Spyware from Gamma International masquerades as Firefox and Mozilla is not happy about it
Mozilla has sent British spyware pusher Gamma International a cease and desist letter, after a report showed how the surveillance software was being delivered under the guise of a Firefox executable.
Gamma has come under fire from activists over the past year, after its spyware was found in use in countries with poor human rights records. Its FinSpy tool, which can infect smartphones and PCs, was seen in use in various nations run by apparently repressive regimes, including Bahrain, Egypt, Ethiopia, Turkmenistan and Vietnam.
Yesterday, research from Citizen Lab, which has been tracking the use of supposedly legitimate malware from the likes of Gamma and Italian outfit Hacking Team, found another 11 countries running FinFisher command and control servers. They include Nigeria and Pakistan.
Citizen Lab also found a Malay-language sample of FinSpy masqueraded as Mozilla Firefox, not just in file properties, but in the appearance of the program itself. That’s why Mozilla is so irate.
“As an open source project trusted by hundreds of millions of people around the world, defending Mozilla’s trademarks from this abuse is vital to our brand, mission and continued success,” said Mozilla chief privacy officer Alex Fowler, in a statement sent to TechWeekEurope.
“We are sending Gamma, the FinFisher parent company, a cease and desist letter demanding that these practices be stopped immediately.
“Our brand and trademarks are used by the spyware as a method to avoid detection and deletion.”
Citizen Lab previously claimed to have found a fake version of Firefox used in a spyware attack in Bahrain aimed at pro-democracy activists.
The malware itself can monitor Skype chats and other Internet-based communication, as well as extract files from the hard disk and carry out keylogging on a target.
Gamma had not responded to a request for comment at the time of publication. It has previously denied it had sold to the Bahrain regime.
Privacy International is in the process of suing the UK government over the Gamma situation. It is incensed HMRC has not provided details on whether it is investigating Gamma, which could have broken export control law, PI claims.
The rights group’s head of research Eric King told TechWeekEurope he was pleased to see Mozilla taking action.
“Tech firms like Mozilla play a key role in providing secure and safe communication online, and PI applauds Mozilla’s action against Gamma International,” King said.
“Let’s hope other technology companies follow Mozilla’s lead to protect the integrity of their products and prevent surveillance companies like Gamma from continuing to use their trademarks to trick users into being infected by their spy technology.”
Mozilla is currently embroiled in another tense situation with Swedish operator TeliaSonera over potential government snooping. It was claimed TeliaSonera had sold technology that allowed governments to snoop on citizens.
When TeliaSonera asked Mozilla to include its root certificate in Firefox’s list of trusted Certificate Authorities (CAs) for SSL communications, Mozilla went to its community to ask for approval, where it was told of the allegations.
Mozilla could decide to refuse the root certificate application, which would cut off HTTPS-encrypted websites verified by TeliaSonera for Firefox users. Those websites would have to review their certificate chains for sites to be visible on the browser.
TeliaSonera told the Register it was concerned about the Mozilla situation, claiming it respected “lawful interception” by governments and it had a “clean record”.
A Mozilla spokesperson told TechWeek the situation was still ongoing.
Are you a pedant on privacy? Try our quiz!