UK firm denies supplying spyware to Mubarak's secret police
RATs nest found in Egyptian spook HQ
A UK tech firm has denied supplying spyware technology to the former Egyptian government of Hosni Mubarak.
Documents uncovered when the country's security service headquarters were ransacked during the Arab Spring uprising suggest that Egypt had purchased a package called FinFisher to spy on dissidents.
FinFisher, developed by UK firm Gamma International, is supplied exclusively to law enforcement and intelligence agencies as a surveillance tool. Trojans of this type – known as Remote Access Tools or RATs – are typically used to plant bugs on suspects' PCs to monitor emails and instant-messaging conversations, or intercept Skype calls, as the pitch for FinFisher explains:
The remote monitoring and infection solutions are used to access target systems, giving full access to stored information with the ability to take control of the target systems' functions to the point of capturing encrypted data and communications. In combination with enhanced remote infection methods, the government agency will have the capability to remotely infect target systems.
The recovered documents (pictured here) suggest the tool was licensed for a five-month trial at the back end of last year at a cost of €287,000.
During a BBC's File on 4 programme, broadcast on Tuesday, Gamma International UK denied supplying the software to the Egyptian authorities. It added that it complied with UK export restrictions.
The sales documents in question appear genuine, though it's hard to be absolutely sure especially since Gamma International has yet to respond to our request to discuss the matter. The supply of snooping technology to friendly but repressive regimes is a grey area.
William Hague, the Foreign Secretary, told the BBC he would like to see a ban on the export of goods used for repression, adding that he would "critically" examine export controls.
The File on 4 programme, entitled "Cyber Spies", can be downloaded or streamed here. ®
Sponsored: Protecting mobile certificates