Finfisher Spyware Use By Governments Expanding, Masquerades as Firefox

nk497 writes "Mozilla has sent a cease-and-desist order to Gamma International, after it was revealed the controversial creator of spyware for governments was disguising itself as Firefox on PCs. 'We cannot abide a software company using our name to disguise online surveillance tools that can be — and in several cases actually have been — used by Gamma's customers to violate citizens' human rights and online privacy,' Mozilla said." DavidGilbert99 writes on the wider implications of the Citizen Lab report: "Governmental spying software has been in the news a lot in recent months and today Citizen Lab has revealed its latest findings, showing that one of the most prolific tools in use, Finfisher, is now in use in 36 countries around the world [beware the auto playing video ads with sound]." And, Voulnet adds "According to analysis and report by CitizenLab of the Gamma FinFisher trojan spyware used against dissidents in the middle east and around the world, the FinFisher codebase uses the LGPL GNU Multiple Precision Arithmetic Library, possibly without adhering to its distribution restrictions."

Sue, sue, sue

[furbyhater]

This scum must get sued into the ground. What a disgusting company.

Re:Sue, sue, sue

[IndustrialComplex]

If I were Mozilla, I certainly would. Whenever I hear of Firefox now, I'm going to associate the name with Malware and probably just use something else. Sure after thinking about it for a bit, I'll remember this story, but that first impression matters a lot when branding is concerned.

Damage to their brand has certainly occured.

Re:Sue, sue, sue

Is the "harm" caused to Firefox's reputation worth any punitive damages? They don't sell Firefox and can't really claim loss of revenue. Maybe they can claim loss of donations to Mozilla?

Re:Sue, sue, sue

[furbyhater]

If I were Mozilla I'd look into suing for defamation, more specifically libel. If you have been libeled, you don't even need to prove damages, at least in the US, according to this website: http://www.wikihow.com/Sue-for-Defamation

Re:Sue, sue, sue

[rvw]

Is the "harm" caused to Firefox's reputation worth any punitive damages? They don't sell Firefox and can't really claim loss of revenue. Maybe they can claim loss of donations to Mozilla?

Less downloads is less sponsoring from Google. But what does revenue have to do with this? Is this capitalistic brain washing that instructs you that you cannot do anything unless money is involved?

Re:Sue, sue, sue

[erroneus]

I believe this company has already found itself on anonymous' radar. Watch out for fun on the horizon as I expect them to exploit the finfisher C&C servers for their own gain and to the embarassment of finfisher's customers.

Re:Sue, sue, sue

But what does revenue have to do with this? Is this capitalistic brain washing that instructs you that you cannot do anything unless money is involved?

Do you really think that a company will "learn" if they are not financially penalized for this type of fraudulent behavior? The US justice system doesn't hold the officers of a company liable for the company's criminal actions so the only way to punish a company for its wrongdoing is fines and monetary judgements.

Re: Sue, sue, sue

"Hmmm, I think I might go back to using IE".

Re:Sue, sue, sue

The site was returning a 404 error when using http://www.gammagroup.com but the site is available again.

They're using IIS/Windows hosting according to their 404 so let's hope they're up to date on their security patches ;-)

Re:Sue, sue, sue

[rtb61]

The Firefox brand has a perceived value, a value of identifying that product with that brand. It doesn't have to sell anything, it just has to have a 'goodwill' value associated with an identifiable brand. The fraudulent use of the brand, damages the goodwill associated with Firefox and enables a civil suit to be filed to protect and establish not just damages but punitive damages. As the abuse is particular egregious and threatens the perception of security of the products punitive damages could be quite high as a multiple of goodwill damage.

Re: Sue, sue, sue

FRAUD!. Throw the book at them and treat them like any member of an organised criminal hacking syndicate.
 

Re:Sue, sue, sue

[hairyfeet]

No sadly he is just stating the truth, a company that "gives away" its product is just gonna have a harder time when it comes to damages VS a company that is charging a set dollar amount.

We could sit here all day arguing about "commies vs money whores" but the simple fact is that FOSS companies? Really not setting any awards when it comes to damages and with a company like this if you don't damage the shit out of their wallets they'll just write it off as "the cost of doing business" and go on their merry way.

