Spyware used by governments poses as Firefox, and Mozilla is angry
Mozilla sends cease and desist letter to maker of FinFisher software.
by Jon Brodkin - May 1 2013, 5:41pm GMTDT
Mozilla has sent a cease-and-desist letter to a company that sells spyware allegedly disguised as the Firefox browser to governments. The action follows a report by Citizen Lab, which identifies 36 countries (including the US) hosting command and control servers for FinFisher, a type of surveillance software. Also known as FinSpy, the software is sold by UK-based Gamma International to governments, which use it in criminal investigations and allegedly for spying on dissidents.
Mozilla revealed yesterday in its blog that it has sent the cease and desist letter to Gamma "demanding that these illegal practices stop immediately." Gamma's software is "designed to trick people into thinking it's Mozilla Firefox," Mozilla noted. (Mozilla declined to provide a copy of the cease and desist letter to Ars.)
The spyware doesn't infect Firefox itself, so a victim's browser isn't at risk. But the spyware "uses our brand and trademarks to lie and mislead as one of its methods for avoiding detection and deletion" and is "used by Gamma’s customers to violate citizens’ human rights and online privacy," Mozilla said. Mozilla continues:
The Citizen Lab report provides pictorial evidence of the impersonation:
Through the work of the Citizen Lab research team, we believe Gamma’s spyware tries to give users the false impression that, as a program installed on their computer or mobile device, it’s related to Mozilla and Firefox, and is thus trustworthy both technically and in its content. This is accomplished in two ways:
1. When a user examines the installed spyware on his/her machine by viewing its properties, Gamma misrepresents its program as “Firefox.exe” and includes the properties associated with Firefox along with a version number and copyright and trademark claims attributed to “Firefox and Mozilla Developers.”
2. For an expert user who examines the underlying code of the installed spyware, Gamma includes verbatim the assembly manifest from Firefox software.
The Citizen Lab research team has provided us with samples from the following three instances that demonstrate how this misuse of our brand, trademarks and public trust is a designed feature of Gamma’s spyware products and not unique to a single customer’s deployment:
- A spyware attack in Bahrain aimed at pro-democracy activists;
- The recent discovery of Gamma’s spyware apparently in use amidst Malaysia’s upcoming General Elections; and
- A promotional demo produced by Gamma.
Each sample demonstrates the exact same pattern of falsely designating the installed spyware as originating from Mozilla. Gamma’s own brochures and promotional videos tout one of the essential features of its surveillance software is that it can be covertly deployed on the person’s system and remain undetected.
FinFisher doesn't just masquerade as Firefox. The Citizen Lab report says it has also been used to target Malay language speakers by "masquerading as a document discussing Malaysia’s upcoming 2013 General Elections."
The countries where Citizen Lab identified FinFisher command-and-control servers are Australia, Austria, Bahrain, Bangladesh, Brunei, Bulgaria, Canada, Czech Republic, Estonia, Ethiopia, Germany, Hungary, India, Indonesia, Japan, Latvia, Lithuania, Macedonia, Malaysia, Mexico, Mongolia, Netherlands, Nigeria, Pakistan, Panama, Qatar, Romania, Serbia, Singapore, South Africa, Turkey, Turkmenistan, United Arab Emirates, United Kingdom, United States, and Vietnam.
We've asked Gamma if the company has a response to Mozilla's cease and desist letter but haven't heard back yet.