Software created by the controversial UK based Gamma Group International was used to spy on computers that appear to be located in the US
Software created by the controversial U.K. based Gamma Group International was used to spy on computers that appear to be located in the United States, the U.K., Germany, Russia, Iran and Bahrain, according to a leaked trove of documents analyzed by ProPublica.
It's not clear whether the surveillance was conducted by governments or private entities. Customer email addresses in the collection appeared to belong to a German surveillance company, an independent consultant in Dubai, the Bosnian and Hungarian Intelligence services, a Dutch law enforcement officer and the Qatari government.
The leaked files — which were posted online by hackers — are the latest in a series of revelations about how state actors including repressive regimes have used Gamma's software to spy on dissidents, journalists and activist groups.
The documents, leaked last Saturday, could not be readily verified, but experts told ProPublica they believed them to be genuine. "I think it's highly unlikely that it's a fake," said Morgan Marquis-Bore, a security researcher who while at The Citizen Lab at the University of Toronto had analyzed Gamma Group's software and who authored an article about the leak on Thursday.
The documents confirm many details that have already been reported about Gamma, such as that its tools were used to spy on Bahraini activists. Some documents in the trove contain metadata tied to e-mail addresses of several Gamma employees. Bill Marczak, another Gamma Group expert at the Citizen Lab, said that several dates in the documents correspond to publicly known events — such as the day that a particular Bahraini activist was hacked.
Gamma has not commented publicly on the authenticity of the documents. A phone number listed on a Gamma Group website was disconnected. Gamma Group did not respond to email requests for comment.
The leaked files contain more 40 gigabytes of confidential technical material including software code, internal memos, strategy reports and user guides on how to use Gamma Group software suite called FinFisher. FinFisher enables customers to monitor secure web traffic, Skype calls, webcams, and personal files. It is installed as malware on targets' computers and cell phones.
A price list included in the trove lists a license of the software at almost $4 million.
The documents reveal that Gamma uses technology from a French company called Vupen Security that sells so-called computer 'exploits.'
Exploits include techniques called "zero days," for "popular software like Microsoft Office, Internet Explorer, Adobe Acrobat Reader, and many more."Zero days are exploits that have not yet been detected by the software maker and therefore are not blocked.
Vupen has said publicly that it only sells its exploits to governments, but Gamma may have no such scruples. "Gamma is an independent company that is not bound to any country, governmental organisation, etc.," says one file in the Gamma Group's material.
At least one Gamma customer listed in the materials is a private security company.
Vupen didn't respond to a request for comment.
In one document, engineers at Gamma tested a product called FinSpy, which inserts malware onto a user's machine, and found that it could not be blocked by most antivirus software.
Documents also reveal that Gamma had been working to bypass encryption tools including a mobile phone encryption app, Silent Circle, and were able to bypass the protection given by hard-drive encryption products TrueCrypt and Microsoft's Bitlocker.
Mike Janke the CEO of Silent Circle said in an email "We have serious doubts about if they were going to be successful" in circumventing the phone software, and that they were working on bulletproofing their app.
Microsoft did not respond to a request for comment.
The documents also describe a "country-wide" surveillance product called FinFly ISP which promises customers the ability to intercept internet traffic and masquerade as ordinary websites in order to install malware on a target's computer.
The most recent date-stamp found in the documents is August 2nd, which coincides with the first tweet by a parody Twitter account, @GammaGroupPR, which first announced the hack, and may be run by the hacker or hackers responsible for the leak.
On Reddit, a user called PhineasFisher claimed responsibility for the leak. "Two years ago their software was found being widely used by governments in the middle east, especially Bahrain, to hack and spy on the computers and phones of journalists and dissidents," the user wrote. The name on the @GammaGroupPR Twitter account is also "Phineas Fisher."
GammaGroup, the surveillance company whose documents were released, is no stranger to the spotlight. The security firm F-Secure first reported the purchase of FinFisher software by the Egyptian State Security agency in 2011. In 2012, Bloomberg News and The Citizen Lab showed how the company's malware was used to target activists in Bahrain.
In 2013, the software company Mozilla sent a cease-and-desist letter to the company after a report by The Citizen Lab showed that a spyware-infected version of the Firefox browser manufactured by Gamma was being used to spy on Malaysian activists.
Senior reporter Julia Angwin and Jonathan Stray, special to ProPublica, contributed to this report.
