FinFisher/Produkte
Inhaltsverzeichnis
FinFisher-Produkte
Produkte der FinFisher/Gamma GmbH per Eigenbeschreibung.
"FinSpy"
Description: "FinSpy is a professional Remote Monitoring Software that can be used by Law Enforcement or Intelligence Agencies to monitor the computer systems of targeted persons."
GenericInfo: "
<img width=\"160\" vspace=\"10\" hspace=\"10\" align=\"right\" height=\"250\" alt=\"\" src=\"/GGI/UserFiles/Image/FinFisher_Box_FinSpy.jpg\" />
\r\n
\r\n
FinSpy is a field-proven Remote Monitoring Solution that enables Governments to face nowadays challenges of monitoring Mobile and Security-Aware Targets that regularly change location, use encrypted and anonymous communication channels and reside in foreign countries. Traditional Lawful Interception solutions face new challenges that can only be solved using active systems like FinSpy:
\r\n\r\n
\r\n
Usage Example 1: Intelligence Agency
\r\n
Usage Example 2: Organized Crime
\r\n
- \r\n
- Data not transmitted over any network \r\n
- Encrypted Communication \r\n
- Targets in foreign countries \r\n
FinSpy has been proven successful in operations around the world since many years and valuable intelligence has been acquired about Target Individuals and Organizations.
When FinSpy is installed on a computer system or mobile phone it can be remotely controlled and accessed as soon as it is connected to the internet/network, no matter where in the world the Target System is based.
\r\nWhen FinSpy is installed on a computer system or mobile phone it can be remotely controlled and accessed as soon as it is connected to the internet/network, no matter where in the world the Target System is based.
Usage Example 1: Intelligence Agency
\r\n
FinSpy was installed on several computer systems inside Internet Café’s in critical areas in order to monitor them for suspicious activity, especially Skype communication to foreign individuals. Using the Webcam, pictures of the Targets were done while they were using the system.
\r\nUsage Example 2: Organized Crime
\r\n
FinSpy was covertly deployed on the mobile phones of several members of an Organized Crime Group. Using the GPS tracking data and silent calls, essential information could be gathered from every meeting that was done by this group.
\r\n"
Roadmap
"Please note that this roadmap is subject to change without further notifications.
\r\n
| Release Date: Q2 2014 | |
| Version: 4.60 | |
| Component | Feature/Enhancement |
| Target PC -Windows | Enhancement Skype Module - Live Streaming |
| Target PC - Windows | Enhancement Microphone Module - Activate the disabled microphone |
| Target PC -Windows | Data Collection Module: Removable Media |
| Target PC -Linux | Enhancement Screen Module: ABE Support |
| Target PC -Linux | Data Collection Module - Microphone |
| Target PC - Mac OS X | Data Collection Module - Microphone |
| Target PC - Mac OS X | Enhancement Screen Module - ABE Support |
| Target PC - Mac OS X | Root Kit Enhancement - Binary encryption for Trojan Components |
| Target PC - Mac OS X | Root Kit Enhancement - Hide Network Connections |
| Agent | Enhance Data Analysis - Search through comments or importance level |
| Master/Proxy/Relay | Route all online requests through the Relays Chain |
| Relay | Automatic update for Relay |
| Enhancement | Implement the capability to search for keywords in comments or search for importance level values |
| Release Date: Q4 2014 | |
| Version: 4.70 | |
| Component | Feature/Enhancement |
| Target PC -Windows | Data Collection Module - Passwords and Secret Keys |
| Target PC -Windows | Data Collection Module: Clipboard |
| Target PC -Linux | Data Collection Module: Mouse Clicks |
| Target PC -Linux | Data Collection Module: Removable Media |
| Target PC - Mac OS X | Data Collection Module: Mouse Clicks |
| Target PC - Mac OS X | Data Collection Module: Removable Media |
| New Feature | Record the PGP Secret keys, S/MIME Secret Key, SSH Secret Keys and passwords which protect them |
| Release Date: Unscheduled | |
| Version: - | |
| Feature | Description |
| Master | Create a new user right - Remove Archived Tagets |
| Target PC -Windows | Enhance the Mouse Clicks with ABE (Aplpication Based Events) |
| Target PC -Windows | Enhance the Deleted/Changed/Accessed Files Module with ABE (Application Based Events) |
| Target PC -Windows | Enhance the Scheduler Module with Application Based Events |