Re:Sue, sue, sue

Remember who hired them, as well. Just because it is easy, that doesn't make it OK to use mass surveillance to invade people's privacy.

Re: Sue, sue, sue

[interval1066]

Breach of license, etc...?

Re:Sue, sue, sue

Whenever I hear of Firefox now, I'm going to associate the name with Malware and probably just use something else.

You know malware is effective when you see retards posting things like this. Absolutely nothing wrong with the real Firefox and yet he wants to avoid using it for no good reason.

I guess you don't use a web browser and you send mail to a daemon?

Re:Sue, sue, sue

[ArcadeMan]

I guess you don't use a web browser and you send mail to a daemon?

Not only that, but I sign all my emails with "In God we trust" just to piss off the daemon.

Re:Sue, sue, sue

[squiggleslash]

I think they can do better than that.

This is a product being used by governments to spy on citizens. Can you imagine what it would do to these investigations, legit or abusive, if the real Firefox were to pop-up a message on the screen of everyone being spied upon notifying them what's going on?

We're not just talking about ruining the reputation of the spyware company, though that would be a bonus. We're talking about heads rolling of virtually anyone who employed these suckers, which in turn should mean just a little more care is taken in future.

Firefox needs to be altered to detect the presence of the spyware, and warn those being spied upon. If it actually destroys a legitimate investigation, then so much the better.

Re:Sue, sue, sue

[gmuslera]

Mozilla will lose. Probably government is one of the main clients of that company.

Re:Sue, sue, sue

The UKs libel and defamation laws at the strictest in the world, Mozila could get a lot of money from them.

Re:Sue, sue, sue

[IndustrialComplex]

There is nothing wrong with the real Firefox (as it relates to this story). But that's not what I'm talking about here. I'm talking about how people react to brands and how it often is an irrational behavior. In fact, the very reason that branding works is because of irrational behavior. Let's try a few examples. Consider what associations your mind makes when you first hear these brands/products/trademarks/names.

White Ford Bronco
Zyclon B
Bushmaster
Jonestown
Sandusky

Re:Sue, sue, sue

They won't lose, if it's within the EU, the government(s) run the very real risk of the EU breathing down their necks and reigning them in if they do break European laws.

Same cannot be said for the USA tho.

Re:Sue, sue, sue

[BitterOak]

You know malware is effective when you see retards posting things like this. Absolutely nothing wrong with the real Firefox and yet he wants to avoid using it for no good reason.

Actually, there's a very good reason. As you say, there's nothing wrong with the REAL Firefox, but there's a piece of Malware disguising itself as Firefox. How can you be sure you have the real one? Since this product is in use by governments, they probably have the ability to redirect connections to mozzila.org to their own server. So how can you be sure you're using the real Firefox? (Actually, that is a serious questions. As a "Firefox" user, I'd be interested to know if there's a utility I can run that will let me know if my Firefox is legit or not.)

Re:Sue, sue, sue

[L4t3r4lu5]

Hash of the executable. You'll need to obtain both a hash calculator and the hash result itself, presumably over an out-of-country VPN / over Tor.

</tinfoilhat>

Re:Sue, sue, sue

There's a utility you can use for every file on your computer and it's called sha1sum. No need to be fucking paranoid, just browse to mozilla.org and get your shit there. If you're going to stop all software that has malware infecting them, might as well stop using computers altogether.

Re:Sue, sue, sue

Look, if you're irrational and stupid, I'm not going to stop you. The rest of us realize that this has nothing to do with Mozilla's product.

victory for open source

[one_who_uses_unix]

This is one of the big reasons for supporting open source applications - violations like this can be exposed without relying on a single central authority to uncover it and trusting that the central authority will not be beholden to other interests.

Kudos to the firefox team!

Re:victory for open source

[dfghjk]

"This is one of the big reasons for supporting open source applications - violations like this can be exposed without relying on a single central authority to uncover it and trusting that the central authority will not be beholden to other interests."

