The Munich I public prosecutor has charged four managers of the now-defunct FinFisher (also known as Gamma Group) with intentionally and illegally exporting spy software to the Turkish government. The charges come after more than three and a half years of investigation. It was previously reported that Turkish opposition members had been spied on with Trojans of German origin, with the Munich-based spyware known as FinSpy or FinFisher being used. The prosecutors claim that the EU has subject the export of surveillance technologies to the “Dual-Use Regulation”, meaning that FinFisher faced an “existential threat”. The company allegedly operated a globally branched structure to circumvent the new restrictions.
The investigations into FinFisher were triggered by a criminal complaint from July 2019. The complaint was filed by the Netzpolitik.org portal, together with the Society for Freedom Rights (GFF), Reporters Without Borders, and the European Center for Constitutional and Human Rights. Access Now, a civil-society organization, used forensic analysis to confirm that the spy program used against the Turkish protest movement was indeed a FinFisher product. The software could “gain full control over PCs and smartphones and also monitor ongoing communication,” according to the prosecutors.
After the exports, three criminal acts were committed through the transmission of a download link to the Turkish secret service MIT. If convicted, the employees responsible face a prison sentence of up to five years. The Greater Criminal Chamber of the Munich I District Court will decide on the opening of the main proceedings and a possible hearing date. In autumn 2019, FinFisher initially issued a warning against Netzpolitik.org because of “reporting of suspicions”.