The Mozilla Foundation has sent a legal threat to Gamma International, a UK company that makes a product called “FinSpy” that is used by governments, including brutal dictatorships to spy on dissidents. FinSpy allows these governments to hijack their citizens’ screens, cameras, hard-drives and keyboards. Gamma disguises this spyware as copies of Firefox, Mozilla’s flagship free/open browser.
Gamma International markets its software as a “remote monitoring” program that government agencies can use to take control of computers and snoop on data and communications. In theory, it could be legitimately used for surveillance efforts by crime fighting agencies, but in practice, it has popped up as a spy tool unleashed against dissident movements operating against repressive regimes.
Citizen Lab researchers have seen it used against dissidents from Bahrain and Ethiopia. And in a new report, set to be released today, they’ve found it in 11 new countries: Hungary, Turkey, Romania, Panama, Lithuania, Macedonia, South Africa, Pakistan, Nigeria, Bulgaria, and Austria. That brings the total number of countries that have been spotted with FinFisher to 36.
To date, Citizen Lab researchers have found three samples of FinSpy that masquerades as Firefox, including a “demo” version of the spyware according to Morgan Marquis-Boire, a security researcher at the Citizen Lab, who works as a Google Security Engineer. Marquis-Boire says his work at Citizen Lab is independent from his day job at Google.
Mozilla Takes Aim at Spyware That Masquerades as Firefox [Robert McMillan/Wired]