Spyware servers in SA: more details emerge

Information from Wikileaks offers another link between the makers of the FinFisher surveillance sofware suite and South Africa

By - September 12, 2013 Share on LinkedIn
WikiLeaks Counter Intelligence Unit map Spy Files 3 South Africa

New information in the latest release of WikiLeaks’ “Spy Files” suggest that suppliers of the FinFisher surveillance software suite visited South Africa in 2012 and 2013.

This comes after a report from Citizen Lab released earlier this year named South Africa as one of the countries where they detected command and control (C&C) servers for FinFisher.

As part of its most recent “Spy Files 3” release, WikiLeaks has also published data from its own “WikiLeaks Counter Intelligence Unit (WLCIU)”.

According to WikiLeaks, WLCIU has been “tracking the trackers”, among them employees of Elaman and Gamma International who visited South Africa during 2012 and 2013.

Through earlier Spy Files releases, WikiLeaks has identified Gamma International and Elaman as distributors of the FinFisher spyware suite.

In the WLCIU data, WikiLeaks shows that Holger Rumscheidt from Elaman visited South Africa from 8 January 2012 to 15 January 2012, and again from 26 February 2013 to 28 February 2013.

Louthean John Alexander Nelson, an employee of Gamma, is shown as visiting South Africa between 22 February 2013 and 2 March 2013.

However, only Rumscheidt is listed as having visited South Africa on the WLCIU tracking map on the WikiLeaks website.

WikiLeaks noted that it removed data from the map “where it is believed the companies were present in a country due to Intelligent Support Systems (ISS) conferences and meetings, or for flight transit.”

Asked about Nelson’s visit to South Africa earlier this year, a spokesperson for Citizen Lab said that they have noticed a pattern in the travels of Gamma representatives.

“Although the WLCIU data does not tell us the purpose of his visit to South Africa (e.g., vacation, business, etc.), the visit does appear to be part of a pattern of Gamma reps travelling to countries where we have found servers,” Citizen Lab said.

According to Citizen Lab, these include Qatar, UAE, Brunei, Malaysia, Serbia, Ethiopia, Czech Republic, Latvia, Indonesia, Mexico, Nigeria, Turkmenistan, South Africa, and Ethiopia.

FinFisher global proliferation - Citizen Lab (April 2013)

FinFisher global proliferation April 2013 – Citizen Lab

FinFisher in South Africa

When Citizen Lab released its report towards the end of April 2013, it revealed that FinFisher C&C servers were being hosted on the Telkom network in South Africa.

Provided with the IP addresses of the servers by Citizen Lab (which both started with 41.241), a Telkom spokesperson told MyBroadband that the addresses fell within Telkom’s pool of dynamically allocated addresses.

“These IP addresses are randomly assigned when ADSL users initiate an Internet session,” Telkom said. “The ADSL customers need not be direct customers of Telkom either; they could be accessing the internet via ADSL services acquired through other licensed operators that retail ADSL.”

As FinFisher is typically sold to governments, we previously reached out to agencies that would be likely customers of the product.

The South African Police Service (SAPS) directed our queries to the State Security Agency (SSA), who in turn pointed us to the Department of Communications (DoC).

The spokesperson for the SSA said that it is the agency’s policy to neither confirm nor deny anything that might reveal information about its capabilities.

According to the SSA, questions pertaining to FinFisher are best addressed by the DoC, though the spokesperson for the agency explained that it would not procure such information gathering software through the DoC.

Asked about the discovery of FinFisher C&C servers in South Africa, the spokesperson for DoC told MyBroadband that it did not buy the spyware suite.

South Africa’s link to The Spy Files

Spyware servers in South Africa: the plot thickens

Government spyware servers in South Africa: Telkom, Govt mum

Dictators used SA surveillance equipment: WikiLeaks

German-made spy software invades global systems: research

Who can spy on your Internet browsing?

Share your thoughts

Join the conversation

Connect with Us

androidappletwitterfacebookgoogleplusfeednewsletter

Poll

Have you received unsolicited telesales calls from a mobile network operator?

View Results

Loading ... Loading ...

More News

Message to Vodacom and MTN: “Cut your data prices, or else”

Mobile Network Operators Telkom Vodacom MTN Cell C logos new

The authorities have sent a strong message to Vodacom and MTN – unless they reduce their data prices, it will be done for them.

Hlaudi Motsoeneng must stay SABC COO: ANC Youth League

Hlaudi Motsoeneng

The ANC Youth League has given its support to former SABC COO Hlaudi Motsoeneng.

Pirated movie release types

Piracy

We take a look at the different types of movie releases which populate torrent sites.

Better crime fighting in South Africa with GIS

Thief crowbar criminal vandalism sabotage

GIS can play a vital role in understanding the risk factors for crime, and how crime can be tackled.

Free MyBroadband Newsletter
×