3.5.13

Spyware used by governments poses as Firefox, and Mozilla is angry "政府使用間諜軟體偽裝成Firefox瀏覽器,Mozilla發怒"


Mozilla has sent a cease-and-desist letter to a company that sells spyware allegedly disguised as the Firefox browser to governments. The action follows a report by Citizen Lab, which identifies 36 countries (including the US) hosting command and control servers for FinFisher, a type of surveillance software. Also known as FinSpy, the software is sold by UK-based Gamma International to governments, which use it in criminal investigations and allegedly for spying on dissidents.



Mozilla revealed yesterday in its blog that it has sent the cease and desist letter to Gamma "demanding that these illegal practices stop immediately." Gamma's software is "designed to trick people into thinking it's Mozilla Firefox," Mozilla noted. (Mozilla declined to provide a copy of the cease and desist letter to Ars.)

The spyware doesn't infect Firefox itself, so a victim's browser isn't at risk. But the spyware "uses our brand and trademarks to lie and mislead as one of its methods for avoiding detection and deletion" and is "used by Gamma’s customers to violate citizens’ human rights and online privacy," Mozilla said. Mozilla continues:

Through the work of the Citizen Lab research team, we believe Gamma’s spyware tries to give users the false impression that, as a program installed on their computer or mobile device, it’s related to Mozilla and Firefox, and is thus trustworthy both technically and in its content. This is accomplished in two ways:

1. When a user examines the installed spyware on his/her machine by viewing its properties, Gamma misrepresents its program as “Firefox.exe” and includes the properties associated with Firefox along with a version number and copyright and trademark claims attributed to “Firefox and Mozilla Developers.”

2. For an expert user who examines the underlying code of the installed spyware, Gamma includes verbatim the assembly manifest from Firefox software.

The Citizen Lab research team has provided us with samples from the following three instances that demonstrate how this misuse of our brand, trademarks and public trust is a designed feature of Gamma’s spyware products and not unique to a single customer’s deployment:

  • A spyware attack in Bahrain aimed at pro-democracy activists;
  • The recent discovery of Gamma’s spyware apparently in use amidst Malaysia’s upcoming General Elections; and
  • A promotional demo produced by Gamma.
Each sample demonstrates the exact same pattern of falsely designating the installed spyware as originating from Mozilla. Gamma’s own brochures and promotional videos tout one of the essential features of its surveillance software is that it can be covertly deployed on the person’s system and remain undetected.




FinFisher doesn't just masquerade as Firefox. The Citizen Lab report says it has also been used to target Malay language speakers by "masquerading as a document discussing Malaysia’s upcoming 2013 General Elections."

The countries where Citizen Lab identified FinFisher command-and-control servers are Australia, Austria, Bahrain, Bangladesh, Brunei, Bulgaria, Canada, Czech Republic, Estonia, Ethiopia, Germany, Hungary, India, Indonesia, Japan, Latvia, Lithuania, Macedonia, Malaysia, Mexico, Mongolia, Netherlands, Nigeria, Pakistan, Panama, Qatar, Romania, Serbia, Singapore, South Africa, Turkey, Turkmenistan, United Arab Emirates, United Kingdom, United States, and Vietnam.

We've asked Gamma if the company has a response to Mozilla's cease and desist letter but haven't heard back yet.

英文原文連結http://arstechnica.com/information-technology/2013/05/spyware-used-by-governments-poses-as-firefox-and-mozilla-is-angry/
這隻間碟程式的名稱是FinFisher或FinSpy,wiki有介紹 http://en.wikipedia.org/wiki/FinFisher
共有36個國家被監控分別是澳大利亞,奧地利,巴林,孟加拉國,文萊,保加利亞,加拿大,捷克共和國,愛沙尼亞,埃塞俄比亞,德國,匈牙利,印度,印度尼西亞,日本,拉脫維亞,立陶宛,馬其頓,馬來西亞,墨西哥,蒙古,荷蘭,尼日利亞,巴基斯坦,巴拿馬,卡塔爾,羅馬尼亞,塞爾維亞,新加坡,南非,土耳其,土庫曼斯坦,阿拉伯聯合酋長國,英國,美國和越南。

沒有留言:

張貼留言