finfisher™: governmental it intrusion
Contents
1. A 2 You Tube Plugin Finder Service l X m Startseite Videos HK Verf gbare Plugin Downloads deo hochladen Folgende Plugins stehen zur Verf gung w Momentan angesehene Videos Vampire historisch gef llig 47 770 Aufrufe xKarenina LE T S S men ors starts April 11 Einige Plugins k nnen w hrend der Installation zus tzliche Informationen von Ihren ben tigen Jideo Kicken Sie auf Weiter um diese Plugins zu installieren seite anpassen registrieren Nutze YouTube in einem neuen Webbrowser vw Lanala hrama harmintarladan xz AA Fertig GAMMA INTERNATIONAL Theinformationcontainedhereinisconfidential GAMMAGROUP United Kingdom and subject to change without notice Gamma Group International shall not be liable for Tel 44 1264 332 411 technical or editorial errors or omissions Fax 44 1264 332 422 contained herein infoBgammagroup com Remote Monitoring amp Infection Solutions In many real life operations physical access to in country Target Systems cannot be achieved and covert remote installation of a Remote Monitoring Solution is required to be able to monitor the Target from within the Headquarters FinFly ISP is a strategic countrywide as well as a tactical mobile solution that can be integrated into an ISP s Access and or Core Network to remotely install the Remote Monitoring Solution on selected Target Systems FinFly ISP appl2. Traditional tactical or strategic Interception solutions Face challenges that can only be solved using offensive systems like Finspy Mobile Data not transmitted over any network and kept on the device Encrypted Communications in the Air Interface which avoid the usage of tactical active or passive Off Air Systems End to end encryption from the device such as Messengers Emails or PIN messages Finspy Mobile has been giving successful results to Government Agencies who gather information remotely from Target Mobile Phones When FinSpy Mobile is installed on a mobile phone it can be remotely controlled and monitored no matter where in the world the Target is located Feature Overview Target Phone Example Features Covert Communications with Headquarters Recording of common communications like Voice Calls SMS MMS and Emails Live Surveillance through silent Calls File Download Contacts Calendar Pictures Files Country Tracing of Target GPS and Cell ID Full Recording of all BlackBerry Messenger communications Supports most common Operating Systems Windows Mobile iOS iPhone BlackBerry and Android WWW _GAMMAGROUP COM FINSPY MOBILE QUICK INFORMATION Strategic Operations Tactical Operations Remote Mobile Phone Monitoring Capabilities Content Hardware Software Usage Example 1 Intelligence Agency FinSpy Mobile was deployed on BlackBerry mobile phones of seve
3. ception and Intelligence Gathering through IT Intrusion have become more important on a daily basis and require Governments to build IT Intrusion teams to face these new challenges FinTraining courses are given by world class IT Intrusion experts and are held in fully practical scenarios that focus on real life operations as required by the end user in order to solve their daily challenges Gamma combines the individual training courses into a professional training and consulting program that builds up or enhances the capabilities of an IT Intrusion team The Training courses are fully customized according to the end user s operational challenges and requirements In order to ensure full usability of the transferred know how operational in country support is provided during the program Sample Course Subjects Profiling of Target Websites and Persons Tracing anonymous Emails Remote access to Webmail Accounts Security Assessment of Web Servers 8 Web Services Practical Software Exploitation Wireless IT Intrusion WLAN 802 11 and Bluetooth Attacks on critical Infrastructures Sniffing Data and User Credentials of Networks Monitoring Hot Spots Internet Caf s and Hotel Networks Intercepting and Recording Calls VoIP and DECT Cracking Password Hashes WWW _GAMMAGROUP COM IT Intrusion Training Program FINTRAINING QUICK INFORMATION Knowledge Transfer IT Intrusion Know How CyberWar Capab
4. IT INTRUSION Remote Monitoring amp Infection Solutions FINFLY WEB Product Components FinFly Web Point and click software to create custom infection Websites FinFly Web direct infection Local ISP Target for Infection Full integration with FinFly LAN and FinFly ISP WLAN Local ISP for Infection Infection gt FinFly LAN FinFly Web Remote Monitoring amp Infection Solutions FINFLY WEB Example Java Applet Internet Explorer Firefox Opera Safari The website will prompt the Target to accept a Java plug in that can be signed with any company name e g Microsoft Corporation nog ce amp 3 hup Document 0 ur Google v Java gaming Mario Games Sonic games Home New Register Login Search Feeds FreeContem FlashGames Flash Games Biog BROWSE GAMES All Games Do you want to use this certificate to grant java gaming com 4 b unrestricted access to your computer The digital signature of this certificate could not be verified Do nat trust this certificate if you do not keaw who issued it J C Always trust java gaming com Lo java gaming com java gaming com Self amp igned root certificate Expires 01 27 19 This root certificate is not trusted Trust Details f 6 A Hide Certificate Cancel Continue Anime Cartoon games m O t0 lt HAkk a S E ville game Sonic