By "supporting open source applications" you must mean using their products for free, and by "without relying on a single central authority" you must mean relying on Mozilla as if it wasn't a single central authority. No doubt Mozilla is only "beholden" to your interests.

Pitiful tribalism as work.

In the USA, that's criminal.

[__aaltlg1547]

How are they getting away with this in Great Britain?

Re:In the USA, that's criminal.

[reubenavery]

yeah but with the NSA, we don't need lameness like this to get our online surveillance.

Re:In the USA, that's criminal.

[SJHillman]

Pshaw, it's only criminal if it isn't being used by the government. Don't you know nothing?

Re:In the USA, that's criminal.

[GauteL]

How are they getting away with this in Great Britain?

Using the tool may well be a criminal offence, but selling it isn't necessarily. And making it look like Firefox is Trademark violation, which is a Civil matter, not a criminal one.

It took a while for Mozilla to hear about Gamma and put together a lawsuit. I don't see how this is any different in the US.

Re:In the USA, that's criminal.

[niftydude]

How are they getting away with this in Great Britain?

Read the ibtimes link - the good old USA is one of the 36 countries.

So, how are they getting away with this in the US?

Re:In the USA, that's criminal.

How are they getting away with this in Great Britain?

Because they are probably protected from such annoyances as cease and desist by the British government. Facilitating crimes against humanity is not just the perview of the US government. In fact, I'll bet that if Mozilla continues making noise they will get a late night visit by Homeland Security telling them that it might not be healthy for them and their families if they continue down this path.

Re:In the USA, that's criminal.

By the government, or by big corporations, but judging by the ever increasing number of known lobbyists within the government institutions, it will soon be one and the same anyway.

http://arstechnica.com/tech-policy/2013/04/new-fcc-chairman-is-former-lobbyist-for-cable-and-wireless-industries/

Re:In the USA, that's criminal.

[filekutter]

Agreed. Obviously a company here in the usa would LOVE to offer up a program like this to sell to the govt, political groups, et al; but can't because of laws which would make it prohibitive, if not too costly. I have to admit my disgust that there are people who would actually consider such a program and its production; its anathema to so many ideals I cherish. These people are obviously bottom feeders. If they DO get a visit from Homeland "security", it will be most likely to purchase or rent the software and hide its use behind "need to know" rules.

Re:In the USA, that's criminal.

[flayzernax]

Producing the program is completely legal.

Using the program or selling it to people who use it illegally (might be) an issue.

AFAIK its a British company. The U.S. endorses lots of these international companies anyway.

Re:In the USA, that's criminal.

[Solandri]

Probably something to do with sovereign immunity. Like how the U.S. government extended immunity to the telecos for participating in warrantless wiretapping.

Re:In the USA, that's criminal.

[__aaltlg1547]

It's a trademark violation with regard to Mozilla. With regard to the people they get to use it/download it, it's fraud.

Trademark ; Copyright

[DrYak]

Mozilla's case is a very clear one. Although the software (the source code) is free and open, the trademark (the branding) *IS* NOT. (Hence all the IceWeasel and similar source builds). Gamma company is clearly using a name registered to Mozilla to masquerade itself, and abuse end-users' confusion to make them think it's a Mozilla registered product. That's almost the book case for which Trademark was designed.
The only thing which could prevent Mozilla from winning at the court would be government meddling (although, this is likely as its a widely used *surveillance* tool :-( )

In theory, Gamma should have negociated a trademark licensing deal (just as do Linux distribution which provide their own branding on top of Mozilla's. The Firefox which comes with opensuse isn't the exact binary which is available at mozilla.org, but they are allowed to package their build and still call it "Mozilla Firefox" because they obtained a permission).
In practice, Mozilla will probably refuse to grant Gamma a license.

The libGMP case is much more interesting: they copied code which don't belong to them. Either they are violating its license and breaking copyright law. Or, they'll have to abid to the license and make their surveillance tool end-user- (or should it be more properly called "end-victim"- ) modifiable. (Either the whole package if its GPL or at least the LGPL parts if there are only LGPL parts in Finfisher).
Meaning that victims could without any restriction take-over finfisher by injecting their own libraries: it would end up completely legal and possible to tamper with a wiretapping device because the license of some part of it require the end-user to be able to customise them (in case of LGPL, or to customise the whole package in case of GPL).

