KUALA LUMPUR – A German-owned company here has been implicated in an Amnesty International report alleging the use of highly invasive spyware and surveillance products by Indonesian state agencies and companies.
In a research published by Amnesty International on May 1, the UK-based non-governmental organisation reported that Indonesia sourced such solutions from Israel, Greece, Singapore and Malaysia between 2017 and 2023.
The research was conducted in collaboration with Israeli news agency Haaretz, Al-Jazeera’s Inside Story, Indonesian magazine Tempo, German newspaper Woz, and the WAV research collective.
The report, which claimed Indonesia relied on a “murky ecosystem” of surveillance suppliers, brokers and resellers, also alleged the “continued failure” of multiple countries to regulate and provide transparency on the exports of technologies that have often been used to target human rights activists, journalists and other members of civil societies worldwide.
“Intentionally or otherwise, these obscured and non-transparent networks of companies hide the nature of surveillance exports, making independent oversight challenging for national and international judicial authorities, regulators and civil society organisations,” it added.
According to the report, a company known as Raedarius M8 Sdn Bhd is said to be a wholly-owned subsidiary of FinFisher, a Germany-headquartered company ostensibly selling highly invasive spyware to governments worldwide.
The report said since 2001, FinFisher’s FinSpy spyware, which supports the targeting and infection of Windows, Mac and Linux operating systems as well as Android and iOS mobile devices, has reportedly been used to target activists in Bahrain and the political opposition in Turkey, among others.
In May last year, Munich prosecutors pressed criminal charges against four former FinFisher senior representatives for illegally selling surveillance software after they were investigated on suspicion of illegally exporting spyware products to Turkish authorities without a legal licence.
“Amnesty International linked Raedarius M8 to FinFisher by reviewing extracts of corporate records from company registers in Malaysia and Germany.
“Raedarius M8 in Malaysia is wholly-owned by German Raedarius M8 GmbH, which in turn is wholly-owned by FinFisher Holding GmbH – the holding company of FinFisher GmbH and FinFisher Labs GmbH according to the German company registry.”
Amnesty International also claimed that it had identified shipment records in commercial trade databases which show multiple hardware shipments from Raedarius M8 to Indonesian company PT. Digital Solusi Prima in August 2021.
“The shipment records do not state the exact nature of the hardware sent from the FinFisher entity in Malaysia to Indonesia, nor do they detail the end-user of this product.
“It is unclear if the exported computer hardware is related to FinFisher’s FinSpy spyware, another surveillance product or another technology sold by the company,” the report added.
It also said some hardware components in the shipment appear to be “off-the-shelf” computer accessories which may form part of a larger system.
According to information Amnesty International purchased from commercial companies selling their import and export records, Raedarius M8 had sent a total of 13 shipments to Digital Solusi, with the total value of the goods coming up to about US$2,395 (RM11,357).
Some of the goods Raedarius M8 had sent over to Indonesia include a single board computer Raspberry Pi, a power supply for the computer, battery units, plastic cases, fanless computers and “charger for max”.
Amnesty International clarified, however, that its research did not involve a forensic investigation or an attempt to identify individuals who may have been targeted with the surveillance tools in question.
“Highly invasive spyware tools are designed to leave as few traces as possible, making it exceedingly difficult to detect cases of unlawful misuse of these tools. Instead, the research focuses on the sale and transfer of several highly invasive spyware tools.” – May 4, 2024