5. Online Banking and more Main Credentials Password Sewer 64 2273 1863 17 Username adraptax fr d m secret 129 101 240 212 passwordl 62 84 74 92 Tactical IT Intrusion Portfolio FININTRUSION KIT Protocol https ftp pop3 Delete The FinUSB Suite is a flexible product that enables Law Enforcement and Intelligence Agencies to guickly and securely extract forensic information from computer systems without the reguirement of IT trained Agents It has been used in successful operations around the world where valuable intelligence has been acquired about Targets in covert and overt operations Usage Example 1 Covert Operation A source in an Organized Crime Group OCG was given a FinUSB Dongle that secretly extracted Account Credentials of Web and Email accounts and Microsoft Office documents from the Target Systems while the OCG used the USB device to exchange regular files like Music Video and Office Documents After returning the USB device to Headquarters the gathered data could be decrypted analyzed and used to constantly monitor the group remotely Feature Overview Optimized for Covert Operations Easy usability through Automated Execution Secure Encryption with RSA and AES Tactical IT Intrusion Portfolio FINUSB SUITE OUICK INFORMATION Tactical Operations Capabilities Information Gathering System Access Quick Forensics Hardware Software Usage Example 2 T
6. When used in combi nation with enhanced remote infection methods Govern ment Agencies will have the capability to remotely infect target systems FINFISHER WWW GAMMAGROUP COM IT INTRUSION Remote Monitoring amp Infection Solutions FinSpy is a field proven Remote Monitoring Solution that enables Governments to face the current challenges of monitoring Mobile and Security Aware Targets that regularly change location use encrypted and anony mous communication channels and reside in foreign countries Traditional Lawful Interception solutions face new challenges that can only be solved using active systems like FinSpy Data not transmitted over any network Encrypted Communications Targets in foreign countries FinSpy has been proven successful in operations around the world for many years and valuable intelligence has been gathered about Target Individuals and Organizations When FinSpy is installed on a computer system it can be remotely controlled and accessed as soon as it is con nected to the internet network no matter where in the world the Target System is based Feature Overview Target Computer Example Features Bypassing of 40 regularly tested Antivirus Systems Covert Communication with Headquarters Full Skype Monitoring Calls Chats File Transfers Video Contact List Recording of common communication like Email Chats and Voice over IP Live Surveillance through Webcam an
7. Active refers to activated FinSpy Target installations no matter whether the Target System is online or offline When FinSpy Target is deployed on a Target System and no Target Licenses are available the FinSpy Target gets temporary deactivated and no recording and live access will be possible As soon as a new License is available e g by upgrading the existing License or de infecting one of the active FinSpy Targets the Target will be assigned the free license and it will be activated and begin recording and pro viding live access Off ne devel test 1 DEVEL SYSTEM LAN Analyse Data E Download Schedule Alert Settings UJ Remove Infection Screenshot inactive Target without License Q VISTA SP7 XB6 momo test O Analyse Data LA Evidence Protection th Target Actions are disabled due to licensing limitatic pid npn rq NEST basate F gt T V py c SYSTEM ER om v mz OPTATIS LAN Visualize Data Beta Y Remove Infection Remote Monitoring amp Infection Solutions FinSpy Mobile is closing the gap of interception capabilities for Governments for most common smart phone platforms Specifically organizations without network or off air based interception capabilities can access Mobile Phones and intercept the devices with enhanced capabilities Furthermore the solution offers access to encrypted communications as well as data stored on the devices that is not transmitted
8. Military CyberWar Departments Intelligence Agencies Police Intelligence and other Law Enforcement Agencies Usage Example 1 Technical Surveillance Unit The FinIntrusion Kit was used to break the WPA encryption of a Targets home Wireless network and then monitor his Webmail Gmail Yahoo and Social Network Facebook MySpace credentials which enabled the investigators to remotely monitor these accounts from Headquarters without the need to be close to the Target Feature Overview Tactical IT Intrusion Portfolio FININTRUSION KIT QUICK INFORMATION Strategic Operations Tactical Operations Capabilities Break WEP WPA Encryption Network Monitoring including SSL Sessions IT Intrusion Attacks Hardware Software Usage Example 2 IT Security Several customers used the Finlntrusion Kit to successfully compromise the security of networks and computer systems for offensive and defensive purposes using various Tools and Techniques Usage Example 3 Strategic Use Cases The Finlntrusion Kit is widely used to remotely gain access to Target Email Accounts and Target Web Servers e g Blogs Discussion Boards and monitor their activities including Access Logs and more Discovers Wireless LANs 802 11 and Bluetooth devices Recovers WEP 64 and 128 bit Passphrases within 2 5 minutes Breaks WPA1 and WPA2 Passphrases using Dictionary Attacks Actively monitors Local Area Network Wired a
9. Once the FinFly USB is inserted into a computer it automatically installs the configured software with little or no user interaction and does not require IT trained Agents when being used in operations The FinFly USB can be used against multiple systems before being returned to Headquarters Usage Example 1 Technical Surveillance Unit The FinFly USB was successfully used by Technical Surveillance Units in several countries to deploy a Remote Monitoring Solution onto Target Systems that were switched off by simply booting the system from the FinFly USB device Feature Overview FINFLY USB QUICK INFORMATION Tactical Operations Capabilities Deploys Remote Monitoring Solution on Target Content Hardware Usage Example 2 Intelligence Agency A Source in a domestic terror group was given a FinFly USB that secretly installed a Remote Monitoring Solution on several computers of the group when they were using the device to exchange documents between each other The Target Systems could then be remotely monitored from Headquarters and the FinFly USB was later returned by the Source Covertly installs Remote Monitoring Solution on insertion in Target System Little or no user interaction is required Functionality can be concealed by placing regular files like music video and office documents on the device Infection of switched off Target System when booting from USB Hardware is a common and non susp
