Report by University of Toronto’s Citizen Lab that U.K. firm’s spyware masquerades as Firefox prompts complaints from browser creator Mozilla
A report by Canadian researchers that repressive regimes are spying on dissidents with network intrusion software that masquerades as the Firefox browser has prompted Mozilla to fire off a cease and desist letter to the U.K. maker of the software.
“We had identified instances where FinSpy makes use of Mozilla’s trademark and code,” according to report by Citizen Lab researchers Morgan Marquis-Boire, Bill Marczak, Claudio Guarnieri and John Scott-Railton titled For Their Eyes Only: The Commercialization of Digital Spying. “The latest Malay-language sample masquerades as Mozilla Firefox in both file properties and in manifest.”
FinSpy is a component in FinFisher.
The report said FinFisher command and control servers were recently found in Hungary, Turkey, Romania, Panama, Lithuania, Macedonia, South Africa, Pakistan, Nigeria, Bulgaria and Austria. Taking previous Citizen Lab research this places the total number of countries where FinFisher command and control centres have been located to 36.
“We cannot abide a software company using our name to disguise software surveillance toll that can be – and in several cases actually have been – used by Gamma’s customers to violate citizens’ human rights and online privacy,” according to Alex Fowler, the lead of Mozilla’s privacy and public policy group. “We’ve sent Gamma a cease and desist letter today demanding that these illegal practices stop immediately.”
In a blog post yesterday, Fowler also assured browser users that Firefox itself is not affected by the spyware.
“It is important to note that the spyware does not affect Firefox itself, either during the installation process or when it is operating covertly on a person’s computer or mobile device,” Fowler said. “Gamma’s software is entirely separate, and only uses our brand and trademark to lie and mislead as one of its methods of avoiding detection and deletion.”
Citizen Lab said Gamma’s surveillance tools were used in a spyware attack in Bahrain aimed at pro-democracy activists as well as the upcoming general elections in Malaysia.
“Each sample demonstrates the exact same pattern of falsely designating spyware as originating from Mozilla,” said Fowler. “Gamma’s brochures and promotional video tout one of the essential features of its surveillance software is that it can be covertly deployed on the person’s system and remain undetected.”
The Citizen Lab researchers also lamented the lack of controls on how such technologies are exported.
There is extremely limited candor from companies about the nature and scope of the due-diligence performed when sales are contemplated,” according to the Citizen Lab report. “In what has been referred to as a “permissive” standard, companies have sometimes stated that they will only sell to states that are not on official blacklists established by the European Union or the United States.”
However, companies have been “opaque” about what actions are being taken about cases in countries such as Morocoo, Bahrain, and the United Arab Emirates where there are cases of the technologies being abused, the report said .