Turkey Using German Spy Software On Opposition Politicians & Activists

Opposition protesters in Turkey were reportedly deceived into downloading a spy app made by a German firm despite Germany having previously vowed to block exports of spy software to authoritarian countries.

The Turkish government used a German-made spy program to infiltrate the smartphones of Turkish opposition members, according to a report seen by German media. 

Germany has strict rules for exporting spy software and has in the past vowed to block exports to authoritarian countries.

What we Know so far:
German daily newspaper Süddeutsche Zeitung and public broadcasters NDR and WDR reported the news based on a study by the digital rights group Access Now. Access Now found evidence that Turkish officials had used the program "Finspy" by Finfisher, a German company headquartered in Munich, to spy on members of the opposition party CHP.

The software was primarily used during a three-week protest against Turkish President Recep Erdogan organized by CHP leader Kemal Kilicdaroglu in July 2017. Fake Twitter accounts posted links to websites that promised to inform protesters about the demonstration if they downloaded a smartphone app.

The app included Finspy software and allowed the government to gain real-time access to the smartphone owners contacts, photos and videos.

A security expert at Germany's University of Bochum independently analyzed the software and told the Süddeutsche Zeitung newspaper and regional broadcasters NDR and WDR that "it appeared to be a newer version" of previous Finspy software.

What were the Reactions?
Responding to a question by the three media outlets, the German Economy Ministry said it had not approved any export licenses for spy software since October 2014.  FinFisher refused to comment on the story after being contacted by Süddeutsche Zeitung, NDR and WDR.

The Germany director for Human Rights Watch, Wenzel Michalski, wrote on Twitter: "This [news] would mean there are holes in our export regulations. This must be investigated immediately." Green lawmaker Konstantin von Notz wrote on Twitter: "Turkish spy attacks on the opposition with technology that was created with German tax money and should never have been exported?! The #GroKo [German coalition government] must urgently clarify [the situation] and prevent something like this from happening in the future."

Germany's export policy: The same three media outlets reported in 2014 that then-Economy Minister Sigmar Gabriel wanted to stop exports of spy software to authoritarian governments. Gabriel was quoted as saying: "We want to stop the export of these types of technologies to countries that suppress civil rights movements and that do not accept basic human rights."

What is Finfisher? The company works exclusively with governments to provide police and intelligence software. On its website, it says its mission is "to provide first-class cyber solutions and knowledge for successful operations against organised crime."

DW

You Might Also Read: 

Some Notes About Wassenaar:

Snowden’s Haven - A New Surveillance App:

Biter Bitten: The Hacking Team Hit by Breach:
 

« Meet Tess: The Mental Health Chatbot
Facebook Suspends Hundreds Of Apps »

Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

eBook: Practical Guide to Security in the AWS Cloud

eBook: Practical Guide to Security in the AWS Cloud

AWS Marketplace would like to present you with a digital copy of the new book, Practical Guide to Security in the AWS Cloud, by the SANS Institute.

Cyber Security Service Supplier Directory

Cyber Security Service Supplier Directory

Free Access: Cyber Security Service Supplier Directory listing 5,000+ specialist service providers.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CERT Estonia

CERT Estonia

CERT Estonia deals with security incidents that occur in Estonian networks, start there, or which it has been notified about by citizens or institutions either in Estonia or abroad.

Alan Turing Institute

Alan Turing Institute

Alan Turing Institute is the UK national institute for data science. A major focus is Big Data analysis with applications including cyber security.

Cybersecurity Analysis

Cybersecurity Analysis

Cybersecurity Analysis provide services to address the specific cybersecurity risk management challenges inherent in industrial control systems.

Farsight Security

Farsight Security

Farsight Security provides the world’s largest real-time actionable threat intelligence on how the Internet is changing.

KOVRR

KOVRR

Kovrr enables (re)insurers to transparently predict and price cyber risk.

HackerU

HackerU

HackerU is a world-renowned provider of technology education, cybersecurity services, and high-caliber knowledge transfer.

Grayshift

Grayshift

Grayshift is the leading provider of mobile device digital forensics, specializing in lawful access and extraction.

ANSEC IA

ANSEC IA

ANSEC is a consultancy practice providing independent Information Assurance and IT Security focussed services to customers throughout the UK, Ireland and internationally.