10. Processors Core RAM HDD Capacity Optical Drive Monitor Features Operating System N GAMMAGROUP FINFLY ISP gt 20 Gbps 2 8 NICs 1GE Copper Fiber 10GE Copper Fiber SONET SDH OC 3 192 STM 1 64 ATM AAL5 1x 8x Intel XEON 2 8 Cores Processor 12GB 1TB 3 x 146GB 4 8TB SAS HP iLO 3 Redundant Power Redundant Fans Bypass Switch Function if applicable Linux GNU Debian 5 0 hardened 5 Gbps 3 NICs 1GE Copper Fiber SONET SDH OC 3 12 STM 1 4 ATM AAL5 2 x Intel Core 17 6 Cores Processor 12GB 2 x 1TB SATA DVD RW SATA 1x17 TFI Bypass Switch Function for NICs Linux GNU Debian 5 0 hardened GAMMA INTERNATIONAL United Kingdom Tel 44 1264 332 411 Fax 44 1264 332 422 info gammagroup com Remote Monitoring 8 Infection Solutions FinSupport The FinSupport sustains upgrades and updates of the Fin Fisher product line in combination with an annual support contract The FinFisher Support Webpage and Support Team pro vide the following services to our clients Online access to Latest User Manual Latest Product Specifications Latest Product Training Slides Bug Reporting Frontend Feature Request Frontend Regular Software Updates Bugfixes New Features New Major Versions Technical Support via Skype Bugfixing Partial Operational Support WWW GAMMAGROUP COM FINSUPPORT FinL
11. is able to infect Files that are downloaded by the Target on the fly infect the Target by sending fake Software Updates for popular Software or infect the Target by injecting the Payload into visited Websites Usage Example 1 Technical Surveillance Unit A Technical Surveillance Unit was following a Target for weeks without being able to physically access the target computer They used FinFly LAN to install the Remote Monitoring Solution on the target computer when he was using a public Hotspot at a coffee shop Feature Overview FINFLY LAN OUICK INFORMATION Tactical Operations Capabilities Deploys Remote Monitoring Solution on Target System in Local Area Network Usage Example 2 Anti Corruption FinFly LAN was used to remotely install the Remote Monitoring Solution on the computer of a Target while he was using it inside his hotel room The Agents were in another room connected to the same network and manipulated the Websites the Target was visiting to trigger the installation Discovers all Computer Systems connected to Local Area Network Works in Wired and Wireless 802 11 Networks Can be combined with Finlntrusion Kit for covert Network Access Hides Remote Monitoring Solution in Downloads of Targets Injects Remote Monitoring Solution as Software Updates Remotely installs Remote Monitoring Solution through Websites visited by the Target For a full feature list please refer to the Product Spec
12. may take longer to re solve the issue Prio 2 major issue without Same working day 2 working day s 5 working day s workaround Please note Depending on the problem and research required it may take longer to re solve the issue Prio 3 major issue with Same working day 3 working day s 14 working day s workaround Please note Depending on the problem and research required it may take longer to re solve the issue Prio 4 minor issue Same working day 7 working day s next software update Software Upgrades The FinLifelineSupport includes regular Software upgrades and guarantees automatic upgrades to the existing system with Software patches provided via the update system These upgrades include new features new enhancements and new functionality as per the client s roadmap excluding hardware IT Intrusion Training Program FINTRAINING The IT Intrusion Training Program includes courses on both products supplied as well as practical IT Intrusion methods and techniques This program transfers years of knowledge and experience to end users thus maximizing their capabili ties in this field FINFISHER WWW GAMMAGROUP COM IT INTRUSION Security awareness is essential for any government to maintain IT security and successfully prevent threats against IT infrastructure which may result in a loss of confidentiality data integrity and availability On the other hand topics like CyberWar Active Inter
13. workaround in parallel it also escalates the Problem Report PR to the Research and Development R amp D depart ment to ensure a quick resolution These professional sup port measures ensure that the software meets the highest expectations FINFISHER IT INTRUSION Remote Monitoring amp Infection Solutions FINSUPPORT The following flow chart provides an illustration of the typi cal operational procedure and areas of responsibility Note in this flow chart customer represents the originator of the IR Process Responsibility Start Y Data Collection Problem Reporting Implementation amp Feedback Yes End Problem Logging Reporting First Response More Yes Information No Temporary Workround Correction Proposal Prrection Remote Monitoring amp Infection Solutions FINSUPPORT The following table provides the normal customer incident handling procedure Customer Incident Report IR Processing and Tasks FinFisher has dedicated email phone fax hotline contact info for incident reporting In cases of a suspected hardware software defect receive Incident Report IR as per the defined communication meth Ods IR should include contract id customer s name affected system technology description of defect priority see definition below available error symptoms Customer cooperates by providing further error symptoms upon
