Mozilla: government spyware disguising itself as Firefox
By Stewart Mitchell
Posted on 1 May 2013 at 10:34
Mozilla has called on a commercial spyware company to stop masquerading as its Firefox browser to avoid detection on people's computers.
The action comes after a report from human rights group Citizen Lab claimed that Gamma International, a controversial surveillance software company, was using Firefox as a mask to hide its FinSpy software, which is used by governments to snoop on citizens.
British-based Gamma disguises its surveillance tool - which can be installed covertly, and then access key-strokes, activate webcams and record Skype calls – as Firefox so that users don't delete it, Mozilla said.
"We’ve sent Gamma a cease and desist letter today demanding that these illegal practices stop immediately," Mozilla said in a blog.
Not only are these activities illegal, but we take them seriously because they are deceptive, harm users, cause consumer confusion, and jeopardise Mozilla’s reputation
"We cannot abide a software company using our name to disguise online surveillance tools that can be – and in several cases actually have been – used by Gamma’s customers to violate citizens’ human rights and online privacy."
Mozilla stressed that the two software packages remained separate and that FinSpy did not affect Firefox itself or the way the browser operated. "Gamma’s software is entirely separate, and only uses our brand and trademarks to lie and mislead as one of its methods for avoiding detection and deletion," Mozilla said.
According to Mozilla, when a computer user targeted by FinSpy looks at files related to the snooper, "Gamma misrepresents its program as 'Firefox.exe' and includes the properties associated with Firefox along with a version number and copyright and trademark claims attributed to Firefox and Mozilla Developers".
Mozilla said the Citizen Lab report that alerted it to the issue had included evidence of the tactic in a spyware attack in Bahrain that targeted democracy activists, in spyware used in the run-up to Malaysia's upcoming elections and in promotional copies of the software.
"Not only are these activities illegal, but we take them seriously because they are deceptive, harm users, cause consumer confusion, and jeopardise Mozilla’s reputation," the company said.
Gamma International has yet to respond to an email asking for confirmation that it has received the cease and desist notice and for comment on the issue.
Is your business a social business? For helpful info and tips visit our hub.
this company should be subect to a complete investigation by parliment as an independant inquiry should be placed upon them.
By ricardo69 on 2 May 2013
Suggestion re spyware hiding as Firefox: add code to detect same, and flash up message "Your computer has had spyware installed - beware! FinSpy is devised and supplied by Gamma International, based in the UK". That should spoil their little game.
By odranoel3 on 2 May 2013
I think we got your message the first time so no need to multipost.
By curiousclive on 4 May 2013
- How Google Glass ruined my lunch hour
- Smartphone battery packs: can a USB power pack beat the festival battery blues?
- Windows Easy Transfer – not so "easy" in Windows 8.1
- Formula 1: what a difference virtualisation makes
- Office of the future: comfy chairs and tablets everywhere
- I went to Glastonbury and the only thing that got high was my smartphone
- Meet the robots helping teach children
- PaperLater: would you pay to print the internet?
- Amazon vs Kobo: how much to make the ebook switch?
- Phishing emails: how I nearly got caught out
- How to write your company's IT security policy
- The key to choosing a secure password
- Please stop reposting fake Facebook messages
- Is Facebook safe for business?
- Don't rely on Chrome's password vault
- Facebook Graph Search: don't panic
- Gmail drafts and Pastebin: could they evade the email snoops?
- Applying for a job at GCHQ? Here's your plain-text password
- Google two-step verification: a must for business email
- Yes, I write down my passwords