Re:Trademark ; Copyright

[neonKow]

I agree that Mozilla should have no problem stopping Gamma International from using their trademark, but I think you are wrong about the libGMP case. Using FOSS according to the license in no way makes your code more vulnerable to getting its libraries hijacked. It means appropriately releasing the parts of your own source code as FOSS. If your implementation is any good, it shouldn't be possible to tamper with the device.

Re:Trademark ; Copyright

This is why they should have spoofed IE. Microsoft would have happily provided a license to allow this.

Re:Trademark ; Copyright

[drinkypoo]

This is why they should have spoofed IE. Microsoft would have happily provided a license to allow this.

The goal was to mimic a piece of software that a user might intentionally install and run on their computer.

How?

[puddingebola]

I applaud Mozilla's decision to start legal action against them, but more importantly, how is it legal for this company to operate? Perhaps this is naïve, but how is it legal for a company to operate by providing surveillance software to governments? Does the State Department approve which nation's they can sell to?

Re:How?

[SJHillman]

The government doesn't care a whole hell of a lot if other governments are spying on their own citizens, as long as their espionage doesn't cross borders and spy on our stuff. All the better if our government has a backdoor into the software letting us spy on their citizens.

Re:How?

The problem is the border crossing. If your data crosses borders, the government deems itself entitled to spy on it. Hint: WWW stands for World Wide Web.

Re:How?

Spyware is not illegal. Spyware that gets installed without the computer owner's explicit permission is illegal in this country.
Yes it would be illegal to sell spyware to a no-sell country. Absent such a restriction, the company itself can legally operate.
If they sell to a country where it is legal for the government to install spyware without permission, the company is operating within the law. Maybe the state department SHOULD restrict such sales, but until they do, it's business as usual.

Re:How?

[caspy7]

They haven't started legal action.

Wrong interpretation

[DrYak]

The firefox part has nothing to do with "open source" or GPL violation.
Gamma isn't using a single line of code from firefox.
Instead they are abusing Mozilla's trademark.
This is a simple classical violation of trademark law. (and a clear one).

The LGPL violations are regarding some subcomponent used by finfisher, namely libGMP.

Re:Wrong interpretation

[one_who_uses_unix]

Thanks - I didn't mention licensing, sounds as though you read that into my comment.

This is a violation of trust more than anything else.

What this has to do with open source is that open source provides the means to identify impostors more readily - and the nicest thing is that there is a means to work around them without being required to use their "version".

Re:Wrong interpretation

What does it matter whether the source is open or not?

From what I can see, the connection is just that it tarnishes the name of open source.

Re:Wrong interpretation

[neonKow]

How on earth does open source provide the means to identify imposters more readily? What central authority are you talking about? md5 will allow you to check that binary whether it's FOSS or not, and your eyeballs are pretty good at determining if another program is stealing a logo/name.

Re:Wrong interpretation

When a user examines the installed spyware on his/her machine by viewing its properties, Gamma misrepresents its program as “Firefox.exe” and includes the properties associated with Firefox along with a version number and copyright and trademark claims attributed to “Firefox and Mozilla Developers.”

For an expert user who examines the underlying code of the installed spyware, Gamma includes verbatim the assembly manifest from Firefox software.

Re: Wrong interpretation

The assembly manifest is an uncompressed XML file tacked onto the executable; you don't need the source to look at it. It's' a Microsoft thing to mitigate DLL hell.

Re:Wrong interpretation

[LoRdTAW]

"Gamma isn't using a single line of code from firefox.

I am sure Darl McBride could fix that problem.

Re:Wrong interpretation

[Goaway]

Absolutely nothing in this case would change if Firefox were a closed-source app. No part of this has anything to do with open source.

Re:Wrong interpretation

[hairyfeet]

How EXACTLY does it do that? And do NOT say the "many eyes" myth as I can show how that one is a myth simply by using common sense and how many LOC you are talking about in your average distro. Hell have YOU done a code audit of FF, Gimp, LO, or any of the other applications that you use?

