A German-Arab web of companies advertises a new government malware „made in Germany“ at international surveillance trade shows. In a lengthy investigation, we gathered information on companies and actors involved. It remains unclear whether the company has a finished product for sale, nevertheless they continue to promote the product – directly to law enforcement and intelligence agencies.

Dies ist die englische Übersetzung des deutschen Original-Artikels.

Wiretapper’s Ball

For many years, we have repeatedly reported about the international surveillance industry trade show ISS (Intelligent Support Systems) World, also known as „Wiretapper’s Ball„. In June 2014, the annual European edition was held in Prague.

Among many other surveillance companies, the list of sponsors also features the rather unknown company Advanced German Technology (AGT). Not only name and logo prominently feature „Germany“, the self-description emphasizes, that the company was „founded in Berlin more than a decade ago“. Over the last weeks and months, we had a closer look into this Berlin-based surveillance company.

Heart of Business: Massive Interception

AGT itself describes „massive and lawful interception“ as „the heart of our business„. They advertise „massive and passive interception“ as core competencies, in pretty much all areas: internet, satellite, radio, mobile networks, radar, telephone, fax, SMS, email, Skype. Besides the „capacity to analyze nationwide data flow in real-time„, we especially noticed their „IP Interception […] with IT-intrusion tools„:

This problem can be solved if the intercepted IP data can be retrieved directly from the target PC, because encryption takes place „behind“ the target PC. This can be achieved using IT-Intrusion Software. Of course, such an approach is only target-based, i.e. the target must be known, and if a Trojan is embedded on the PC, all IP traffic can be intercepted (also Skype, VPN, etc.). A variety of techniques are available to deliver a Trojan to the target, either ISP-based or with tools if physical access to the target PC is possible. A powerful countrywide IP interception solution is based on the realization of both concepts, preferably combining them into one system: Passive IP Interception and IT Intrusion Software.

Remote Stealth Surveillance

AGT calls this government spyware product „Remote Stealth Surveillance Suite“. At ISS in Prague 2014 they presented this product exclusively for attendees of „law enforcement, public safety and government intelligence community“ with the title „Encryption of Mass-Communication Changed the Game’s Rules, Learn How To Stay Ahead Of Threats With Remote Stealth Surveillance“. We were able to acquire a leaflet from this promotional event, which we hereby publish in full: Remote Stealth Surveillance Suite (PDF, PNG next to the text, plaintext below this article).

The advertisement promises to execute „seamlessly on all major operating systems, including smartphones and tablet computers“, and features logos of Windows, Linux, Apple and Android below. The following „Capture Capabilities“ are listed:

User input: keyboard, mouse. (including virtual input)

Browser activity

Screenshots

Audio and video

Complete monitoring of Skype

Capture of accessed files in real time

Encrypted and sensitive data capture

On-demand ﬁle download and remote control

and much, much, [more?]

A classic spyware with full system access.

Letterbox Company in Berlin

The leaflet also features an address in Berlin: Potsdamer Platz 11. The German website claims, the „head office is located at the prestigious Potsdamer Platz„. So we walked right in.

As it turns out, it’s a Business Center with offices for rent. When we asked about AGT, the receptionist answered: „They are not really here a lot.“ One of the products there is a „virtual office„: „Benefit from our extensive services and a virtual address on Potsdamer Platz in the center of Berlin – even without renting an office from us.“ A letterbox company.

For weeks, our repeated phone calls and e-mails were rejected or ignored. So we tried some internet research.

Web of Companies in Middle East

According to their website (and the company profile on LinkedIn), AGT was „founded in Berlin almost a decade ago“ (2002).

The company website features a page with media reports between 2003 and 2005, most of them in Arabic. A first English-language article is from the Lebanese Daily Star in 2004. The piece names the Syrian national Anas Chibib as „managing director of Berlin-based AGT“ and as „head of AGT Middle East“.

The „AGT FZ LLC Middle East Regional Office“ in Dubai is named alongside the Berlin office on the company’s website. According to the Daily Star, in 2004 AGT had „offices in Bahrain, Dubai, and Saudi Arabia“. In addition, the „Syria Business Database“ lists a „AGT Syria Ltd“ in Damascus, where AGT also attended an „ICT Security Forum“ event in 2009. A web of companies and offices.

Made in Germany?

.“ width=“235″ height=“300″ class=“size-medium wp-image-82401″ /> Christoph Stortz, CEO of AGT in Germany. Redacted.

Just how German is the „German technology“ in „Advanced German Technology“? The website advertises „German Technology and Expertise in the Global Market“. The company mission is „to transfer state of the art European security technology to our clients worldwide with a prime focus on the Middle East.“

The German company „AGT Advanced German Technology GmbH“ was founded only on October 22, 2013, according to the Berlin company register. Before, it was registered as a „shelf company“ with VRB. The self-described „Trainer, Coach, Speaker“ Christoph Stortz indicates that he has been CEO since August 2013, before that he was „Head of HR“.

Stortz confirmed to netzpolitik.org, that the Dubai office acts as headquarters for the company group. That’s probably the reason he spent the first week of January in the United Arab Emirates, as we have learned. Another indication is that the LinkedIn-profile of the company group states „51-200 employees„. In Germany, we have only been able to identify Stortz as CEO and [name redacted] as Executive Assistant.

IT Security made in Germany

But LinkedIn lists 21 employee profiles, many in the Arab region. According to AMEInfo, the Syrian national Anas Chbib was still CEO of „AGT“, as of October 2014. All in all, it sounds like the label „made in Germany“ and the German office are only used for PR reasons, to use „German technology“ for advertising purposes.

