Search Mailing List Archives
[liberationtech] Bloomberg: Spies Fail to Escape Spyware...
frank at journalistsecurity.net
frank at journalistsecurity.net
Tue Jan 22 15:38:54 PST 2013
Spies Fail to Escape Spyware in $5 Billion Bazaar for Cyber Arms -
The intelligence operative sits in a leather club chair, laptop open,
one floor below the Hilton Kuala Lumpur’s convention rooms, scanning
the airwaves for spies.
In the salons above him, merchants of electronic interception
demonstrate their gear to government agents who have descended on the
Malaysian capital in early December for the Wiretapper’s Ball, as this
surveillance industry trade show is called.
As he tries to detect hacker threats lurking in the wireless networks,
the man who helps manage a Southeast Asian country’s Internet security
says there’s reason for paranoia. The wares on offer include products
that secretly access your Web cam, turn your cell phone into a
location-tracking device, recognize your voice, mine your e-mail for
anti-government sentiment and listen to supposedly secure Skype calls.
He isn’t alone watching his back at this cyber-arms bazaar, whose real
name is ISS World.
For three days, attendees digging into dim sum fret about losing trade
secrets to hackers, or falling prey to phone interception by rival
spies. They also get a tiny taste of what they’ve unleashed on the
outside world, where their products have become weapons in the hands of
regimes that use the gear to track and torture dissidents.
“I’m concerned about my calls or Internet being monitored, because
that’s what they sell,” says Meling Mudin, 35, a Kuala Lumpur-based
information-technology security consultant who takes defensive measures
as he roams the exhibits. “When I make phone calls, I step out of the
hotel, I don’t use my computer and I also don’t use the wireless
‘We Meet Again’
ISS, which convenes every few months in cities from Dubai to Brasilia,
is the hub of the surveillance trade. In recent years, countries such as
Syria, Iran and Tunisia bulked up their monitoring by turning to some of
ISS’s corporate sponsors, such as Italy’s Area SpA and Germany’s
Utimaco Safeware AG (USA) and Trovicor GmbH, a Bloomberg News
Business is booming, with annual revenue of $3 billion to $5 billion
growing as much as 20 percent a year, ISS organizer Jerry Lucas
Lucas, 68, an American with a PhD in physics, is perfectly cast for the
part of spyware convention mastermind. With sweeping eyebrows and a bare
pate that make him a look-alike of Democratic strategist James Carville,
he greets an uninvited journalist at his Prague event in June with,
“We’ve been expecting you.”
On the second encounter, in Kuala Lumpur this month, he descends an
escalator from the convention floor and intones: “We meet again.”
Lucas, whose conference company TeleStrategies, Inc., is based in
McLean, Virginia, makes the point that his marketplace serves police who
conduct criminal investigations and intelligence services that prevent
terror attacks. Virtually every communications network in the world
includes wiretapping for prosecutors, or location tracking to rescue
people in emergencies. And customers at ISS also include phone company
Still, Lucas describes Spy vs. Spy intrigue that emerges when he
convenes ISS (short for Intelligence Support Systems). The potential for
hacking has led him to warn attendees to comply with the law of host
“We tell them, ‘Do not bring in radio equipment that is not allowed
by the government,’” says Lucas, who started ISS nine years ago.
Some gear can intercept mobile-phone or Internet transmissions,
impersonating legitimate networks by sitting in the middle of the data
“These guys can be your base station,” Lucas says.
‘Hide Your Laptop’
Attendees routinely guard against hacking, says Nikhil Gyamlani, a
Munich-based developer of monitoring systems who has attended several
ISS events. He says being in close contact with competitors versed in
the dark arts gives them a chance to secretly copy documents saved on
hard drives or sent via e-mail. He advises preventive measures.
“Absolutely no use of wireless networks, and hide your laptop in a
safe,” says Gyamlani, 34, the founder of a new surveillance company,
GlassCube. “The fear is very justified.”
Some who haven’t taken such precautions have learned to be more
At ISS in Prague this year, an employee of an African telecommunications
regulator was cruising Facebook on his Archos (JXR) tablet computer when
he found his every click being projected on a screen at the front of the
room, he recalled afterwards in the lobby. He’d been using the
hotel’s wireless Internet.
Watching The Detectives
While ISS is closed to journalists, a Bloomberg News reporter dropped in
on two 2011 installments, walking hotel corridors, sitting in bars and
In Prague, at a hotel connected to a shopping mall food court, potential
buyers included Thailand’s Department of Special Investigation and the
U.S. Drug Enforcement Administration. In the lobby, contingents from
Greece and Turkey sat on opposite sides of the room.
Many conventioneers carried black canvas tote bags from Utimaco, whose
systems were used in a Syrian surveillance project that was exposed this
year by Bloomberg News and shut down before it could become operational.
Approaches by a journalist at ISS only triggered more paranoia among
some executives. At a fourth-floor conference room rented by Trovicor in
Prague, an employee, Jesper Mathiesen, not only declined to talk, but
declined to trust the reporter’s business card as reliable
“Anyone can print a business card,” he said, as another employee led
a delegation from Serbia into the room.
In the Prague hotel’s elevators, an employee of Andover, U.K.-based
Gamma International rode up and down, escorting government delegations
to back-to-back, appointment-only demonstrations of Gamma’s FinFisher
intrusion system, conducted in darkened rooms.
Once secretly planted on a target’s computer, FinFisher allows remote
control of the device. The tool became widely known early this year when
a copy of a FinFisher proposal turned up in Egypt after the February
revolution and was posted online.
