The Society for Civil Rights (GFF), Reporters Without Borders Germany (RSF Germany), the European Center for Constitutional and Human Rights (ECCHR) and the blog Netzpolitik.org have filed a criminal lawsuit against the German company FinFisher for exporting the spyware FinSpy to Turkey without export license. The public prosecution in Munich, where the FinFisher Company is based, has opened an investigation into the case. The Turkish government planted the spyware on a fake version of the Turkish oppositional website Adalet. While the original Adalet website was intended to help activists coordinate during the protest marches in summer 2017 against president Erdogan, the fake version of the Adalet website, offered users a networking application that, once installed, infected their devices with the FinSpy malware. When used and installed on a recipient’s mobile device, FinSpy enables government authorities access to telephone and VoIP conversations, data systems, screenshots and other photos, GPS data, microphones and connection data as well as to various applications. Several independent analysts conducted a forensic examination of the malware sample found in Turkey and came to the conclusion that it is a new version of FinSpy. The German government has confirmed that it has not granted a single export license for intrusion software since 2015. In Germany, even maintenance and updates of software are subject to licensing. In exporting FinSpy to Turkey FinFisher was acting in clear violation of both German Law and EU regulations, thereby committing a criminal offense.