| Target PC -Windows | Enhance the Scheduler Module to schedule tasks for Forensics Module |
| Target PC - Windows | Screenshot recording based on Mouse Click Event |
| Target PC - Windows | Data Collection Module: iOS Infection through iTunes |
| Target PC - Mac OS X | Enhance the WebCam Module with ABE (Application Based Events) |
| Target PC - Linux | Enhance the WebCam Module with ABE (Application Based Events) |
| Agent/Master/Target | enhance Alert options with: Alert when target changes countries |
| Agent/Master/Target | enhance Alert options with: Alert when target types a predefined keyword(s) |
| Agent | Define Templates - predefined Target configurations |
\r\n
"
"FinFly LAN"
Description: "FinFly is a set of products that are used for easy local network and remote infection of target systems. The main features include on the-fly infection of Executable and Screensaver downloads, triggering of Software Updates for well-known software"
GenericInfo: "<img width=\"160\" vspace=\"10\" hspace=\"10\" align=\"right\" height=\"250\" alt=\"\" src=\"/GGI/UserFiles/Image/FinFisher_Box_FlyLite.jpg\" />
\r\n
One of the major challenges for Law Enforcement are mobile Targets where no physical access to the computer system can be achieved and who do not open any infected Files which have been sent via E-Mail to their accounts.
\r\n
\r\n
Especially security-aware Targets are almost impossible to infect as they keep their systems up-to-date and no exploits or other Basic Intrusion techniques will lead to success.
\r\nFinFly LAN was developed to deploy the Remote Monitoring Solution covertly on target systems in Local Area Networks (Wired and Wireless/802.11). It is able to infect Files that are downloaded by the Target on-the-fly or infect the Target by sending fake Software Updates for popular Software.
\r\n
Usage Example 1: Technical Surveillance Unit
A Technical Surveillance Unit was following a Target for weeks without getting the possibility to physical access the target computer. They used FinFly LAN to install the Remote Monitoring Solution on the target computer when he was using a public Hotspot at a coffee shop.
Usage Example 2: Anti-Corruption
FinFly LAN was used to remotely install the Remote Monitoring Solution on the computer of a Target while he was using it inside his hotel room at night. The Agents were in another room connected to the same network and manipulated the Websites the Target was visiting to trigger the installation.
"
Roadmap
"Please note that this roadmap is subject to change without further notifications.
\r\n
| Release Date: Q2 2014 | |
| Version: 4.0 | |
| Feature | Description |
| GUI | Enhanced payload compatibility check |
| Infection proxy | Enhanced compatibility to FinFlyWeb infection methods |
| Infection proxy | New loader used for download infections. Avoids antivirus warnings. |
| GUI + infection proxy | Update emulators for latest versions of supported programms (update infection) |
| Infection proxy | Resolved sporadic crashes occured during downloading of exe files |
| Release Date: Q4 2014 | |
| Version: 4.1 | |
| Feature | Description |
| GUI | Display detailed informations about the traffic generated by targets |
| Infection proxy | Enhanced compatibility to FinFlyWeb infection methods |
| GUI + infection proxy | Update emulators for latest versions of supported programms (update infection) |
| Release Date: Unscheduled | |
| Version: - | |
| Feature | Description |
| GUI + infection proxy | add a new 'replace' feature to the ffweb - fflan protocol |
| GUI + infection proxy | add a 'redirect' feature to the infection engine |
\r\n
"
"FinUSB Suite"
Description: "The FinUSB Suite is designed to help Law Enforcement and Intelligence Agencies to easily extract important information from a target system with little or no user intervention. The following describes the various components and their \r\nfunctions, features and limitations"
GenericInfo: "
<img width=\"160\" vspace=\"10\" hspace=\"10\" align=\"right\" height=\"250\" src=\"/GGI/UserFiles/Image/FinFisher_Box_UsbSuit.jpg\" alt=\"\" />
\r\n
\r\n
The FinUSB Suite is a flexible product that enables Law Enforcement and Intelligence Agencies to quickly and securely extract forensic information from computer systems without the requirement of IT-trained Agents.
