Research into spying software sold by Gamma International shows it is now being used in 36 countries and tricks people into thinking they are downloading Mozilla's Firefox.

FinFisher Spyware

Sophisticated government spying software which is sold by UK-based company Gamma International is being used by more and more countries to monitor dissidents, journalists and human rights activists a report from a Canadian University has found.

The report, called For Their Eyes Only: The Commercialization of Digital Spying was produced by Citizen Lab, a research project that is part of the University of Toronto's Munk School of Global Affairs.

"Once a boutique capability possessed by few nation states, commercial intrusion and monitoring tools are now being sold globally for dictator pocket change," security researcher at Citizen Lab, Morgan Marquis-Boire said in his introduction to the report.

The spyware suite is called FinFisher and is sold as a "governmental IT intrusion and remote monitoring solutions" and is developer by Gamma International which has a base in Andover in the UK as well as a base in Germany.

The group says that since its last report it has identified FinFisher servers operating in 11 new countries including South Africa, Pakistan and Turkey, which brings the total number of countries with active FinFisher servers to 36 - including the UK and the US.

While there is some legitimate use for such software, groups like Citizen Lab, the Electronic Frontier Foundation (EFF) and Privacy International have in recent years tried to highlight the misuse of this type of software.

Notoriety

The FinFisher spying software first gained notoriety after it was revealed that the Egyptian government's state security was in negotiations with Gamma International UK over the purchase of the software. Promotional materials have been leaked that describe the tools as providing a wide range of intrusion and monitoring capabilities. Despite this, however, the toolset itself has never been publicly analysed.

As well as reporting the increased use of the spyware, Citizen Lab report that it has found instances of where FinSpy, which is part of the FinFisher suite, has masqueraded as Mozilla's Firefox browser in order to trick people into downloading it.

FinFisher Servers
A Map of the FinFisher servers around the globe which are now found in 36 countries including the UK and US. (Credit: Citizen Lab)

Mozilla, which was voted Most Trusted Company for Privacy in 2012 by the Ponemon Institute, has responded strongly to the revelation by sending a cease and desist letter to Gamma International demanding that these illegal practices stop immediately.

Abuse

In a blog post on the situation, Alex Fowler, head of Mozilla's privacy and public policy division, said:

"As an open source project trusted by hundreds of millions of people around the world, defending Mozilla's trademarks from this type of abuse is vital to our brand, our users and the continued success of our mission."

Commenting on the legal implications of this move by Gamma International, Simon Ayrton, a partner at specialist intellectual property law firm Powell Gilbert said: 

"This looks deliberately designed to be read and mislead. In my view, Mozilla would have a strong case if it sought an injunction against FinFisher and I'd be surprised if the spyware maker attracted much sympathy from the court." 

The fake Firefox files have been used, according to the research by Citizen Lab, in spyware campaigns in Bahrain aimed at pro-democracy activists; ahead of the up-coming Malaysian General Election and even in a promotional demo given by Gamma International to potential customers.

Mobile

Previous research into the FinFisher software by Citizen Lab found the toolkit contains mobile variants targeting all major platforms including iOS, Android and BlackBerry as well as outdated platforms like Windows Mobile and Symbian.

Called FinSpy Mobile, according to Gamma's own promotional literature the product can record your calls, messages and email as well as carry out surveillance through a feature called silent calls. It can also download files, pinpoint your location and communicate anonymously with those in control.

Gamma International is not the only company offering such powerful spying software to governments, intelligence and law enforcement agencies. Among the other high-profile companies are Vupen and Hacking Team.

In March, Hacking Team's Eric Rabe tried to defend the actions of his company, saying it only "sells to governments so no private person or business can buy this [software]." He said the company didn't sell to any countries which were on NATO, US or EU blacklists but it has also been pointed out by the EFF that not all countries suspected to have committed human rights abuses are on these blacklists.

Indeed, Last year Citizen Lab's Marquis-Boire highlighted that software created by Hacking Team was being used by oppressive regimes in the United Arab Emirates and Morocco to monitor anti-government protestors and which in at least one case lead to the torture of an activist.

IBTimes UK contacted Gamma International for a comment on Citizen Lab's report and Mozilla's cease and desist letter but at the time of publication we have yet to receive a reply.