How the ‘dual-use’ ruse is employed to sell spyware

Al Jazeera investigation reveals how spyware vendors trick trade sanctions and export restrictions on ‘grey market’.

Sidestepping sanctions can be surprisingly simple. Here’s how it’s done:

Start by manufacturing products with two uses in a single product – what’s known in the industry as “dual-use” technology.

This includes equipment that can be used as a simple wi-fi router, for example, but which can also be programmed to privately spy on phone calls or internet traffic.

Then, when it comes time to export, refer to the item simply as a “wi-fi router” and don’t mention that the equipment has other capabilities.

In a four-month undercover operation, Al Jazeera’s Investigative Unit sought to buy such high-powered and heavily restricted spyware on behalf of some of the world’s most notorious regimes, including the Islamic Republic of Iran and the government of South Sudan.

The Investigative Unit found the “dual-use” ruse common in the sale of spyware which might otherwise have been blocked due to trade sanctions and export restrictions.

The results exposed the challenges of enforcing international law in an environment where surveillance companies have shown that they are willing to break the law to make a sale.

Simple traffic management system

In the autumn of 2016, Al Jazeera’s undercover reporter approached Italian communications company IPS with a proposal: provide and install an IP-intercept system to the Islamic Republic of Iran.

This type of deal would violate UN sanctions – and IPS’ head of sales, Ugo Santillo, knew it.

“Of course, it is subject to export restriction, but this is something that we can manage,” said Santillo on hidden camera.

An IP-intercept system is like an information filter that taps directly into a country’s internet architecture. It gives the user, in this theoretical case, the Iranian government, access to all information flowing through the system – potentially allowing it to access the private emails and internet history of every citizen in the country.

Ugo Santillo told Al Jazeera’s reporter that he was happy to make the 20 million euro ($21.2m) deal happen.

“Fortunately, we have a sister company, RESi,” Santillo said. “RESi sells some software analytics for, statistics for traffic congestion.”

Analysis: Citizens pay cost of illegal spyware trade

He explained that by using RESi, he could describe the product as a simple traffic management system on the export paperwork – and not mention the spyware capability – to avoid strict surveillance export regulations.

Al Jazeera showed the undercover video to export compliance lawyer Charles Giacoma who suggested that RESi would not get a licence to ship to Iran and that any attempt to circumvent EU regulation 428 on dual-use items involved the commission of a crime with the possibility of a prison sentence of five to 10 years.

In response to these allegations, the RESi Group told Al Jazeera they operate with full respect of the regulations. They also said they had been aware of the identity of Al Jazeera’s undercover reporter. They said they had only met him because they believed he might be working for a competitor.

They added, “We had no intention of completing this or any deal with the individual our staff met with. Any deal that we may have discussed with him would have to be dependent on obtaining the full legal authorisation from the authorities.”

Side-stepping restrictions

It was the same game – with different players – when Al Jazeera’s undercover reporter approached another Italian surveillance giant, AREA.

On this occasion, the undercover reporter claimed to be acting on behalf of the government South Sudan which has a well-documented record of human rights abuse.

This time, the reporter was seeking to acquire IMSI-catchers – suitcase-sized surveillance boxes that act as dummy mobile phone towers, sucking up information from all nearby devices. They are powerful surveillance tools, heavily restricted to law-enforcement and intelligence agencies.

AREA Vice President Marco Braccioli explained to the undercover reporter that securing IMSI export licences for South Sudan is a slow process. As a theoretical solution, he explained a typical industry work-around: launder the sale via a third-party.

EXPLAINER: What is electronic surveillance?

“If I have an end user statement, signed in Tanzania, and then if Tanzania give this system, as a gift, to South Sudan, (this) is something I can’t control as a company,” Braccioli said on hidden camera.

In order to facilitate the transaction, he suggested that Al Jazeera’s reporter deal directly with his Turkish spyware manufacturer, BTT, and connected the reporter to BTT cofounder, Alper Tosun.

Once again, the “dual-use” method was proposed as a means of fast tracking the sale – and sidestepping export restrictions.

“Yeah, I say this is dual-use telecom equipment, okay,” Touson said on hidden camera. “And most of the time, it is a telecom-testing equipment. This is the main purpose that I am declaring.”

As with IPS’s “traffic management system”, BTT was proposing to simply not mention in export paperwork that the equipment was capable of spying on civilians.

“Anything which is considered to be dual-use, which is our case, because my equipment is actually a telecommunication, okay,” Tosun told the reporter. “I don’t want to mention the software side, but actually, it’s a box where you can make calls through it.”

Al Jazeera approached BTT for comment on Tosun’s proposal, but they did not provide a response.

When AREA was asked to comment on its role in this proposed transaction, the surveillance company said it “works with the relevant governments to ensure the proper export and legal use of our equipment.”

AREA added that they wouldn’t be able to comment further until they had seen the material secretly recorded by Al Jazeera.

Falsifying documents

Another deal featured in Spy Merchants concerned the proposed acquisition of 10 military-grade IMSI-catchers.

This time, Al Jazeera’s undercover reporter told the manufacturer that his clients wanted to remain anonymous. That meant that the surveillance provider, China-based manufacturer Semptian, would have no way of knowing if the IMSIs were being ordered by criminals or even “terrorists”.

Semptian founder Frank Feng said on undercover camera, “We don’t know who is the end user. And we don’t care. We have done it before.”

But in China, selling this powerful equipment raises enough red flags that Semptian proposed a “dual-use” ruse of its own.

“Nobody really will say this is an IMSI-catcher. We only say this is a wi-fi router,” said Semptian’s Senior Product Manager Paul Liang, referring to the IMSI-catcher he had delivered to the Al Jazeera’s reporter’s hotel room for him to inspect. “So we just apply for the Chinese government that this is the router, so that’s okay, you can sell it.”

“Basically, you falsify the documents, the shipping documents?,” asked Al Jazeera’s undercover reporter. “And you say this is not what it is?”

“Yeah. Actually, you don’t know what this is at all. You see this wi-fi router.”

The Semptian representatives said on hidden camera that they would ensure that any evidence of the origin of the spyware would be eliminated.

“We wipe everything,” they said.

Semptian did not respond to a request for comment.

Spy Merchants can be viewed on Al Jazeera:

Monday, April 10 – 20:00 GMT

Tuesday, April 11 – 12:00 GMT

Wednesday, April 12 – 01:00 GMT

Thursday, April 12 – 06:00 GMT

Friday, April 14 – 12:00 GMT

Saturday, April 15 – 20:00 GMT

Sunday, April 16 – 01:00 GMT

Monday, April 17 – 06:00 GMT

Source: Al Jazeera