Mozilla has sent a cease-and-desist letter to a company that sells spyware allegedly disguised as the Firefox browser to governments. The action follows a report by Citizen Lab, which identifies 36 countries (including the US) hosting command and control servers for FinFisher, a type of surveillance software. Also known as FinSpy, the software is sold by UK-based Gamma International to governments, which use it in criminal investigations and allegedly for spying on dissidents.
Mozilla revealed yesterday in its blog that it has sent the cease and desist letter to Gamma "demanding that these illegal practices stop immediately." Gamma's software is "designed to trick people into thinking it's Mozilla Firefox," Mozilla noted. (Mozilla declined to provide a copy of the cease and desist letter to Ars.)
The spyware doesn't infect Firefox itself, so a victim's browser isn't at risk. But the spyware "uses our brand and trademarks to lie and mislead as one of its methods for avoiding detection and deletion" and is "used by Gamma’s customers to violate citizens’ human rights and online privacy," Mozilla said. Mozilla continues:
1. When a user examines the installed spyware on his/her machine by viewing its properties, Gamma misrepresents its program as “Firefox.exe” and includes the properties associated with Firefox along with a version number and copyright and trademark claims attributed to “Firefox and Mozilla Developers.”
2. For an expert user who examines the underlying code of the installed spyware, Gamma includes verbatim the assembly manifest from Firefox software.
The Citizen Lab research team has provided us with samples from the following three instances that demonstrate how this misuse of our brand, trademarks and public trust is a designed feature of Gamma’s spyware products and not unique to a single customer’s deployment:
- A spyware attack in Bahrain aimed at pro-democracy activists;
- The recent discovery of Gamma’s spyware apparently in use amidst Malaysia’s upcoming General Elections; and
- A promotional demo produced by Gamma.
FinFisher doesn't just masquerade as Firefox. The Citizen Lab report says it has also been used to target Malay language speakers by "masquerading as a document discussing Malaysia’s upcoming 2013 General Elections."
The countries where Citizen Lab identified FinFisher command-and-control servers are Australia, Austria, Bahrain, Bangladesh, Brunei, Bulgaria, Canada, Czech Republic, Estonia, Ethiopia, Germany, Hungary, India, Indonesia, Japan, Latvia, Lithuania, Macedonia, Malaysia, Mexico, Mongolia, Netherlands, Nigeria, Pakistan, Panama, Qatar, Romania, Serbia, Singapore, South Africa, Turkey, Turkmenistan, United Arab Emirates, United Kingdom, United States, and Vietnam.
We've asked Gamma if the company has a response to Mozilla's cease and desist letter but haven't heard back yet.
英文原文連結http://arstechnica.com/information-technology/2013/05/spyware-used-by-governments-poses-as-firefox-and-mozilla-is-angry/
這隻間碟程式的名稱是FinFisher或FinSpy,wiki有介紹 http://en.wikipedia.org/wiki/FinFisher
共有36個國家被監控分別是澳大利亞,奧地利,巴林,孟加拉國,文萊,保加利亞,加拿大,捷克共和國,愛沙尼亞,埃塞俄比亞,德國,匈牙利,印度,印度尼西亞,日本,拉脫維亞,立陶宛,馬其頓,馬來西亞,墨西哥,蒙古,荷蘭,尼日利亞,巴基斯坦,巴拿馬,卡塔爾,羅馬尼亞,塞爾維亞,新加坡,南非,土耳其,土庫曼斯坦,阿拉伯聯合酋長國,英國,美國和越南。
這隻間碟程式的名稱是FinFisher或FinSpy,wiki有介紹 http://en.wikipedia.org/wiki/FinFisher
共有36個國家被監控分別是澳大利亞,奧地利,巴林,孟加拉國,文萊,保加利亞,加拿大,捷克共和國,愛沙尼亞,埃塞俄比亞,德國,匈牙利,印度,印度尼西亞,日本,拉脫維亞,立陶宛,馬其頓,馬來西亞,墨西哥,蒙古,荷蘭,尼日利亞,巴基斯坦,巴拿馬,卡塔爾,羅馬尼亞,塞爾維亞,新加坡,南非,土耳其,土庫曼斯坦,阿拉伯聯合酋長國,英國,美國和越南。
沒有留言:
張貼留言