It has been used in successful operations around the world where valuable intelligence has been acquired about Targets in covert- and overt operations.
\r\nIt has been used in successful operations around the world where valuable intelligence has been acquired about Targets in covert- and overt operations.
\r\n
\r\n
Usage Example 1: Covert Operation
\r\n
\r\n
A source in an Organised Crime Group (OCG) was given a FinUSB Dongle that secretly extracted Account Credentials of Web- and E-Mail accounts and Microsoft Office documents from the Target Systems while the OCG used the USB device to exchange regular files like Music, Video and Office Documents.
\r\n
After returning the USB device to the Head-Quarter the gathered data could be decrypted and analyzed and used to constantly monitor the group remotely.
\r\n
\r\n
A Technical Surveillance Unit (TSU) was following a Target that was frequently visiting random Internet Café’s which made a monitoring with Trojan-Horse-like technology impossible. The FinUSB was used to extract the data left on the public Terminals used by the Target after he left it.
Several documents that the Target opened in his web-mail could be recovered this way. The gathered information included crucial Office files, Browsing History through Cookie analysis and more.
Usage Example 2: Technical Surveillance Unit
\r\nA Technical Surveillance Unit (TSU) was following a Target that was frequently visiting random Internet Café’s which made a monitoring with Trojan-Horse-like technology impossible. The FinUSB was used to extract the data left on the public Terminals used by the Target after he left it.
Several documents that the Target opened in his web-mail could be recovered this way. The gathered information included crucial Office files, Browsing History through Cookie analysis and more.
"
Roadmap
"Please note that this roadmap is subject to change without further notifications.
\r\n
| Release Date: Q2 2014 | |
| Version: 3.7 | |
| Feature | Description |
| Custom Forensics Tool Support | Offer the capability to import in Headquater an executable which can be configured to run and collect information from target system |
| Gather Information about installed hardware | Compile a list of all existing hardware |
| Extract installed Sofware information | Compile a list of all existing software |
| Obtain the System Services List | Compile a list of all installed services and the states: Running/Stopped, Manual/Automatic |
| RAM Dump | Dump the physical memory into a file |
| Advanced Antivirus Bypass Implementation | Improve the Antivirus Bypassing on the target systems |
\r\n
"
"FinTraining"
Description: "Security awareness is essential for any government to maintain IT security and successfully prevent threats against IT infrastructures which may result in a loss of confidentiality, data integrity and availability"
GenericInfo: "
<img width=\"160\" vspace=\"10\" hspace=\"10\" align=\"right\" height=\"250\" alt=\"\" src=\"/GGI/UserFiles/Image/FinFisher_Box_Training.jpg\" />
\r\n
\r\n
\r\n
Security awareness is essential for any government to maintain IT security and successfully prevent threats against IT infrastructures which may result in a loss of confidentiality, data integrity and availability.
On the other side, topics like CyberWar, Active Interception and Intelligence Gathering through IT Intrusion become more important on a daily basis and require Governments to build IT Intrusion teams to face these new challenges.
\r\nOn the other side, topics like CyberWar, Active Interception and Intelligence Gathering through IT Intrusion become more important on a daily basis and require Governments to build IT Intrusion teams to face these new challenges.
\r\n
The FinTraining courses are held by world-class IT Intrusion experts and are done in fully practical scenarios that are focused on real-life operations as required by the end-user to solve their daily challenges.