14. Er Example Missing Component IE Firefox Opera Safari The website will pretend that a plug in codec etc is missing on the Target System and prompt it to download and install this software C Template Windows Internet Explorer G _ fle Ed Wew Favorites Took ep weet 4 P Free total P 5 E empate es by gt Page Sooty lods ie A To help protect your security Internet E plorer blocked this site from Gowewinading fies to your computer Click here for options Adobe Flash Player Update Adobe Flash Player Components on this page require the latest version of Adobe Flash Player Please update Adobe Flash Player to view this page STEP t OF 2 Download starts in a few minutes Adobe Flash Player 10 tor System Requirernert s Windows kung the Agro and install the Software License Agreement 4 Unknown Zore Mixed En Remote Monitoring amp Infection Solutions FINFLY WEB Example Missing XPI Firefox only all platforms This module will prompt the Target to install additional plug ins in order to be able to view the website Mozilla Firefox M E Datei Bearbeiten Ansicht Chronik Lesezeichen Extras Hilfe QOI exon A 2 Meistbesuchte Seiten Erste Schritte gt Aktuelle Nachrichten E E V Es sind zus tziche Plugins notwendig um alle Medien auf deser Webseite anzuzeigen Fehlende Plugins instalieren a S Lr ho mo LEJ
15. Functionality LEMF For a full feature list please refer to the Product Specifications FINFISHER IT INTRLISION Remote Monitoring amp Infection Solutions FINSPY Product Components I Cubo dem inie Queis he UNUM X Sume Gl oom e a men wu A Bu EMIL ee ae Lor miai e Wii mc maki FinSpy Master and Proxy FinSpy Agent Full Control of Target Systems Graphical User Interface for Live Sessions Configuration Evidence Protection for Data and Activity Logs and Data Analysis of Targets Secure Storage Security Clearance based User and Target Management Remote Monitoring amp Infection Solutions Access Target Computer Systems around the World Infected FinSpy Relay Target PC sm The FinSpy Relay s Forward Fr TE ug connections between Internet Target and Master The infected Target System sends a heartbeat to the FinSpy Relay s as soon itis online FinSpy Relay The FinSpy Master manages all Targets and Agents and stores the Data FinSpy Master LEMF Monitoring Center FinSpy Agents Easy to Use User Interface Ps ra wu Tad d LL e in Da 6 hata m qu oro ja Drums scream U e Remote Monitoring amp Infection Solutions FINSPY Live and Offline Target Configuration Sereen amp Webcam Configuration Options NA Screen Capture Seting vides Qua i Rei c UR brage Size f 3 Made Estate see l or a singl
16. Target Mobile Phones around the World FinSpy Relay Infected Target Phone IE 4 mr St The infected Target Phone communicates through GPRS UMTS Wi Fi or SMS Voice Calls TCP IP si Mobile Provide External VolP Provider Or External VolP Server The FinFly Master FinSpy Master accepts the connections and stores the data inside the database FinSpy Agents Easy to Use User Interface FIMNSPY MOBILE pm ew Gu Suc Mean Turni Emai Loro Mhiri dk pum o EL meieri Mi Results al f Sewei Mag Euy M Tue owecu OU Coma rien Deis Mome Hb oo serm T re al m Boumon OLsarsnnoensgre mad come IZ betas apoeni 2UtT0 Ocober 13 fe t 1185 E 38 m B pagino User phoe nigg e mall Com DEME ZD 201T0 Odlob er 14 piura ees iB Bincomeng Prienu bm 201 0 Cininbar D6 B 10 Ockobus 13 pP icf on rra ies zzB805 06811086 oF im Wb Cugom Ulmer phos coms n 3051 eed es A0 ici T z ik DE its m Eng Phoen Ele scr nedober 06 20 17 Oclobe 13 phos nine m li cri er do a Tta P 2 m incomag FPnoenu Ui ets ayiti 2012 Oclober 13 nh nane Teo cam z 7885 n 14 H m W incomng Proonu Elites ic 00obor0e 2017 Odtobar 13 phagninE mew eam Kar ree Remote Monitoring amp Infection Solutions The FinFly USB provides an easy to use and reliable way of installing Remote Monitoring Solutions on computer systems when physical access is available
17. WWW GAMMAGROUP COM FINFISHER IT INTRUSION FINFISHER Remote Monit amp Infection Solutions FinIntrusion Kit FinSpy FinSpy Tactical IT Intrusion Portfolio FInUSB Suite FinSpy Mobile FinFireWire FinFly FinFly USB FinFly LAN FinFly Web FinFly ISP IT Intrusion Training Program Basic amp Advanced Intrusion Wireless Intrusion Practical Exploitation Web Application Penetration Custom IT Intrusion Training amp Consulting FINFISHER WWW _GAMMAGROUP COM IT INTRUSION Tactical IT Intrusion Portfolio FININTRUSION KIT FINUSB SUITE FINFIREWIRE Gamma addresses ongoing developments in the IT Intrusion field with solutions to enhance the capabilities of our clients Easy to use high end solutions and techniques complement the intelligence community s knowhow enabling it to address relevant Intrusion challenges on a tactical level FINFISHER WWW GAMMAGROUP COM IT INTRUSION FinIntrusion Kit was designed and developed by world class IT Intrusion specialists who have over 10 years of experience in their area through their work in several Tiger Teams Red Teams in the private and government sector assessing the security of different networks and organiza tions The FinIntrusion Kit is an up to date and covert operational Kit that can be used for most common IT Intrusion Operations in defensive and offensive areas Current customers include
