An Egyptian intelligence unit tasked with acquiring surveillance tools has been exposed in a report released Wednesday by London-based watchdog Privacy International.
No information exists detailing the history of the Technical Research Department (TRD), but Privacy International’s report, titled “The President’s Men,” cites correspondence and contracts with surveillance tools suppliers that point to some of its activities.
The website of Systems Engineering Egypt (SEE Egypt) cites TRD as one of its clients in Egypt, classified as a client affiliated with the military. SEE Egypt acts as a mediator in selling products of partners, who include manufacturers of surveillance software and solutions such as Blue Coat, which provides Deep Packet Inspection technology and CCTV equipment and software, called Axis.
According to contracts found with companies like Hacking Team and Advanced German Technologies, TRD’s headquarters are in the Kobry al-Qobba district, in east Cairo. This is the same neighborhood that houses the General Intelligence Services (GIS), which led Privacy International to report that TRD could be a unit of GIS.
Moreover, Privacy International writes that TRD is possibly striking deals to acquire surveillance technology on behalf of the GIS, since the latter is the only official Egyptian information-collecting body not cited in documents detailing transactions with government bodies.
TRD was founded during the rule of former President Hosni Mubarak, according to an intelligence expert Privacy International spoke to. In an email sent by a Hacking Team employee to his boss on new potential contracts with Egyptian security bodies, TRD was cited as only accountable to the president, and President Abdel Fattah al-Sisi is said to have personally approved of the use of the company’s solutions.
Although there is no law or official documentation that details the establishment of TRD, an intelligence source who spoke to Privacy International said the unit acts as an intelligence body that works personally for the president. “The purpose is reported to be in part to spy on other government officials and potential opponents,” the source said.
Security apparatuses have been competing over acquiring surveillance tools. Documents leaked after the January 25 revolution point to the State Security apparatus undertaking several transactions to buy a number of surveillance solutions, including Finfisher and ProxySG throughout the last few years.
Moreover, SEE Egypt has a track record of facilitating the sales of surveillance technology to Egyptian security bodies. In September 2014, BuzzFeed reported that it was Blue Coat’s agent in a contract with the Ministry of Interior to acquire mass surveillance tools to monitor social media activity. After the report was published, SEE Egypt put down its website for a few hours and shortly afterward came back online with a statement denying any relation with the contract. Following this move, the Ministry of Interior announced its intention to postpone the contract.
While TRD works in complete secrecy, Privacy International suggests it has a big budget. An estimate given by Hacking Team in recently leaked company emails cites a potential contract with the unit that would reach 1 million euro.
TRD is constantly on the search for new surveillance solutions, Privacy International says. “If you start a business selling the sort of technologies they are interested in, you don’t need to approach them,” an industry source told it. “They will investigate you and eventually approach you.”
According to the report, documents show that in 2011 TRD acquired a x25 network, technology that allows dial-up internet access when a country’s main internet infrastructure is shut down, as happened during the January 25 revolution that year.
In 2011 or before, Egypt also bought an interception management system and monitoring center for fixed and mobile networks from the same provider, which both offer mass surveillance solutions. These interception techonlogies require physical installation onto a network in order to perform surveillance, which means network service providers must collaborate with manufacturers.
Article 64 of the Egyptian 2003 Telecommunication Law gives the legal basis for this collaboration, stipulating that “each operator and provider shall at his own expense provide within the telecommunication networks licensed to him all technical potentials including equipment, systems, software and communication which enable the Armed Forces and national security entities to exercise their powers within the law.”
The provider is Nokia Siemens Network (NSN), a Helsinki-based joint venture of the German conglomerate Siemens AG and Finnish telecommunications company Nokia. This provider has controversially sold monitoring equipment in Iran, and as a result a subsection of it, Siemens Intelligence Solutions, was sold to the Munich-based Perusa Partners Fund and renamed Trovicor. Trovicor continues to work with NSN and acts as a third party vendor and delivery support for it.
One of the mediators in the purchase of these systems is an Egyptian company called Universal Advanced System, which describes itself as “a leading Egyptian solution provider for […] lawful interception systems.” While it prides itself on being the exclusive agent of more than 10 international companies providing surveillance technology, neither NSN nor Trovicor figure among its list of partners.
The Egyptian German Telecommunications Industries is the other company involved in the x25 network transaction. Partly owned by Siemens, it is described as “a joint venture between the Egyptian government and Siemens AG Germany.”
In 2006, TRD also acquired tools from Advanced German Technologies, which specializes in lawful interception. At the cost of US$50,000, TRD purchased technologies referred to as “SGS-1100 and SG-1100,” the use of which is unknown, according to Privacy International. SEE Egypt was also a mediator in the transaction.
Hacking Team is another major supplier to TRD. In a leaked company email, an employee tells management about his visit to Cairo to meet with the intelligence-linked TRD, whereby the department’s officials showed interest in Remote Control Systems, a contract that could amount to 1 million euros.
Remote Control Systems, known as RCS, represent a malware that “grants the attacker complete control of the computer of their target. The attacker can then, for example, access any content stored on the computer, monitor its use in real time, log keystrokes and passwords, capture screenshots and activate the computer’s webcam,” according to Privacy International.
The report reveals two contracts between Hacking Team and TRD. The first was drawn up through an Egyptian mediator called A-6 Consultancy, which probably later changed its name to become Solve IT. The second was mediated by GNSE Group, owned by the famous Mansour group, which provides data, applications and networks security services.
Documents are cited showing that TRD requested the purchase of three different systems in order to lower the price to 800,000 euros each. The overall transaction would cost Egypt 2.4 million euros.
Research published in 2015 by the Toronto University Citizen Lab, which pursues research on technology and human rights, points to TRD’s use of Finfisher, an intrusive malware manufactured by Gamma International.
The Toronto University Citizen Lab was able to identify domain names affiliated to the TRD. “The IP addresses used for a FinFisher server were also used by a Hacking Team employee the day he was scheduled to deliver the installation to the TRD. On one of the web pages, the researchers found a FinFly Web sample — the web page was created to infect targets with the FinFisher malware. The researchers had also identified an IP address behind a FinFisher server and were able to link that IP address to the TRD,” according to Privacy International.
Finfisher aside, Citizen Lab also found that TRD has used spyware provided by MOLERATS, a cyber criminal group targeting political Islam and Israel.
According to Privacy International, TRD has hence acquired a wide range of surveillance solutions including Internet connectivity services to serve during blackouts, interception and monitoring systems for fixed and mobile networks, Finfisher, RCS, both attack computers and control them remotely, in addition to other malware.