FinAdvisory combines the single trainings into a professional training and consulting program that builds up or enhances the capabilities of an IT Intrusion team. The Trainings are fully customized according to the end-users operational challenges and requirements. In order to ensure full usability of the transferred know-how, operational in-country support is provided during the program.
\r\nFinAdvisory combines the single trainings into a professional training and consulting program that builds up or enhances the capabilities of an IT Intrusion team. The Trainings are fully customized according to the end-users operational challenges and requirements. In order to ensure full usability of the transferred know-how, operational in-country support is provided during the program.
"
Roadmap
"The Roadmap is currently in progress and will be published soon."
"FinIntrusion Kit"
Description: "The FinIntrusion Kit consists of a wide-range of hard- and software to aid law enforcement and intelligence agencies in gaining access to information in several scenarios utilizing various IT intrusion techniques."
GenericInfo: "
<img width=\"160\" vspace=\"10\" hspace=\"10\" align=\"right\" height=\"250\" src=\"/GGI/UserFiles/Image/FinFisher_Box_IntusionKit.jpg\" alt=\"\" />
\r\n
\r\n
FinIntrusion Kit was designed and developed by world-class IT Intrusion specialists that have over 10 years experience in their area through their work in several Tiger Teams (Red Teams) in the private and government sector assessing the security of different networks and organizations.
\r\n\r\n
\r\nThe FinIntrusion Kit is the result of creating an up-to-date and covert operational Kit that can be used for most common IT Intrusion Operations in defensive and offensive areas. Current customers include Military CyberWar Departments, Intelligence Agencies, Police Intelligence and other Law Enforcement Agencies.
Usage Example 1: Technical Surveillance Unit
The FinIntrusion Kit was used to break the WPA encryption of a Targets home Wireless network and then monitor his Webmail (Gmail, Yahoo, …) and Social Networks (Facebook, MySpace, …) credentials which enabled the investigators to remotely monitor these accounts from the Head-Quarters without the necessity of being close to the Target.
Usage Example 2: IT Security
Several customers used the FinIntrusion Kit to successfully compromise the security of networks and computer systems for offensive and defensive purposes using various Tools and Techniques.
Usage Example 3: Strategic Use-Cases
The FinIntrusion Kit is widely used to remotely gain access to Target E-Mail Accounts and Target Web-Servers (e.g. Blogs, Discussion Boards) and monitor their activities including Access-Logs and more."
Roadmap
"Please note that this roadmap is subject to change without further notifications.
\r\n
| Release Date: Q1 2014 | |
| Version: 5.0 | |
| Feature | Description |
| Wireless - Cracking - WPS | Detect and Crack WPS encrypted wireless network |
| Wireless Scanner - permanent scan | Implement a passive Wireless Realtime Scanner |
| Network Configuration - Static IP Configuration | modify static IP configuration settings |
| Wireless Configuration | Config Adapter to join an encrypted network after an Encryption was successfully broken... |
| Network Sniffer - HTTP Content ( Update ) | extract POST parameter, open URL in browser function, cookie extractor |
| Network Scanner - Stealth / Passive Mode | find new targets based on broadcasts / packages without any active attacks / requests |
| Network + Wireless Scanner - Timestamp | List first/last seen time stamp for each target |
| Network - Improved Target Identification | browser detection, passive OS fingerprinting, DNS queries, Reverse DNS resolution (e.g. use internal DNS server) |
| Wireless - Cracking - Rainbowtable Support | generate Rainbowtable, use Rainbowtable for Cracking |
| Wireless - Capture / Export | capture all Wireless Traffic + 4 Way-Handshake --> decrypt traffic and save content in an unencrypted PCAP file? |
| Forensic - Memdump Module | extract images, strings, document files and true crypt hashes from memory dump file |
| Forensic - Netdump Module | extract dns queries, http requests, wlan information (beacon, probe request/response) etc. from pcap file |
