Mozilla, the maker of the Firefox browser, is well-known for battling online tracking. Now it’s set to launch a fresh privacy-protecting offensive: taking on a controversial surveillance company that has been accused of selling spyware to authoritarian regimes.
Gamma Group, a British company, offers governments and law enforcement agencies spy Trojans that are designed to covertly infiltrate computers and gather data from hard drives, eavesdrop on Skype chats and other communications, and conduct "live surveillance through webcam and microphone," according to marketing materials. The technology is supposed to be used solely to target serious criminals such as terrorists. However, a mounting body of evidence has linked it to attacks on activists or political opposition figures from countries including Bahrain and Ethiopia. A report published last month revealed that servers linked to Gamma’s line of “FinFisher” surveillance Trojans have been traced to servers running in at least 25 countries, including several with poor human rights records, such as Malaysia, Qatar, Turkmenistan, the United Arab Emirates, Singapore, and Vietnam.
Last year, researchers spotted that the spy tool had apparently been masking itself as Mozilla Firefox—tricking targeted users into thinking it was a legitimate application. I drew this to Mozilla’s attention in September and, after months of declining to comment, the company recently told me it had been in discussions with attorneys, consumer advocacy groups, and other software companies about launching legal action against Gamma for potential trademark violation. “We found what Gamma was doing to be highly offensive,” Alex Fowler, Mozilla’s chief privacy officer, told me in a phone call earlier this month. “The trust that people have put into the Mozilla brand, the Firefox brand, is one of our most important assets—it’s what people put a lot of faith in. So for a company using those brands and trademarks in a way that is playing off of that trust and brand to surreptitiously surveil citizens living in countries with repressive regimes—it's doubly offensive.”
Monday evening, Mozilla confirmed in an emailed statement that it is planning to imminently issue a cease-and-desist notice to Gamma over what it alleges is a “misrepresentation of our copyright and trademarks.” According to Mozilla, new research that will soon be published will show additional examples of how the FinFisher Trojan is masquerading as Firefox. “We are sending Gamma, the FinFisher parent company, a cease and desist letter demanding that these practices be stopped immediately,” Alex Fowler said in the emailed statement.
The significant development will come as another blow to Gamma, which was recently branded a “corporate enemy of the Internet” by Reporters Without Borders and is also currently the focus of ongoing legal action in the United Kingdom related to its spy tech sales. The company’s spokesman, Martin Muench, did not immediately respond to a request for comment for this story. Muench has previously stated that Gamma cooperates with export control agencies in Germany, the United Kingdom, and the United States, and “does not discuss its client base, its exports, or any of the operations which its clients may or may not be undertaking” on the grounds that doing so can “prejudice criminal or counter terror investigations and compromise the security of the members of the police or security services involved.”
Update, May 1, 2013: A lengthy report by sleuths at Canada's Citizen Lab, released Wednesday, presents fresh evidence linking Gamma's FinFisher technology to servers operating in 11 new countries: Hungary, Turkey, Romania, Panama, Lithuania, Macedonia, South Africa, Pakistan, Nigeria, Bulgaria, and Austria. This means that the spy Trojan's servers have now been identified in 36 countries to date (25 were previously identified in March). The new research also details a case in Malaysia in which Gamma's spy tool has apparently been used to infect users who open a booby-trapped document showing candidates for an upcoming general election—building on other evidence that has documented how the law enforcement tool appears to have been deployed by authorities in some countries for political surveillance. The Malaysia version of Gamma's spy Trojan, as with previous cases detailed above, apparently masquerades as legitimate Mozilla FireFox software. Mozilla has published a blog post explaining why it is demanding that "these illegal practices stop immediately."