18. and analyze gathered Data Configure Dongle Operational Options 10 FinUSB Dongle U3 16GB FinUSB Windows Password Bypass Covertly extracts data from system Bypass Windows Logon without permanent Encrypts Data on the fly system modifications Tactical IT Intrusion Portfolio FINUSB SUITE Easy Usability 1 Pick up a FinUSB Dongle Configure all desired Features Modules and update your FinUSB Dongle with FinUSB HQ 3 Go to your Target System 4 Plug in your FinUSB Dongle 5 Wait until all data is transferred T aS OY Go back to your FinUSB HQ 7 Import all Data from FinUSB Dongle iG 09 Generate Report Professional Reports FINUSB HQ FinUSB Suite Report Generic Generic Information Messenger Account Google Chrome Passwords Firefox Passworcs Network Passwords Protected Storage Internet Explorer Accounts Mozilla Firefox History Wireless Keys Mozilla Firetox Cookies Generic Information Technical Surveillance Units and Forensic Experts often face a situation where they need to access a running computer system without shutting it down in order to prevent data loss or save essential time during an operation In most cases the Target System is protected with a password enabled Screensaver or the target user is not logged in and the Login Screen is active FinFireWire enables the Operator to quickly and covertly bypass the password protected screen and access
19. d Microphone Country Tracing of Target Silent extracting of Files from Hard Disk Process based Key logger for faster analysis Live Remote Forensics on Target System Advanced Filters to record only important information Supports most common Operating Systems Windows Mac OSX and Linux WWW _GAMMAGROUP COM FINSPY QUICK INFORMATION Strategic Operations Tactical Operations Capabilities Remote Computer Monitoring Monitoring of Encrypted Communications Hardware Software Usage Example 1 Intelligence Agency FinSpy was installed on several computer systems inside Internet Cafes in critical areas in order to monitor them for suspicious activity especially Skype communication to foreign individuals Using the Webcam pictures of the Targets were taken while they were using the system Usage Example 2 Organized Crime FinSpy was covertly deployed on the Target Systems of several members of an Organized Crime Group Using the country tracing and remote microphone access es sential information could be gathered trom every meeting that was held by this group Headquarters Example Features Evidence Protection Valid Evidence according to European Standards User Management according to Security Clearances Security Data Encryption and Communication using RSA 2048 and AES 256 Hidden trom Public through Anonymizing Proxies Can be fully integrated with Law Enforcement Monitoring
20. e frame 291 KE Webcam C apture Settings Estimated sae for a urgi frame U EB 8 MSDN Microsoft Development MSDN Subscriptions gt kj a http mein mrrosoftcotu en un deti up 4e A MSDM Microsoft Development MSDN amp Full Intelligence on Target System Lara Lori ua naian B coch ani Feng piesi Werten DIE 1 Multiple Data Views 2 Structured Data Analysis 3 Importance Levels for all recorded Files Remote Monitoring amp Infection Solutions FINSPY LICENSES Outline The FinSpy solution contains 3 types of product licenses A Update License The Update License controls whether FinSpy is able to re trieve new updates from the Gamma Update server It is combined with the FinFisher After Sales Support mod ule After expiry the FinSpy system will still be fully func tional but no longer able to retrieve the newest versions and bug fixes from the FinSpy Update server B Agent License The Agent License controls how many FinSpy Agents can login to the FinSpy Master in parallel Example 5 Agent Licenses are purchased FinSpy Agent licenses can be installed on an unlim ited number of systems however Only 5 FinSpy Agent systems can login to the FinSpy Master and work with the data at the same time Screenshot active Target with License FINSPY C Target License The Target License controls how many FinSpy Targets can be active in parallel
21. echnical Surveillance Unit A Technical Surveillance Unit TSU was following a Target that frequently visited random Internet Caf s making monitoring with Trojan Horse like technology impossible The FinUSB was used to extract the data left on the public Terminals used by the Target after the Target left Several documents that the Target opened in his web mail could be recovered this way The gathered information included crucial Office files Browsing History through Cookie analysis and more Extraction of Usernames and Passwords for all common software like Email Clients Messengers Browsers Remote Administration Tools Silent Copying of Files Search Disks Recycle Bin Last opened edited created Extracting Network Information Chat Logs Browsing History WEP WPA 2 Keys Compilation of System Information Running Installed Software Hard Disk Information For a full feature list please refer to the Product Specifications WWW _GAMMAGROUP COM FINFISHER IT INTRLISION Tactical IT Intrusion Portfolio FINUSB SUITE Product Components FINUSB HQ ffa03808 FriSep 10 18 49 54 2010 Finfisher User FINFISHER ffa02640 Thu Oct 15 13 44 19 2009 iCafe WS83765 ffa03740 Tue Sep 29 19 03 242009 XPSP3 FINSPYTWO ffa01904 Mon Sep 28 16 24 18 2009 Shane Curiel HOMEOFFICE ffa02924 ThuSep 24 12 33 02 2009 user LH EEE FinUSB Suite Mobile Unit FinUSB HQ Graphical User Interface to decrypt
22. iances are based on carrier grade server technology providing the maximum reliability and scalability to meet almost every challenge related to network topologies A wide range of Network Interfaces all secured with bypass functions are available for the required active network connectivity Several passive and active methods of Target Identification from online monitoring via passive tapping to interactive communications between FinFly ISP and the AAA Servers ensure that the Targets are identified and their appropriate traffic is provided for the infection process FinFly ISP is able to infect Files that are downloaded by the Target on the fly or infect the Target by sending fake Software Updates for popular Software The new release now integrates Gamma s powerful remote infec tion application FinFly Web to infect Targets on the fly by just visiting any website Feature Overview Can be installed inside the Internet Service Provider Network Handles all common Protocols Selected Targets by IP address or Radius Logon Name Hides Remote Monitoring Solution in Downloads by Targets Injects Remote Monitoring Solution as Software Updates FINFLY ISP OUICK INFORMATION Strategic Operations Capabilities Deploys Remote Monitoring Solution on Target System through ISP Network Hardware Software Usage Example Intelligence Agency FinFly ISP was deployed in the main Internet Service Provider network