To help attract greater foreign and domestic investments into real estate and infrastructure, market regulator SEBI has cleared final guidelines for creation and listing of trusts, REITs and InvITs for these key sectors
Market regulator Securities and Exchange Board of India (SEBI) on Sunday approved setting up of the much awaited real estate investment trusts (REITs) that permits real estate funds, to invest in completed and revenue generating real estate. This move will provide a new source of funding for cash-strapped real estate industry.
SEBI said that the new norms would help entities with at least Rs2 lakh investment to earn from completed real estate projects. The new norms for REITs, as also for Infrastructure Investment Trusts (InvITs), were cleared by SEBI board on Sunday, while final notifications would be issued soon to make the norms effective in a month or two.
A REIT is a pooled investment entity registered with SEBI, just like a mutual fund with investment primarily in real estate of completed and revenue-generating properties. The rental received from these properties will be distributed among investors as dividend. Real estate is a big ticket investment with a huge chuck of money getting locked in buying a property. The advantage of REIT is availability of exposure to real estate with a smaller ticket size as well as diversification of investment by REIT. On 10 October 2013, SEBI issued a draft Real Estate Investment Trusts (REITs) Regulations, 2013.
Here are the main features of SEBI approved REIT Regulations...
a. REITs shall be set up as a trust and registered with SEBI. It shall have parties such as Trustee, Sponsor(s) and Manager.
b. The trustee of a REIT shall be a SEBI registered debenture trustee who is not an associate of the Sponsor/manager.
c. REIT shall invest in commercial real estate assets, either directly or through SPVs. In such SPVs a REIT shall hold or proposes to hold controlling interest and not less than 50% of the equity share capital or interest. Further, such SPVs shall hold not less than 80% of its assets directly in properties and shall not invest in other SPVs.
d. Once registered, the REIT shall raise funds through an initial offer. Subsequent raising of funds may be through follow-on offer, rights issue, qualified institutional placement, etc. The minimum subscription size for units of REIT shall be Rs2 lakh. The units offered to the public in initial offer shall not be less than 25% of the number of units of the REIT on post-issue basis.
e. Units of REITs shall be mandatorily listed on a recognised Stock Exchange and REIT shall make continuous disclosures in terms of the listing agreement. Trading lot for such units shall be Rs1 lakh.
f. For coming out with an initial offer, the value of the assets owned/ proposed to be owned by REIT shall be of value not less than Rs500 crore. Further, minimum issue size for initial offer shall be Rs250 crore.
g. The Trustee shall generally have an overseeing role in the activity of the REIT. The manager shall assume operational responsibilities pertaining to the REIT. Responsibilities of the parties involved are enumerated in the Regulations.
h. A REIT may have multiple sponsors, not more than three, subject to each holding at least 5% of the units of the REIT. Such sponsors shall collectively hold not less than 25% of the units of the REIT for a period of not less than three years from the date of listing. After three years, the sponsors, collectively, shall hold minimum 15% of the units of REIT, throughout the life of the REIT.
i. Not less than 80% of the value of the REIT assets shall be in completed and revenue generating properties. Not more than 20% of the value of REIT assets shall be invested in following :
i. developmental properties,
ii. mortgage backed securities,
iii. listed/ unlisted debt of companies/body corporates in real estate sector,
iv. equity shares of companies listed on a recognized stock exchange in India which derive not less than 75% of their operating income from Real Estate activity,
v. government securities,
vi. money market instruments or Cash equivalents.
However investments in developmental properties shall be restricted to 10% of the value of the REIT assets
j. A REIT shall invest in at least two projects with not more than 60% of value of assets invested in one project. Detailed investment conditions are provided in the Regulations.
k. REIT shall distribute not less than 90% of the net distributable cash flows, subject to applicable laws, to its investors, at least on a half yearly basis.
l. REIT, through a valuer, shall undertake full valuation on a yearly basis and updation of the same on a half yearly basis and declare NAV within 15 days from the date of such valuation/updation.
m. The borrowings and deferred payments of the REIT at a consolidated level shall not exceed 49% of the value of the REIT assets. In case such borrowings/ deferred payments exceed 25%, approval from unit holders and credit rating shall be required.
n. Detailed provisions for related party transactions. valuation of assets, disclosure requirements, rights of unit holders, etc. are provided in the Regulations. However, for any issue requiring unit holders’ approval, voting by a person who is a related party in such transaction as well as its associates shall not be considered.