| <more features will be scheduled based on customer requests> | |
| Release Date: Q3 2014 | |
| Version: 6.0 | |
| Feature | Description |
| Password Generator | Generate and Modify Password Lists based on Templates or customized char sets |
| Password - Web Crawler | Implement a new Web Crawler |
| Email - Identify Mail Server (SMTP/POP3/IMAP) | Implement new feature in the GUI |
| Network Configuration - Vlan Tagging | implement Vlan - Tagging to spoof dedicated VLAN Ids |
| Network Sniffer - DNS Spoofing | implement possibility of dnsspoofing |
| Network Sniffer - new Options | for HTTP search queries, DNS requests, Content like: Image/Documents/Search Queries |
| Wireless - Cracking - Improve WEP Cracking | support all WEP cracking methods |
| Wireless - Fake AP - Improvement | support MAC Spoofing + modify DHCP server settings |
| <more features will be scheduled based on customer requests> | |
| Release Date: Unscheduled | |
| Version: - | |
| Feature | Description |
| Advanced SSL - MitM Attacks | check BEAST, RC4, Crime and Renegotiation attacks ... |
| Chat Sniffer / Viewer | sniff and recover IRC chats and show the conversation in the GUI |
| VOIP Sniffer / Recorder / Eavesdropping | sniff + crack SIP auth. and play recorded VOIP conversation |
| Password Brute Forcing | against different services like POP3/IMAP, FTP, HTTP |
| TCP Flow / Reassemly | reconstruct a recorded TCP session and extract content |
| Network Attack - ICMP Spoofing | Implement ICMP Redirect Attack |
| Network Attack - DHCP Spoofing | Target Hijacking with rouge DHCP server |
| Web App Hacking - SQL Injection | sql injection check against target web server |
| Network Scanner - OS Detection | detect target OS based on broadcasts |
| Network Sniffer - Detection | identify systems in the network who runs a network sniffer |
| Network Sniffer - internal Network | start Network sniffer between two target systems in a (W)Lan |
| Evidence Protection | implement Evidence Protection for signed Logging and Data Export |
| Target Exploitation | automatic target exploitation |
\r\n
"
"FinFly ISP"
Description: "FinFly ISP is a strategic, countrywide as well as a tactical (mobile) solution that can be integrated into an ISP’s Access and/or Core Network to remotely install the Remote Monitoring Solution on selected Target Systems."
GenericInfo: "
<img width=\"160\" vspace=\"10\" hspace=\"10\" align=\"right\" height=\"250\" src=\"/GGI/UserFiles/Image/FinFisher_Box_FlyISP.jpg\" alt=\"\" />
\r\n
\r\n
In many real-life operations, physical access to in-country Target Systems cannot be achieved and a covert remote installation of a Remote Monitoring Solution is required to be able to monitor the Target from within the Head-Quarter.
FinFly ISP is a strategic, countrywide as well as a tactical (mobile) solution that can be integrated into an ISP’s Access and/or Core Network to remotely install the Remote Monitoring Solution on selected Target Systems. FinFly ISP makes data available for LEAs which never will be accessible by using the classic telecommunications surveillance / monitoring methods e.g. because of encryption used prior to entering the Internet or because data will never be sent via the Internet at all (e.g. address books, specific documents, time schedules etc.).
FinFly ISP appliances are based on carrier grade server technology providing a maximum of reliability and scalability to meet almost every challenge related to networks’ topologies. A wide range of Network Interfaces – all secured with bypass functions – are available for the required active network connectivity.
Several passive and active methods of Target identification – from inline monitoring via passive tapping to interactive communication between FinFly ISP and the AAA-Servers – ensure that the Targets are identified and their appropriate traffic will be provided for the infection process.
FinFly ISP is able to infect Files that are downloaded by the Target on-the-fly or infect the Target by sending fake Software Updates for popular Software.
Usage Example: Intelligence Agency
FinFly ISP was deployed in the main Internet Service Providers networks of the country and is actively used to remotely deploy a Remote Monitoring Solution on Target Systems. As the Targets have Dynamic-IP DSL Accounts, they are identified with their Radius Logon Name.