23. icious USB device For a full feature list please refer to the Product Specifications WWW _GAMMAGROUP COM FINFISHER IT INTRUSION Remote Monitoring amp Infection Solutions Product Components Grucel FinFly USBs SanDisk USB Dongle 16GB Deploys a Remote Monitoring Solution on Insertion into Target Systems Deploys Remote Monitoring Solution during Boot Process Theinformationcontainedhereinisconfidential and subject to change without notice Gamma Group International shall not be liable for technical or editorial errors or omissions contained herein FINFLY USB Full FinSpy Integration Automatic generation and activation through FinSpy Agent N GAMMAGROUP GAMMA INTERNATIONAL United Kingdom Tel 44 1264 332 411 Fax 44 1264 332 422 info gammagroup com Remote Monitoring amp Infection Solutions Some of the major challenges Law Enforcement agencies are facing are mobile Targets where no physical access to a computer system can be achieved as well as Targets who do not open any infected Files that have been sent via email to their accounts In particular security aware Targets are almost impossible to infect as they keep their systems up to date and no exploits or Basic Intrusion techniques will lead to success FinFly LAN was developed to deploy a Remote Monitoring Solution covertly on Target Systems in Local Area Networks Wired and Wireless 802 11 It
24. ifelineSupport The FinLifelinesupport provides professional back office support for trouble resolution and technical queries It also provides back office support remotely for FinFisher V SW bug fixes and Hardware replacements under warranty Fur thermore with FinLifelineSupport the client automatically receives new features and functionalities with the standard release of bug fixes Bug Fixes FinSupport is a product driven support organization where by a highly skilled after sales support manager receives re lated queries by email or telephone The after sales support manager is based in Germany and his hours of operation are 09 00 17 00 Central European Time CET With the FinLifelineSupport support is available from 09 00 17 00 CET If a request for support is logged outside of standard office hours it will be addressed immediately on the next working day When the customer reports an incident we log an Incident Report IR and document the priority of the incident With in a specified period corrective actions will follow based on the assigned priority The FinFisher team then has the responsibility of coordinating the investigation and resolu tion of the IR as well as communicating the status and new information to the IR originator For high priority issues we ensure that the system continues to work smoothly by quickly delivering workaround solu tions and tested bug fixes When the FinFisher team deliv ers a
25. ifications WWW _GAMMAGROUP COM FINFISHER IT INTRUSION Remote Monitoring amp Infection Solutions FINFLY LAN Product Components FinFly LAN FinIntrusion Kit Integration Optional Linux based Software with simple User Interface FinFly LAN will be loaded as a module into the FinIntrusion Kit Infection through Local Area Networks Router Gateway Target for Infection FinFly LAN Remote Monitoring amp Infection Solutions FINFLY LAN Automated User Interface Simple to use without extensive training Systems Infected Target identifier Payload InfectionMethod Infected at test trojan l exe 20 30 12 27 08 2010 test trojan 2 exe 16 12 37 23 08 2010 Multiple Target and Payload Support Different Executables can be added for each Target Infection Techniques I Binary Infection exe scr Operation mode Do not Infect Www microsoft com B enter a website s address eg www microsoft com Remote Monitoring amp Infection Solutions One of the major challenges in using a Remote Monitoring Solution is to install it onto the Target System especially when only a little information like an Email address is available and no physical access can be achieved FinFly Web is designed to provide remote and covert infection of a Target System by using a wide range of web based attacks FinFly Web provides a point and click interface enabling the Agent to easily create a custom
26. ilities Capabilities Content Training Consultancy Program Full IT Intrusion Training and Consulting Program Structured build up and Training of IT Intrusion Team Full Assessment of Team Members Practical Training Sessions focus on Real Life Operations In Country Operational Consulting For a full feature list please refer to the Product Specifications FINFISHER IT INTRUSION WWW _GAMMAGROUP COM N GAMMAGROUP GAMMA INTERNATIONAL United Kingdom Tel 44 1264 332 411 Fax 44 1264 332 422 infoBgammagroup com