Here are the main features of SEBI approved InvIT Regulations...
a. Infrastructure is as defined by Ministry of Finance vide its notification dated 7 October 2013 and shall include any amendments/additions made thereof.
b. InvITs shall be set up as a trust and registered with SEBI. It shall have parties such as Trustee, Sponsor(s), Investment Manager and Project Manager.
c. The trustee of an InvIT shall be a SEBI registered debenture trustee who is not an associate of the Sponsor/Manager.
d. InvITs shall invest in infrastructure projects, either directly or through SPV. In case of PPP projects, such investments shall only be through SPV.
e. An InvIT shall hold or propose to hold controlling interest and more than 50% of the equity share capital or interest in the underlying SPV, except where the same is not possible because of a regulatory requirement/ requirement emanating from the concession agreement. In such cases sponsor shall enter into an agreement with the InvIT, to ensure that no decision taken by the sponsor, including voting decisions with respect to the SPV, are against the interest of the InvIT/ its unit holders.
f. Sponsor(s) of an InvIT shall, collectively, hold not less than 25% of the total units of the InvIT on post issue basis for a period of at least three years, except for the cases where a regulatory requirement/concession agreement requires the sponsor to hold a certain minimum percent in the underlying SPV. In such cases the consolidated value of such sponsor holding in the underlying SPV and in the InvIT shall not be less than the value of 25% of the value of units of InvIT on post-issue basis.
g. The proposed holding of an InvIT in the underlying assets shall be not less than Rs500 crore and the offer size of the InvIT shall not be less then Rs250 crore at the time of initial offer of units.
h. The aggregate consolidated borrowing of the InvIT and the underlying SPVs shall never exceed 49% of the value of InvIT assets. Further, for any borrowing exceeding 25% of the value of InvIT assets, credit rating and unit holders' approval is required.
i. An InvIT which proposes to invest at least 80% of the value of the assets in the completed and revenue generating Infrastructure assets, shall :
i. raise funds only through public issue of units.
ii. have a minimum 25% public float and at least 20 investors.
iii. have minimum subscription size and trading lot of Rs ten lakhs and Rs five lakhs respectively.
iv. distribute not less than 90% of the net distributable cash flows, subject to applicable laws, to the investors, atleast on a half yearly basis.
v. through a valuer, undertake a full valuation on a yearly basis and updation of the same on a half yearly basis and declare NAV within 15 days from the date of such valuation/updation.
j. A publicly offered InvIT may invest the remaining 20% in under construction infrastructure projects and other permissible investments, as defined in the regulations. However, the investments in under construction infrastructure projects shall not be more than 10% of the value of the assets.
k. An InvIT which proposes to invest more than 10% of the value of their assets in under construction infrastructure projects shall :
i. raise funds only through private placement from Qualified Institutional Buyers and body corporates.
ii. have minimum investment and trading lot of Rs. 1 crore.
iii. have minimum of 5 investors with each holding not more than 25% of the units
iv. distribute not less than 90% of the net distributable cash flows, subject to applicable laws, to the investors, atleast on a yearly basis
v. undertake full valuation on yearly basis and declare NAV within 15 days from the date of such valuation.
l. Conditions for InvITs investing in under construction projects
i. For PPP project(s)
i.a. has achieved completion of at least 50% of the construction of the infrastructure project as certified by an independent engineer; or
i.b. has expended not less than 50% of the total capital cost set forth in the financial package of the relevant project agreement.
ii. For Non-PPP project(s), the Infrastructure Project has received all the requisite approvals and certifications for commencing construction of the project;
m. Listing shall be mandatory for both publicly offered and privately placed InvITs and InvIT shall make continuous disclosures in terms of the listing agreement.
n. Detailed provisions for related party transactions. valuation of assets, disclosure requirements, rights of unit holders, etc. are provided in the Regulations. However, for any issue requiring unit holders approval, the voting by any person who is a related party in such transaction as well as its associates shall not be considered.
How can a country that is growing at 7.5% find that its basic industries are collapsing?
Last week, I saw the most interesting statistic about China in the Chinese press. The statistic was that 20 out of the 36 largest coal mining companies were losing money. Out of the 20, nine or almost half, were on the verge of bankruptcy. If you include smaller coal companies in China, 70% are in the red. It’s not just the coal industry. According to China’s National Bureau one third of the steel, aluminium and cement makers lost money.
These numbers are truly astonishing for a country that is, at least in theory, growing at 7.5%. How can a country grow at that rate if a large part of its basic industries are either losing money or near collapse? I informed a friend of these numbers as further evidence of China’s debt fuelled economy. She brushed it all aside. “Doesn’t matter,” she said, “It’s a communist country.” In a way she was right, but these losses still matter. A lot.
But how does this happen? How can these companies keep afloat in a sea of red? The simple answer is debt. But how can these companies keep borrowing? Because the government supports them. Not the central government in Beijing, but the local governments in the cities and provinces where the factories are located.
