the
timestamps. If the audio file is edited, the software will indicate how many
seconds have been cut -- a safeguard against misuse, he says.
He then switches to “Mobile Targets,” revealing a separate list, this time of
handsets.
FinSpy Mobile can infect almost every kind of device, including Apple Inc.’s
iPhones and smartphones running Google’s Android or Microsoft Corp.’s Windows
systems, according to a pamphlet Muench provides.
Asked if the publicity he’s gotten for such surveillance powers inspires
mistrust in the people he meets, Muench says he’s given up on a social life
for now. “If I meet a girl and she Googles my name, she’ll never call back,”
he says.
In Bahrain, Shehabi isn’t shedding a tear for MJM.
“Anyone who supports these governments in their campaign of repression
deserves the reputation they get,” she says.
To contact the reporter on this story: Vernon Silver in Rome at
vtsil...@bloomberg.net
To contact the editor responsible for this story: Melissa Pozsgay at
mpozs...@bloomberg.net
--
Unsubscribe, change to digest, or change password at:
https://mailman.stanford.edu/mailman/listinfo/liberationtech