\r\nFinFly ISP is a strategic, countrywide as well as a tactical (mobile) solution that can be integrated into an ISP’s Access and/or Core Network to remotely install the Remote Monitoring Solution on selected Target Systems. FinFly ISP makes data available for LEAs which never will be accessible by using the classic telecommunications surveillance / monitoring methods e.g. because of encryption used prior to entering the Internet or because data will never be sent via the Internet at all (e.g. address books, specific documents, time schedules etc.).
FinFly ISP appliances are based on carrier grade server technology providing a maximum of reliability and scalability to meet almost every challenge related to networks’ topologies. A wide range of Network Interfaces – all secured with bypass functions – are available for the required active network connectivity.
Several passive and active methods of Target identification – from inline monitoring via passive tapping to interactive communication between FinFly ISP and the AAA-Servers – ensure that the Targets are identified and their appropriate traffic will be provided for the infection process.
FinFly ISP is able to infect Files that are downloaded by the Target on-the-fly or infect the Target by sending fake Software Updates for popular Software.
Usage Example: Intelligence Agency
FinFly ISP was deployed in the main Internet Service Providers networks of the country and is actively used to remotely deploy a Remote Monitoring Solution on Target Systems. As the Targets have Dynamic-IP DSL Accounts, they are identified with their Radius Logon Name.
"
Roadmap
"Please note that this roadmap is subject to change without further notifications.
\r\n
| Release Date: Q2 2014 | |
| Version: 4.5 | |
| Feature | Description |
| Enhanced payload compatibility check | |
| Enhanced compatibility to FinFlyWeb infection methods | |
| Update emulators for latest versions of supported programms (update infection) | |
| No. of active connections for each Target | Non-Real-Time display of the No. of active connections for each FFISP Target ("N" seconds update interval). |
| Data Transfer for each Target | Non-Real-Time display of transferred amount of data for each FFISP Target ("M" seconds update interval). |
| De-Activate/Re-Activate Buttons | User can De-Activate/Re-Activate single target entries without deleting the tgt and its payload(s) and settings. |
| Release Date: Q4 2014 | |
| Version: 5.0 | |
| Feature | Description |
| Enhanced compatibility to FinFlyWeb infection methods | |
| Update emulators for latest versions of supported programms (update infection) | |
| Infection Filters | Web Infection Filter for User Agent |
| Download replacement. Fully replace downloads on-the-fly | |
\r\n"
"FinFireWire"
Description: "FinFireWire enables the Operator to quickly and covertly bypass the password-protected screens and access the Target System without leaving a trace or harming essential forensic evidence.\r\n"
GenericInfo: "
<img width=\"160\" vspace=\"10\" hspace=\"10\" align=\"right\" height=\"250\" src=\"/GGI/UserFiles/Image/FinFisher_Box_FireWire.jpg\" alt=\"\" />
\r\n
\r\n
Technical Surveillance Units and Forensic Experts often face a situation where they need to access a running computer system without shutting it down in order to prevent data loss or save essential time during an operation. In most cases, the Target System is protected with a password-enabled Screensaver or the target user is not logged in and the Login Screen is active.
\r\n\r\n
FinFireWire enables the Operator to quickly and covertly bypass the password-protected screens and access the Target System without leaving a trace or harming essential forensic evidence.
Usage Example 1: Forensic Operation
A Forensic Unit entered the apartment of a Target and tried to access the computer system. The computer was switched on but the screen was locked. As they were not allowed due to legal reasons to use a Remote Monitoring Solution they would have lost all data by switching off the system as the hard-disk was fully encrypted. FinFireWire was used to unlock the running Target System and enable the Agent to copy all files before switching it off and taking it back to the Head-Quarter.
Usage Example 2: Remote Monitoring Installation
Several customers use the product to covertly access Target Systems when physical access can be achieved and install a Remote Monitoring Solution like FinSpy to be able to remotely monitor all activities of the Target.