27. infection code according to selected modules Target Systems visiting a prepared website with the imple mented infection code will be covertly infected with the configured software Usage Example 1 Technical Surveillance Unit After profiling a Target the unit created a website of interest for the Target and sent him the link through a discussion board Upon opening the Link to the unit s website a Remote Monitoring Solution was installed on the Target System and the Target was monitored from within Headquarters Feature Overview Fully Customizable Web Modules Can be covertly installed into every Website FINFLY WEB QUICK INFORMATION Strategic Operations Capabilities Deploys Remote Monitoring Solution on Target System through Websites Usage Example 2 Intelligence Agency The customer deployed FinFly ISP within the main Internet Service Provider of their country It was combined with FinFly Web to remotely infect Targets that visited government offensive websites by covertly injecting the FinFly Web code into the targeted websites Full integration with FinFly LAN and FinFly ISP to deploy even inside popular Websites like Webmail Video Portals and more Installs Remote Monitoring Solution even if only email address is known Possibility to target every person visiting configured Websites For a full feature list please refer to the Product Specifications WWW _GAMMAGROUP COM FINFISHER
28. munication to the FinSpy working Target can be established 2 major issue with no workaround An Antivirus update detects an already installed RMS which requires an immediate update in order to stay operational within the infected system 3 major issue with workaround FinSpy Target functionality doesn t operate properly but can be fixed with a workaround solution 4 minor issue with little impact on system Wrong icon shown for a downloaded file Response Times In 90 percent of all incidents we will keep our response times as depicted in the table below Working day s as defined in the German calendar and thus excludes holidays observed in Germany There are three phases in our response times Initial Response Corrective Action Feedback Problem Resolution or Priority De Escalation The time for the Initial Response is from the moment we log an incident to the actual confirmation response sent to the customer acknowledging receipt of the incident The Initial Response may also ask for more detailed infor mation or in less complex cases may immediately solve the problem Remote Monitoring amp Infection Solutions FINSUPPORT Boeponed times ihi bR ponee Corrective PROBLEM Resolution P P Action Feedback PRIORITY De Escalation Prio 1 critical issue Same working day 1 working day s 2 working day s Please note Depending on the problem and research required it
29. nFly ISP RADIUS Probe RADIUS FinFly ISP Mgmt Server FinFly ISP Mgmt Workstation Tactical Deployment Access Distribution Switch z Access Subscriber e e a lt gt x o 7 i ui te Target for Infection RADIUS Remote Monitoring amp Infection Solutions Product Components FinFly ISP Strategic A strategic deployment of FinFly ISP consists at least of the following Management System at the LEMF Target Identification Probe Server s at the AAA System of the network Infection Proxy Server s at for example the Internet Gateway s FinFly ISP Servers Workstation HP ProLiant DL Series G7 Business WS FinFly ISP HP Z Series FinFly ISP Tactical A tactical FinFly ISP System consists of the following Target Identification amp Infection Proxy Server Portable Management System Notebook FinFly ISP Tactical Portable Mgmt Atlas A9 17 Portable ul The technical data specifications are subject to change without notice FinFly ISP Tactical Lenovo Thinkpad T Series Theinformationcontainedhereinisconfidential and subject to change without notice Gamma Group International shall not be liable for technical or editorial errors or omissions contained herein Throughput Max no of NICs Interfaces Processors Core RAM HDD Capacity Features Operating System Throughput Max no of NICs Interfaces
30. nd Wireless and extracts Usernames and Passwords even for TLS SSL encrypted sessions Emulates Rogue Wireless Access Point 802 11 Remotely breaks into Email Accounts using Network System and Password based Intrusion Techniques Network Security Assessment and Validation For a full feature list please refer to the Product Specifications FINFISHER WWW _GAMMAGROUP COM IT INTRUSION Tactical IT Intrusion Portfolio FININTRUSION KIT Product Components FTOC Wetwork Wireless Password Welcome to the FinTrack Operation Center Select a Category to continue WM Network Record Passwords in Local Area Network LAN 5 Montor Wireless Networks and Clients Techniques FinIntrusion Kit Covert Tactical Unit FinTrack Operation Center Basic IT Intrusion Components Graphical User Interface for Automated IT Intrusion High Power WLAN Adapter Attacks High Power Bluetooth Adapter 802 11 Antennas Many Common IT Intrusion Devices Automated LAN WLAN Monitoring FTOC Network Wireless Passwort Configuration Active Systems Monitor Interface etha Loon apr Ain Boo IP Address E License Netmask Heip E Ondine Help Gateway 2 168 39 65 Broadcast Nameserver 20B 67 222 222 208 67 220 220 156 154 70 1 156 154 71 1 MAC Address DOZ6BSODREAC Status Welcome tg Findnitrusion Kit 0 9 LAN WLAN Active Password Sniffer Captures even SSL encrypted data like Webmail Video Portals
31. ral Targets to monitor all communications including SMS MMS Email and BlackBerry Messenger Usage Example 2 Organized Crime FinSpy Mobile was covertly deployed on the mobile phones of several members of an Organized Crime Group OCG Using the GPS tracking data and silent calls essential information could be gathered from every meeting that was held by this group Headquarters Example Features Evidence Protection Valid Evidence according to European Standards User Management according to Security Clearances Security Data Encryption and Communications using RSA 2048 and AES 256 Hidden trom Public through Anonymizing Proxies Can be fully integrated with Law Enforcement Monitoring Functionality For a full feature list please refer to the Product Specifications FINFISHER IT INTRLISION Product Components FinSpy Master and Proxy Full Control of Target Systems Remote Monitoring amp Infection Solutions FINSPY MOBILE wid Dumase nte 51 nmh U PP a RT e uu a ea K Ne Jene o nn 4 as me igma um rd 0 Sie F a amp n a 0 BL Pe 1 FinSpy Agent Graphical User Interface for Live Sessions Configuration and Data Analysis of Targets Evidence Protection for Data and Activity Logs Secure Storage Security Clearance based User and Target Management Remote Monitoring amp Infection Solutions FINSPY MOBILE Access