This was also a goal of the initiative „IT Security made in Germany„, founded in 2005 by the German ministries of interior and economics, and now under the umbrella of TeleTrust. We have heard a rumor that AGT once used this logo – quite familiar to their own – for advertising purposes, but became the first company to be prohibited from doing so. We have been trying to verify this for the past weeks, but because „IT Security made in Germany“ has been restructured quite frequently, this process is not yet done. We will add the results as soon as we have them.

Customers in Middle East

According to their own information, „the group has completed projects in over a dozen countries including Europe, the Middle East, and North Africa.“ When we finally reached the German CEO, he confirmed that AGTs customers are located mainly in the Middle East. This matches information about AGT being „main consultancy to the Abu Dhabi Police Data Center„.

According to usually well-informed sources, AGT is supposed to have business affairs in the region around India and Pakistan, in addition to Middle East and North Africa. Unfortunately, we have not been able to verify this information so far.

Reseller of Purchased Goods

As far as we understand, AGTs business model is that of a reseller. The website lists 36 „partners“. According to that, these companies produce technologies and services, which AGT sells to end users (keeping a share of the profit, of course).

For example, ten years ago AGT sold CryptoPhone products made by Berlin based company GMSK. However, this business relationship has been terminated quite a few years ago. Currently, the Italian company PrivateWave and their encrypted Voice over IP products are listed as business partner. A person familiar with the deal confirmed to netzpolitik.org the business relationship and the resale business model of AGT.

Spyware made by TE4I

Like everything else, the „Remote Stealth Surveillance Suite“ spyware product was not developed by AGT itself. This task fell to the small Italian IT company TE4I. TE4I was founded in 2005 and describes its target audience in the public sector as „judicial authorities, police, defense“. People familiar with the company reported, that TE4I is „known for custom rootkit development“ among other IT services.

On his LinkedIn profile, software developer Valerio Lupi indicates working for TE4I between 2005 and December 2014, „leading the development of custom surveillance agents for desktop and mobile devices.“ As skills, he lists „20+ years experience in programming Lawful Interception solutions on the Windows platform“ and adds: „The above experience led to develop Android versions (including native JNI components) aswell. [sic!]“ (Prior, he was at HBGary, today he is at Verint.)

Aurelio Pascalucci, founder and CTO of TE4I, changed his status on LinkedIn during the course of our research. Just one month ago, he stated that he still exerts these positions at TE4I, now the profile claims he no longer holds these positions since December 2013.

Terminated Business Relationships

Usually well-informed sources tell us that TE4I „was acquired by AGT and their developers moved to Dubai to set up an engineering office there“ to develop the spyware. Both AGT and TE4I confirmed business relationships between the two companies to netzpolitik.org. But they would not go into details.

That is probably because the two companies parted in conflict. A former employee of TE4I claimed to netzpolitik.org:

Yes, the relationship ended, AGT didn’t respect the contract.

After weeks of attempts, we were finally able to talk to Christoph Stortz of AGT Germany, who claimed to netzpolitik.org:

Yes, the relationship ended around September 2014. TE4I had too many problems with the technology and could not deliver the product. So we could not sell it.

Sale without Possession?

So it is entirely possible that AGT never had the spyware and thus could not sell it. However, AGT is still advertising its spyware in the upcoming surveillance trade shows at ISS World Middle East in March and ISS World Europe in June. In Dubai, they will present the „Remote Stealth Surveillance Suite“ to policy and secret services twice, and in Prague even three times. (Other presentation topics of AGT are „War on Social Media“ and „Social Media Steals Intelligence“.)

How can one present and advertise a product without possessing it? That was among the questions we wanted to ask the CEO of the German company „AGT Advanced German Technology GmbH“, so we arranged a meeting with Christoph Stortz in Berlin last week. Unfortunately, he chose not to appear and since then he doesn’t respond to our repeated phone calls and e-mails.

Meanwhile, the advertisement for the „Remote Stealth Surveillance Suite“ on the Wiretapper’s Ball continues.

Update: (10.02. 13:00) A lawyer from AGT contacted us. We redacted the name of the Executive Assistant in Berlin.

Update 2: (12.02. 12:00) The lawyer from AGT contacted us again and wanted us to remove Christoph Stortz‘ profile picture. This is how we reacted (German).

This is the leaflet from ISS 2014:

AGT, the premier German security specialists, is proud to present the Remote Stealth Surveillance Suite („RSSS“), a product delivered from the Troy Software Division.

Each year society further embraces social media and the internet, and criminals adapt to use these tools to suit their needs. One of the challenges faced by law enforcement and intelligence agencies is finding a single solution to completely understand and monitor a targets digital life. RSSS provides a completely covert and untraceable system to monitor everything your target does online: using a mobile phone or a computer system.

Smart Deployment:

RSSS can be deployed using traditional methods such as email attachments or unpatched exploits, but we also offer our unique Aggressor technology.

The Aggressor subverts all IP traffic between the target and his or her ISP and is deployed from a trusted and commonly visited web site. This allows for injection of the agent independently from the network provider!

Stealth Technology:

Our proprietary stealth technology makes the agent invisible to all security and antivirus suites currently on the market. Each agent is custom designed speciﬁcally for each client for greater flexibility and security.

Technology

Secure by Design:

A monitored system will never make a direct connection to the command and control system. An anonymous reﬂector system will relay all encrypted traffic to ensure that your target will never know who is watching.

An RSSS agent executes seamlessly on all major operating systems, including smartphones and tablet computers.

Capture Capabilities: