Cyberwarfare / Nation-State Attacks , Endpoint Security , Fraud Management & Cybercrime
German Prosecutors Indict FinFisher Spyware ExecutivesExecutives Accused of Selling Tool to Turkish Intel Via a Bulgarian Front Company
German prosecutors on Monday indicted four executives of insolvent commercial spyware firm FinFisher for illegally exporting their hacking tool to Turkey.
See Also: Manufacturing System Protection from Cyber Attacks
The indictment accuses the four FinFisher executives, identified only with an initial, of evading export controls by selling the FinSpy hacking tool to Turkey's intelligence agency in 2015 through a Bulgarian front company.
The German government in 2015 designated spyware a dual-use technology subject to export licensing requirements for customers outside the European Union.
Civil rights organizations have accused FinFisher of selling FinSpy spyware to authoritarian governments across the world. FinSpy can record audio, turn on the camera and exfiltrate information from smartphones without the device owner being aware.
The indictment comes as a European Parliament committee concluded an investigation of bloc members' use of commercial spyware, publishing a slew of recommendations including the cessation of exports after this year unless governments can ensure spyware sales comply with dual-use controls. Committee rapporteur and Dutch representative Sophie in 't Veld accused Cyprus, Greece and Bulgaria "and possibly also ... other countries" of permitting illicit exports during a press conference earlier this month (see: PEGA Committee Calls for Limits on Commercial Spyware). In 't Veld welcomed the indictment in a Monday tweet, calling the charges an "important development."
Bloomberg in March 2022 reported that FinFisher had shut down operators and filed for bankruptcy.
German civil society organizations filed a complaint against the Munich company in 2019, alleging that the Turkish government had used the illegally exported spyware to target opposition leaders and journalists in the run-up to the 2017 presidential election.
An investigation by prosecutors found the company had signed a deal with the Turkish government worth 5.04 million euros for monitoring the software and hardware and providing technical support and training.