One example is illustrated in an excellent article found in the US financial newspaper, the Wall Street Journal. They cite the cases of two steel companies, Delong Holdings Ltd and Longhai in the city of Xingtai. Xingtai is in the province of Hebei about 400 kilometers southwest of Beijing.
The problem with these two companies, like many steel and coal companies, is that they don’t make any money. Worse still, they contribute to a massive excess production problem that plagues 19 industries. On top of that, they are major polluters, which contributes to the foul air in Beijing.
In a market economy, these two companies would have gone bankrupt a long time ago. But contrary to what some some popular commentators say, China is not exactly a market economy. The central government did try to close down Longhai. They told the state owned banks to deny a loan of $177 million. For a time Longhai did close down, but this caused another problem. It threw 3,000 people out of work.
Local governments don’t like it when their local industries have to close. It creates unemployment, encourages other defaults and it also lowers the tax take. The local industrial tax is not based on profit. It only taxes industrial production, so a money losing operation doesn’t affect the local government’s income. A closed factory does.
Most people would assume that central government policies are always implemented, but it doesn’t necessarily work that way. China has 34 provincial administrations. These include 23 provinces 4 large cities (Beijing, Tianjin, Shanghai, Chongqing), 5 autonomous regions, plus Macau and Hong Kong. Each province has their own economic policy. The local branch of one of the big four state owned banks is semi-autonomous, answerable to the local government as well as to its own hierarchy and the central government.
The central government not only tried to shut down Longhai in Xingtai, but also tried to shut down other steel and cement factories in Xingtai’s province of Hebei. Hebei is home to 73 million people. Its steel mills produce 190 million tons of steel a year. This is about double the entire U.S output. It also produces massive pollution, which make Hebei home to seven of China's 10 most-polluted cities. The central government wants to cut steel production by 10%, but as the center for much of that production, the burden would fall disproportionally on Hebei. Beijing wants to cut 80 millions tons of production. If Hebei met that goal it would mean a 10% reduction in tax receipts and 200,000 unemployed. So naturally they are a bit resistant.
So it is hardly surprising that the city of Xingtai arranged a merger between Delong Holdings Ltd and Longhai. They also are trying to help find money to get them back in production as soon as possible. But there is one large question in all of this; Where is Xingtai going to get the money?
Chinese local governments are in debt to the state owned banks to the tune of $1.6 trillion. This is where my friend’s doubts came in. It is a communist system, the banks are owned by the state, so why can’t the central government just force the banks to lend more money?
In the past, that is what they did. But two years ago, the levels of lending grew too high for comfort, so, much of the lending was curtailed. However at the same time, Beijing allowed the growth of off-the-books financing, known as the shadow banking system. Lending exploded along with corporate and local government debt. There was one problem, the shadow banking system is part of the market.
Now Beijing is trying to reposition its economy. For the first half of the year, it put restrictions on lending, as a result, the economy, especially the all important real estate sector, slowed down. In April, it changed its tune and allowed total “social financing,” which includes shadow banking to the tune of 2 trillion yuan. In July it was also up to 1.97 trillion yuan, double the amount loaned in March.
So it looks like Beijing is trying to revive the economy by once again increasing the debt mountain. If you look closer at the numbers it will be clear that the growth was due to a surge in short term financing. This suggests a bandage to help pay back debts already due, rather than new asset investment.
Meanwhile, the engine for all this demand of coal, steel and cement, the real estate market continues to slow. It slumped 9.2% in the first half of the year. With sales slowing, the developers aren’t building. The demand for steel and cement is depressed along with coal and the red ink continues to flow.
So is my friend right? Can the 1% of Chinese, who own one third of the country and run it under the guise of the Communist Party, keep going into debt indefinitely? Even though there are incentives to do so, they can't continue indefinitely. How long they can keep it up, no one knows, no one knows the levels of debt or who owes what to whom. Of the 289 cities, only 14, or 4.84 percent of the total cities, released relevant statistics on their government debts. But the communists made a mistake, they introduced the shadow banking system into the real estate market, which are subject to forces beyond the government’s power. So a slowdown will at some point turn into a rout.
(William Gamble is president of Emerging Market Strategies. An international lawyer and economist, he developed his theories beginning with his first-hand experience and business dealings in the Russia starting in 1993. Mr Gamble holds two graduate law degrees. He was educated at Institute D'Etudes Politique, Trinity College, University of Miami School of Law, and University of Virginia Darden Graduate School of Business Administration. He was a member of the bar in three states, over four different federal courts and speaks four languages.)