FinFisher spyware used by governments around the world is disguised as Firefox, and Mozilla is not happy about it

Firefox Logo Branded

FinFisher, also known as FinSpy, is a piece of malware developed by Gamma International and sold to governments of 36 different countries (the US included) to monitor the activities of computer users. The spyware was originally designed to aid with criminal investigations, but there have been reports that say it has been used for more than just to catch criminals, such as to monitor the activities of dissidents or [insert label here].

As if FinFisher was not conterversial enough already, more fuel and been added to the fire thanks to recent developments. Mozilla, the maker of the popular Firefox browser, has issued a cease-and-desist letter to Gamma International because Mozilla alleges FinFisher is packaged to look like the Firefox browser.

In a blog post released yesterday, Mozilla revealed key points from the cease-and-desist letter and outlined the measures they’re taking to put an end to Gamma’s software fraud.

A recent report by Citizen Lab uncovered that commercial spyware produced by Gamma International is designed to trick people into thinking it’s Mozilla Firefox. We’ve sent Gamma a cease and desist letter today demanding that these illegal practices stop immediately.

The spyware software is not related to Firefox at all, aside from the illegal branding. So Firefox users don’t have to worry about contracting the spyware through their browser, at least not any more than usual. The spyware does, however, damage the reputation of Mozilla and Firefox by parading around with a false label.

Mozilla says the spyware “uses [their] brand and trademarks to lie and mislead as one of its methods for avoiding detection and deletion. It’s also “used by Gamma’s customers to violate citizens’ human rights and online privacy.”

As an open source project trusted by hundreds of millions of people around the world, defending Mozilla’s trademarks from this type of abuse is vital to our brand, our users and the continued success of our mission.

The Citizen Lab report unveils how the spyware was discovered, and where many of the command and control servers are located. For reference, Citizen Lab discovered the control servers in the following countries: Australia, Austria, Bahrain, Bangladesh, Brunei, Bulgaria, Canada, Czech Republic, Estonia, Ethiopia, Germany, Hungary, India, Indonesia, Japan, Latvia, Lithuania, Macedonia, Malaysia, Mexico, Mongolia, Netherlands, Nigeria, Pakistan, Panama, Qatar, Romania, Serbia, Singapore, South Africa, Turkey, Turkmenistan, United Arab Emirates, United Kingdom, United States, and Vietnam.

Personally, I’m deeply troubled by this news. In regards to the internet, many of our rights are coming under fire and lots of people are blissfully unaware of it. In this case, a company is impersonating a reputable source in order to get away with some rather heinous things, and at the hands of several government organizations no less.

I highly recommend you visit the source links below and read a little more about the subject. There’s also a New York Times article which is particularly interesting because it talks in depth about how the spyware was discovered and what it is used for by governments.

[via Citizen Lab, Ars Technica, Mozilla]

Share this post

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

10 comments

  1. NLCk3uH

    [@Louis]

    Do you know they can track you by your writing? Everyone has a unique style which, if enough is produced, can allow spooks to identify who wrote what. This may not give them your real ID but it permits them to attribute work to the one source. I didn’t believe this was true but have been convinced after much research.

  2. Domo

    [@K Lewis]

    I recall seeing a documentary about China’s “Cultural Revolution” of the 1960’s. Every village had a political “adviser” and residents were encouraged to spy on neighbors and report what they found. Of course anyone with a grudge against a neighbor would fabricate a story and the neighbor would be sent off to a “re-education” center for perhaps years. It brings to mind the Salem witch trials where people accused others of being witches. Madness.

  3. Louis

    V.P.N !!!!

    InPrivate / Incognito mode browsing.

    FaceBook with fake surname (your friends will know who you are, the rest doesn’t matter)

    Only use (various) webmail addresses, never with your real name in any.

    My government will build many profiles of “me”, but it will never be ME.

    Screw them !

  4. K Lewis

    How would this fake Firefox be downloaded? Through places like CNet or FileHippo? I only download through the Mozilla/Firefox site.
    It is truly a shame that most people do not know what is going on. Just this morning I read where a Palm Beach sheriff is asking for people to call them if they feel their neighbors are saying things against the government that they, the neighbors, might think be threatening. Hope I don’t have a neighbor that doesn’t like me. What happened to our freedom of speech? Scary things are happening and our children are growing up thinking this is all okay and for our own protection.
    I’ll take care of myself thank you.

  5. Darcy

    [@Darcy] Whoops, this comment is on the wrong article. That’s what happens when i walk away from the computer for a while before answering.

    Frankly, the amount of spying going on is scary and the fact that most people don’t know about it even scarier. I think Mozilla is right to be upset about it and they are taking the best action they can use to combat this one.

  6. stilofilos

    Thanks Briley for this very informative article.
    Apart from their cheating and spyware dirt, which are in se crimes-to-be-punished, they are also pirating in the most creepy way, like thieves in the night.
    What did they (yes, themselves…) want us to do with piracy again ? Right, keep our hands off. So I blacklisted them all (some were already for years). No travels anymore, no goods or services buying, no VAT in their pockets… Who follows ?

  7. Seamus McSeamus

    I agree with Ashraf, nice article.

    I also agree with him in regards to how little privacy we have. I’m pretty sure the US government knows which websites I visit, what I watch and what I download online. They know who I email and what we discuss, as well as who I talk to on the phone and who I text. That, unfortunately, is America today. Turns out, Eisenhower was right when he warned against an unchecked military-industrial complex.

  8. Ashraf
    Mr. Boss

    While I’m not very happy about any of this, I must ask: do we really think our governments, regardless of if they are “democratic” or “dictatorships”, do not spy on their own citizens and foreigners? Wake up, people. Forget the likes of CIA, MI6, NSA, etc. There are so many three letter agencies out there you don’t know about… what do you think they are tasked with doing, twiddling their thumbs? Yeah, right. For better or for worse, in today’s world privacy and citizen rights come second to security.

    Thanks for the informative article, Briley.