While FOSS does have its benefits, the main one being that nobody can just abandon a program or force you to upgrade as long as some devs are willing to support it, see KDE Classic for example, finding malware? NOT one of the benefits. Hell we are talking about government spying programs, not script kiddies, so one look at the entries in the obfuscated C contest should show you that your average programmer wouldn't find the shit unless they were specifically told it was there, so just saying that "because the code is out there SOMEBODY has to have done an audit" means exactly jack and squat.>

5 will get you 10 a good 80%+ of the code that goes into your average distro hasn't been looked at by anybody but the programmers themselves, see that infected Quake 3 that sat on damned near every repo for a year and a half or the KDE screensaver bug where it turned out a large chunk of the KDE screensavers hosted at places like KDELook were infected with malware, nobody looked at any of that code for ages and if somebody hadn't looked at their firewall and noticed weird activity (no different than they would have done with non FOSS programs) those would still be infecting folks to this day, it was only AFTER somebody caught the activity that the code was checked for malware. To my knowledge there has never been malware found by just looking at the source code, at least I've never heard of it.

Re:Wrong interpretation

[Darinbob]

Can you sue under LGPL if you're not a customer? Ie, the customer never requests a copy of the source code, therefore Gamma is not required to produce it, so no license violation?

Re:Wrong interpretation

[Nefarious+Wheel]

"Gamma isn't using a single line of code from firefox.

I am sure Darl McBride could fix that problem.

Kill that thought. Kill it with a heated spoon.

this is why...

This is why you should check md5 hashes on anything you install. Installing from a distro's repositories is the easiest and safest way, but you can check hashes on windows binary installers too, to verify that what you're installing is what you think you're installing.

Trademark law

[DrYak]

It's a clear trademark law violation.

"Firefox" is a name owned and controller by Mozilla, and is used to clearly designate one specific product: the Firefox browser.
Gamma are abusing the same name, Firefox, to masquerade their surveillance tool as a browser. They use the same name with intent to create confusion.

This is not allowed by trademark law and is punishable. It's almost a textbook's case.

About loss of revenue: Mozilla might not be selling copies of Firefox to end-users, they are still getting paid (by Google, among other) to produce it.

If suddenly Firefox becomes knkown as a filthy malware (which is exactly what Gamma is doing, and which exactly against what trademark law was designed) Mozilla might lose revenue though from sponsors instead of end-users.

Re:Trademark law

[NatasRevol]

Who's law? Gamma is based in England.

Re:Trademark law

Munich, Germany, with a branch in the U.K., says Wikipedia.

Re:Trademark law

[NatasRevol]

Dammit, I knew I shouldn't have read TFA.

Re:Trademark law

Who's law? Gamma is based in England.

And you don't think that the USA won't call for the extradition of the companies CEOs to stand trial on USA soil?

To think otherwise is incredibly naive.

http://en.wikipedia.org/wiki/UK%E2%80%94US_extradition_treaty_of_2003

Re:Trademark law

[NatasRevol]

Can you cite one CEO of any company ever being extradited to the US?

Especially for another company's lawsuit.

Re:Trademark law

Who's law? Gamma is based in England.

England has laws too, you know.

Re:Trademark law

[hairyfeet]

So they'll just switch the name to "foxfire" and most folks won't know the damned difference anyway.

Re:Trademark law

[NatasRevol]

Really? Are they exactly the same as the US laws, that the GP was citing?

Re:Trademark law

[tlhIngan]

About loss of revenue: Mozilla might not be selling copies of Firefox to end-users, they are still getting paid (by Google, among other) to produce it.

Trademark damages are not limited to loss to revenue. They can also be determined by how much money is made by the infringer. Which can easily be treble. So while Mozilla might not have "lost" any money from this, the other company certainly benefited, and the role of the damage calculation Is to prohibit such behavior as it means a bigger company could willingly violate trademarks and write it off as cost of business. The whole goal is not just to make the infringed whole, but to make it unprofitable to infringe.

Re:Trademark law

Trademark law has been invented in Europe. Like most stuff you in the US use.