32. request Within one working day customer receives the ticket num ber to confirm receipt and tracks the IR and also the initial analysis results FinLifelineSupport supports collecting error symptoms upon request FinLitelineSupport helps with temporary workaround solution FinLifelineSupport provides correction proposal on IR with planned corrective measures amp response time after incident analysis FinLifelineSupport provides issue of hard or software modifi cation if reported incident requires correction Customer implements delivered hardware software modification Customer confirms successful correction FinLitelineSupport helps with implementing hardware i soft ware modification i Hardware charged separately if not under warranty Remote Monitoring amp Infection Solutions Definitions of query and fault priority FINSUPPORT FinLifelineSupport processes the incoming queries and problem reports according to their urgency Two factors rate the urgency of an incident and both are included in each IR Priority based solely on the technical scope of the error Customer Severity is a more objective factor and based on the resultant customer impact The following Priority table provides an overview of the corresponding technical scope Priority Definition Example 1 critical issue crucial aspect of system not The Proxy is down and no com
33. s of the country and was actively used to remotely deploy aRemote Monitoring Solution on Target Systems As the Targets have Dynamic IP DSL Accounts they are identi fied with their Radius Logon Name Remotely installs Remote Monitoring Solution through Websites visited by the Target For a full feature list please refer to the Product Specifications WWW _GAMMAGROUP COM FINFISHER IT INTRUSION Remote Monitoring amp Infection Solutions FINFLY ISP Different Location Possibilities FinFly ISP can be used as a tactical or strategic solution within ISP networks ISP Network Te u nn nn A tactical solution is mobile and the hardware is dedicated A strategic solution would be a permanent ISP countrywide to the infection tasks inside the access network close to the installation of FinFly ISP to select and infect any target from targets access points It can be deployed on a short term the remote headquarters without the need for the LEA to basis to meet tactical requirements focused on either a spe be on location cific target or a small number of targets in an area Of course it is possible to combine tactical and strategic solutions to reach a maximum of flexibility for the infection operations Remote Monitoring amp Infection Solutions FINFLY ISP Network Setup Strategic Deployment E Subscriber n po ems if E FinFly ISP N infection Proxy Target for Server infection Fi
34. the Target System without leaving a trace or harming essential forensic evidence Usage Example 1 Forensic Operation A Forensic Unit entered the apartment of a Target and tried to access the computer system The computer was switched on but the screen was locked As they were not allowed for legal reasons to use a Remote Monitoring Solution they would havelostall data by switch ing off the system as the hard disk was fully encrypted FinFireWire was used to unlock the running Target System enabling the Agent to copy all files before switching the computer off and taking it back to Head quarters Feature Overview Unlocks User Logon for every User Account Unlocks Password Protected Screensaver Full Access to all Network Shares of User Dumps full RAM for Forensic analysis Enables live forensics without rebooting the Target System User password is not changed Supports Windows Mac and Linux systems Works with FireWire 1394 PCMCIA and Express Card For a full feature list please refer to the Product Specifications WWW _GAMMAGROUP COM Tactical IT Intrusion Portfolio FINFIREWIRE QUICK INFORMATION Tactical Operations Capabilities Bypass User Password Covertly Access System Recover Passwords from RAM Enable Live Forensics Hardware Software Usage Example 2 Password Recovery Combining the product with traditional Forensic applications like Encase Forensic units used the RAM d
35. ump functionality to make a snapshot of the current RAM information and recovered the Hard Disk encryption passphrase for TrueCrypt full disk encryp tion FINFISHER IT INTRLISION Product Components FinFireWire Tactical Unit Complete Tactical System Connection Adapter Cards PCMCIA and ExpressCard Adapter for Target Systems without FireWire port Usage 1 Go to your Target System za 2 Start FinFireWire a 3 Plug in FireWire Adapter amp Cable Theinformationcontainedhereinisconfidential and subject to change without notice Gamma Group International shall not be liable for technical or editorial errors or omissions contained herein Tactical IT Intrusion Portfolio FINFIREWIRE Point and Click User Interface Easy to use User Interface E m Universal FinWire CableSet 4 pin to 4 pin 4 pin to 6 pin 6 pin to 6 pin 2 A a 4 Select a Target 5 Wait until System is unlocked N GAMMA INTERNATIONAL GAMMAGROUFP United Kingdom Tel 44 1264 332 411 Fax 44 1264 332 422 infoBgammagroup com Remote Monitoring amp Infection Solutions FINSPY FINSPY MOBILE FINFLY USB FINFLY LAN FINFLY WEB FINFLY ISP The Remote Monitoring and Infection Solutions are used to access target systems to give full access to stored information with the ability to take control of target system s functions to the point of capturing encrypted data and communications
Download Pdf Manuals
Related Search