The notoriety helped make the German hacker-turned- executive behind
FinFisher a rock star of the ISS circuit.
Listed in the conference agendas only by his initials, MJM, he is Martin
J. Muench, 30, the managing director of Gamma’s German unit. One of
his talks in Kuala Lumpur is titled, “Offensive IT Intelligence
Information-Gathering Portfolio —An Operational Overview.”
Saudi Arabia, India
At this gathering of real-life James Bonds, Muench most resembles 007
himself, as played by Sean Connery: just over six feet tall, in a trim
black suit and skinny black tie.
Spotted at ISS this month, Muench declines to comment, while lighting a
For the Malaysia event, which has 871 invited attendees from 56
countries, the Hilton lobby hosts a parade of ISS’s various tribes and
their telltale markings. Buyers from Saudi Arabia’s interior ministry,
India’s cabinet secretariat and the 5-month-old state of South Sudan
brandish yellow nametags that peg them as government officials. Vendors
are identified by red tags.
Employees of Munich-based Trovicor are easy to pick out: each is dressed
identically, in a dark suit and a red necktie, which is custom made,
marketing director Birgitt Fischer-Harrow says.
“It is a Trovicor corporate identity. The company colors are black,
white and Pantone 202c red,” she says, referring to the precise shade
Trovicor is a former intelligence unit of Siemens AG and Nokia Siemens
Networks. The chain of companies supplied and maintained eavesdropping
systems for Syria, Bahrain, Tunisia and other countries that have
battled rebellions this year, a Bloomberg News investigation showed.
Fischer-Harrow says the company can’t comment on contracts or clients.
Lucas says he’s barred Syrian or Iranian government representatives
Still, that hasn’t stopped surveillance gear from reaching those
countries, and the controversy has attracted crashers to ISS seeking to
expose how the technology can be abused by repressive regimes.
In an empty hotel restaurant after lunch, Eric King, the human rights
and technology adviser at London-based Privacy International, is poring
over conference presentations he’s obtained and tallying a growing
list of suspicious technological glitches. When he tries to send an
e-mail from his Apple Inc. laptop, he gets a message that his encryption
His paranoia builds as he also realizes that more secure 3G networks,
used for phones and wireless Internet, are unavailable in the hotel.
King, 22, jetlagged and wearing a wrinkled, blue button-down shirt, has
a hypothesis: Someone has blocked the 3G to force everyone to use
methods that would be easier to intercept.
He consults the ISS program and finds a possible culprit, “Live
Demonstration of Tactical GSM Interrogation and Geo- Location System.”
“We’ve got to get us some hackers,” he says, eager to untangle
what may be a nest of surveillance.
A few hours later, King heads to Kuala Lumpur’s art deco Central
Market to meet a Privacy International volunteer. Over a noodle dinner,
she puts him in touch with a hacker who agrees to meet up the next day.
Back at the hotel, the night is young and the paranoia is deep.
Unlike typical trade shows, this one has no social events. No
corporate-sponsored cocktail parties. No hospitality suites. Clients and
suppliers don’t want to be seen with each other in public, and some
countries bar their agents from mingling at the event because it’s a
recruiting ground for spies seeking sources, organizer Lucas says.
In some delegations, “They’ll send four or five people and have one
here just to watch the rest,” he says.
At the Hilton’s wine bar, Vintage Bank, three men from Milan-based
HackingTeam are talking among themselves, drinking from brandy snifters.
Because HackingTeam sells programs that can spy on a computer’s
contents and activities, maybe they know something about the 3G
blackout. All three say that they, too, have noticed, and also suggest
an interception effort may be afoot.
In the morning, King’s hacker arrives at the Hilton lobby, toting a
backpack filled with wireless Internet gear and wearing a black T-shirt.
They set up shop on a coffee table. After an hour of performing many of
the same tests the intelligence operative had done at the start of the
convention, the network activity comes up clean.
The hacker suggests the 3G problem might just be a spotty phone system.
Later, ISS organizer Lucas says any drop in service may have been caused
by heavy usage by convention-goers.
Upstairs, the operative is back in the leather club chair, this time
using an iPad. Asked if this isn’t risky, he says it’s just for
browsing websites, not e-mail or anything involving passwords. And
he’s got no files saved to it.
Does he have e-mail access?
He holds up a BlackBerry, and says he’s running nothing sensitive
through it. Then he does a double-take. The screen saver is a photo of
him and his wife.
The bad guys could do face recognition, he says, looking at the picture.
Kicking himself for the lapse, he walks off, the paranoia having got the
best of him.
— Editors: Marcia Myers, Melissa Pozsgay
To contact the reporter on this story: Vernon Silver in Rome at
vtsilver at bloomberg.net;
To contact the editor responsible for this story: Melissa Pozsgay at
mpozsgay at bloomberg.net
Conference organizer Jerry Lucas (back to camera) attends the ISS World
trade show at the Hilton in Kuala Lumpur. Source: Bloomberg
A convention floor display being dismantled is shown at the ISS World
trade show at the Hilton in Kuala Lumpur. Source: Bloomberg
A conference participant holds name tag during the ISS World trade show
at the Hilton in Kuala Lumpur. Source: Bloomberg
A convention floor display being dismantled is shown during the ISS
World trade show at the Hilton in Kuala Lumpur. Source: Bloomberg
Eric King, a human rights and technology adviser at London-based Privacy
International, has a meal at Kuala Lumpur’s Central Market to recruit
a hacker to test for surveillance at the ISS World trade show. Source:
More information about the liberationtech