Re:Trademark law

[NatasRevol]

Good to know. Great insight.

You might want to know that laws in different countries are ... different.

Re:Trademark law

CISCO tried, albeit through criminal proceedings.

Re:Trademark law

[Darinbob]

Reading the TFA never ends up well in the long run.

Re:Trademark law

Not too bright are you.

UK and Germany are both signatories of the Madrid Convention on trademarks, therefore any violation under that treaty in the US has parity laws in the UK and Germany that are also violated. A convictions in the US automatically propagates to the UK and Germany in terms of extraction of damages, restrictions on further trade, etc. The local governments are bound by law and by treaty.

Compatablility

So will i have issues with my extensions if I use it?

Re:Compatablility

[neonKow]

Yes. Very much so.

Who provides hashes on Windows?

[tepples]

Do most providers of Windows binary installers even provide hashes? I thought the common practice in Windows was for each developer to buy a commercial code signing certificate.

Re:Who provides hashes on Windows?

I didn't read your comment but I agree with it.

Re:Who provides hashes on Windows?

[lgw]

Yup - and not just on windows. It's common in security software to see "here are our hashes, but what you should really do is check the signature on your download: here's how.

If someone puts up a fake download page for Firefox, they'll put fake hashes on the same page for you to verify. Code signing at least tries to establish a chain of trust (cue rant about the CA system, joke that it is).

Remember...

[Minwee]

...They didn't get Al Capone for murder, they got him for distributing LGPL code without attribution.

Re:Remember...

I never laughed so much on /., thanks!

Re:Remember...

[K.+S.+Kyosuke]

...They didn't get Al Capone for murder, they got him for distributing LGPL code without attribution.

Well, given the current state of legal systems, they simply went for the greater offense to prosecute (violating someone's IP, gosh!).

kONSPIRAsee

[Sir_Eptishous]

I'm going out on a limb here, I hope it doesn't break...

As has been noted here, and is very obvious to those with any modicum of insight, the brand and trust value in FF has been greatly tarnished:
Will the general public be more reticent to use FF?
Will computer techs be less likely to reccommend FF to users?
Will enterprises be less likely to use FF?
I think the answer is yes on all counts.

Gamma International(AKA major cunts) picked the obvious choice of "trusted" and "independent" browsers to smear. And they have done a great job. Also, they smeared the browser that has the smallest legal coffers, because it had to be obvious to the major kunts that Mozilla would get wind of this and then litigate. We could hope that Mozilla can, as has been noted earlier, "sue the living daylights" out of major kunts.
How far will they get?

How will Mozilla reclaim their "street cred" as the independent and trusted browser?

Then we need to think about who this action helps, indirectly... Well, we all know the answer that.
Now, I wouldn't go so far as to suggest that either of the other major browsers had anything to do with this smear, but, it does cause one to pause and perhaps reflect on the long term implications of this smear against FF.

We can only pray that Mozilla is able to see that justice is done against this despicable band of hoodlums and scumbags.

Re:A job for HOST files... apk

You're not as good as signal11.

captcha: mostly

Re:Under Obamacare

Try reading the actual text of the act or at least check snopes.com
http://www.snopes.com/politics/medical/kithil.asp

Thinking forward outcome of ....

Best outcome of this trademark abuse is enough publicity which can be turned public awareness in long run. I bet that's not exactly Gamma is after thinking of this shady low key game they try to play.

Ergo. More publicity the case gets the better :)

ac

Official Spyware Removal?

How do we know malware removal vendors have no "agreements" with government agencies to leave certain "official" spyware (of course called "forensic" or "surveillance" tools) out of their sights? Can anybody shed some light on that?

Welcome to the civil court system

[Sycraft-fu]

You can't sue for damages if there aren't any. I don't care if you think it shouldn't be that way, that is how it actually is. Civil court is largely for remedying economic damages. Like if you hire me to do work on your house, I cause damage, and then refuse to pay for it, that is what civil court would be for.

So if I do something to you that is not illegal and causes you no economic harm, well you'll have trouble suing me (successfully) for it. There are cases and trademark infringement is one of them that there is no need to show harm, but not all that many.

