The French-based international non-governmental organization that advocates freedom of the press and freedom of information also considers five big private-sector companies as "corporate enemies," because they sell products that are liable to be (and have been) used by governments to violate human rights and freedom of information.
French company Amesys is on the list for selling its EAGLE spyware to Libya while Muammar Gaddafi was still in power. EAGLE, based on Deep Packet Inspection technology, is capable of analyzing all kinds of online activities, including email, VoIP, a number of chat protocols, HTTP web traffic and search engine queries.
"The role of Amesys in Libya is currently being investigated for complicity in torture in France as a result of a lawsuit brought by the Paris-based human rights NGO, FIDH, which is acting for five Libyan citizens who were spied on with the EAGLE System," says RWB.
US-based BlueCoat was included because it sold its Internet censorship and filtering devices to Syrian and Myanmar governments, which apparently used them for these particular purposes.
When contacted by the NGO, the company commented that "its products were sold in accordance with the laws governing the sale of its technology" and that "its sales were channeled through third parties and it expected the same compliance of them." They also said that they will be working with other companies in the same industry to identify what further steps they could take to limit the misuse of their products.
UK-based Gamma International's FinFisher spyware tool kit was brought to the attention of the public when Egyptian protesters discovered an offer to buy the tool among the documents found during a raid of the country’s state security headquarters.
FinFisher Suite is regarded as one of the most advanced in today's market, it can bypass common anti-virus detection, and the malware it installs on targeted devices is extremely persistent. According to RWB, the suite has been used both by the Egyptian government and that of Bahrain to spy on journalists. Gamma claimed that Bahrain stole a demo version of the software and modified it to suit their needs, or that they reverse-engineered it.
Italian company Hacking Team seems to have provided its remote control system called DaVinci to the governments of Morocco and the United Arab Emirates, while German Trovicot apparently delivered its monitoring centers to Bahrain, Iran and Syria.
"If these companies decided to sell to authoritarian regimes, they must have known that their products could be used to spy on journalists, dissidents and netizens. If their digital surveillance products were sold to an authoritarian regime by an intermediary without their knowledge, their failure to keep track of the exports of their own software means they did not care if their technology was misused and did not care about the vulnerability of those who defend human rights," RWB points out, calling for controls on the export of surveillance software and hardware to be set up, especially when it's exported to countries that don't have a good track record at respecting human rights and freedom of the press.
"The private sector cannot be expected to police itself. Legislators must intervene," they say.
The list of offending companies is by no means complete, and RWB says that it will be expanded in the coming months.
It's also interesting to note that the NGO's website has recently been compromised to redirect visitors to sites serving exploits and Remote Access Trojans.
"Such an organization is an ideal target for a watering hole campaign, as it seems right now the miscreants concentrate only on human rights/political sites," Avast's Director of Threat Intelligence Jindrich Kubec commented earlier this year.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.