So maybe less bitching about capitalism form you, more learning about the court system. Asking if something has done enough harm to warrant damages is a real issue for civil cases. That is how it works, regardless of if you like it or not.

No.

[Frosty+Piss]

You can't sue for damages if there aren't any.

Simply because Firefox is free to download does not mean that Mozilla does not derive any income from Firefox. Mozilla does not run off donations from people like you and I, they provide a service to a number of companies that pay they many many millions of dollars.

Loss is reputation results in fewer downloads results in a product association that is worth less to these companies.

Re:A job for HOST files... apk

Slashdot should add "P.S.=>" to the lameness filter.........

Welcome to the next level, dood!

[sgt_doom]

"White Hats" versus "Black Hats" ? ? ?

How about, evil is as evil does!

There's an article in that rag owned by notorious dog killer, Blethens (the Seattle Times) describing "white hats" --- a most muddied description when it pertains to those who support the status quo, which is coding software to track everyone today!

Narus, now a Boeing subsidiary, would describe themselves as "white hats" --- yet their DPI technology (Deep Packet Inspection) has been used to track down, torture and murder pro-democracy activists in China, Syria, Egypt and elsewhere.

The Narus DPI technology has been incorporated into the ultimate automated spy/intelligence platform, the Trovicor Monitoring Center, originally developed at Nokia Siemens Networks, it is now owned and sold through a private equity fund based in Germany, of unknown ownership.

It has been sold to one hundred countries, including China, America, Iran and Bahrain; the last two countries having used it in the kidnapping, torture and murder of various dissidents and pro-democracy activists.

This platform can be set to automatically intercept emails, or phone calls of any type, alter their content (as in meeting place location, etc.) then dispatch a kidnap team or kill team.

Say a member of the global elite requires a new organ. The Chinese government will match the target to Trovicor's DNA database, run an audio program search and match on wi-fi/landline to identify the target and his/her whereabouts, then dispatch an organ harvesting team to do a forced organ theft. The victim will end up either disappeared, or in the next Chinese "Bodies Exhibition" --- a profitable endeavor for the ghouls who pay to view such amoral travesties!

Welcome to the next level, dood!

Bugged Planet & Wikileaks Spy Files

Read & Learn:

http://www.buggedplanet.info/
http://wikileaks.org/the-spyfiles.html

Re:A job for HOST files... apk

POST ABORTED: use less timecube, it's like APKing!

Re:A job for HOST files... apk

[maxwell+demon]

Slashdot should add "P.S.=>" to the lameness filter.........

Or simply too much boldface.

Making available is mandatory

[DrYak]

under the GPL, making the source code available under some form is mandatory, no matter what.

So Gamma is violating because there's no way to get the source code of their copyleft parts.

In addition to that, the forensics using finfisher to spy are deploying it - thus distributing binaries, and should alsoprovide the parts of source code which are required by the license.

Failure to do so would be a copyright violation:
- Gamma can't copy libGMP without a license, and the license asks Gamma to provide some source.
- the Gamma clients/spies in turn aren't allowed to deploy the software on victim's PCs without a license. Again, the (L)GPLed parts ask for source.

Re:Making available is mandatory

[Darinbob]

Yes but the point is that only a few people have the legal standing to sue over this, not just any interested third party. The customers who received the binaries for example could sue if they were not given the source code when asked (and you don't have to proactively distribute the sources). Presumably the customers of this product aren't going to sue, as it would expose them publicly as users of the software.

Also there is a lot of assumption that there was a violation of license, but has anyone actually seen the product along with the accompanying documentation? It could include the LGPL printed out, the library source code could be available if we asked Gamma, etc...

Now the original copyright holders do have legal standing, but I think there would still have to be evidence that the license was violated, not just an assumption. Ie, get a customer (aka government agency) to fess up and give details. The "victims" will have binaries on the PC but will they count as "any third party" under the GPL merely because they found a binary on their computer? Wouldn't the government agencies just claim that they did not relinquish ownership of their spyware binary, or Gamma claim that the binaries were not properly re-transfered according to the license?

Confusion

[DrYak]

Even if they swap a few letters around, this is clearly made on the sole purpose of creating confusion and make the victim think it's mozilla's firefox.
That's exactly what trademark law was made against.

If Microsoft can sue anything containing "Windows" in the name, if Bethesda can sue anything containing "Scrolls" in the name, if even Apple can sue everything whose name merely begins with lower case 'i' letter... Then Mozilla could certainly sue a company whose product is designed to make use think it's Firefox.

Re:Confusion

[hairyfeet]

Yeah but then you get into a whole nother problem...how much do you have to change to get away with it? I mean there are several bunches that legally have their own spinoffs of FF, Iceweasel by Debian, IceDragon by Comodo, hell there is Pale Moon that is just a guy that wanted an optimized FF and of course under GPL all of that is fine since they aren't using the trademarks, just the GPLed code.

I mean courts have already said Apple can't own the letter "i" or be able to sue anybody who isn't in electronics who happen to have an Apple for a logo, so how much would it take? Surely no court would rule that FF can own the word "Fire" so I bet all they would have to do is change the animal and the logos and they'd be clear of trademarks and lets face it, most folks aren't gonna know what the icon is for FF so they could call it firefalcon or firehunter and many wouldn't know without being told.

Hell i had one customer that kept asking me to "be sure to install bluebird" and I was thinking "WTF is bluebird?" and when i said it out loud in front of my mom she said "Oh she means that blue bird net thingie, like you gave me"...and pointed to the seamonkey logo. I guess to older folks that looks like a bluebird to them, just goes to show that you can never tell what somebody is gonna associate as far as name and app. I wouldn't be surprised if they used a swirly kinda similar to FF they could call it smoking monkey for all it would matter.

Re:Somewhat related

United States v. ElcomSoft and Sklyarov

Having trouble posting, aren't you?

You fail it, Paul. Your skill is not enough.

Re:Having trouble posting, aren't you?

Jeremiah Cornelius failed at Microsoft. His being fired proved his lack of skill was not enough.

Re:Having trouble posting, aren't you?

Hello, Paul.

Definition of distribution

[DrYak]

Presumably the customers of this product aren't going to sue, as it would expose them publicly as users of the software.

But the victims got a copy of the binary (although against their will) but did not recieve anything clearly identifying the binary, contact information, licensing of free/libre opensource components nor source code. In fact everything is done to clearly identify the binary as something completely false and different - masquerading as Mozilla's Firefox (hence the trademark violation I mention above).
Because Gamma tries to hide Finfisher from the victim, the victim isn't properly informed of her/his rights regarding source code and freedom to modify. This alone could be a violation of the GPL.

The "victims" will have binaries on the PC but will they count as "any third party" under the GPL merely because they found a binary on their computer? Wouldn't the government agencies just claim that they did not relinquish ownership of their spyware binary, or Gamma claim that the binaries were not properly re-transfered according to the license?

The various *GPL licenses go to a great deal to properly define what counts as "distribution". (Even with subtypes like AGPL for which making a service available over the network counts as distributing).
A binary was given to the victims - even if it was against their wishes. More precisely, a *copy* of the binary was made onto the disk of the victim (hence the *copy*right law kicking in). To be able to make such copy, either Gamma has to be the owner of the code (which isn't the case with 3rd party component like libGMP whose rights still belong to the original authors), or Gamma has to have a license (an authorisation given by the authors) which allows them to make said copy. The license coming with the LGPL components comes with very precise requirements about what should be made with the code and the freedom to modify it. Gamma didn't respect it, thus the GPL is void for them and they don't have any license. The copy made and written on the victims disk is unlawful.

Gamma needs either to conform with the current license, or ask all the authors and copyright holder of libGMP a different license. (Which might not even be possible: not all project transfer the right to a single entity. Very often, every contributor retains the rights over his/her own contribution. To ask the right-holders for a different license could in some circumstance mean having to ask every single developer who has ever contributed any line of code. Which is partically impossible (that's why the Linux kernel is still licensed as GPLv2) and nothing guarantee that absolutely all of them would accept to change a license to help a spy).

Without such steps, Gamma is violating copyright law and liable.