"
Roadmap
"Please note that this roadmap is subject to change without further notifications.
\r\n
| Release Date: Q2 2014 | |
| Version: 4.50 | |
| Feature | Description |
| target database update | Update existing database for current OS versions (Windows, MacOSX, Linux) |
\r\n
"
"FinFly Web"
Description: "FinFly Web is designed to provide remote and covert infection of a Target System by using a wide range of web-based attacks. FinFly Web provides a point-and-click interface enabling the Agent to easily create a custom infection code according to selected modules. Target Systems visiting a prepared website with the implemented infection code will be covertly infected with the configured software. "
GenericInfo: "
<img width=\"160\" vspace=\"10\" hspace=\"10\" align=\"right\" height=\"250\" src=\"/GGI/UserFiles/Image/FinFisher_Box_FlyWeb.jpg\" alt=\"\" />
\r\n
\r\n
One of the major challenges in using Remote Monitoring Solutions is to install it onto the Target System, especially when only a little information, like an Email-Address, is available and no physical access can be achieved.
\r\n\r\n
\r\n
FinFly Web is designed to provide remote and covert infection of a Target System by using a wide range of web-based attacks. FinFly Web provides a point-and-click interface enabling the Agent to easily create a custom infection code according to selected modules. Target Systems visiting a prepared website with the implemented infection code will be covertly infected with the configured software.
\r\n
Usage Example 1: Technical Surveillance Unit
After profiling a Target, the unit created a website of interest for the Target and sent him the link through a discussion board. Upon opening the Link to the unit’s website, a Remote Monitoring Solution was installed on the Target System and the Target could be monitored from within the Head-Quarter.
Usage Example 2: Intelligence Agency
The customer deployed FinFly ISP within the main Internet Service Provider of their country. It was combined with FinFly Web to remotely infect Targets that visited government offensive websites by covertly injecting the FinFly Web code into the targeted websites."
Roadmap
"Please note that this roadmap is subject to change without further notifications.
\r\n
| Release Date: Q2 2014 | |
| Version: 5.00 | |
| Feature | Description |
| new module | IE Addon / Silverlight(?) |
| update existing modules | Support all latest version of supported browsers |
| activity log | Add activity log into GUI + store configuration file |
| Release Date: Q4 2014 | |
| Version: 6.00 | |
| Feature | Description |
| new module | Chrome Plugin / Addon / Application |
| upload client | Support to upload generated output to public webserver |
| update existing modules | Support all latest version of supported browsers |
| Release Date: Unscheduled | |
| Version: - | |
| Feature | Description |
| other new modules / techniques | New possible modules have to be investigated |
| browser / OS detection | Improve existing module for target OS & browser detection / identification |
| inline viewer | Live preview of generated output files |
"
"FinSpy Mobile"
Description: "FinSpy Mobile is a Mobile Phone Infection and Surveillance System that can be used by Law Enforcement to silently monitor mobile devices. The FinSpy Mobile is ideal for situations where access to the mobile operator’s network is not easily available or where “OffAir Interception†is not practical or is limited due to encryption and accessibility."
GenericInfo: "
<img width=\"160\" vspace=\"10\" hspace=\"10\" align=\"right\" height=\"250\" alt=\"\" src=\"/GGI/UserFiles/Image/FinFisher_Box_SpyMobile.jpg\" />
\r\n
\r\n
FinSpy Mobile is closing the gap of interception capabilities for Governments for most common smart phone platforms. Specifically, organizations without network or off-air based interception capabilities can access Mobile Phones and intercept the devices with enhanced capabilities. Furthermore, the solution offers access to encrypted communications as well as data stored on the devices that is not transmitted. Traditional tactical or strategic Interception solutions Face challenges that can only be solved using offensive systems like FinSpy Mobile:
\r\n\r\n
Usage Example 1: Intelligence Agency
\r\n
Usage Example 2: Organized Crime
\r\n
\r\n- \r\n
- Data not transmitted over any network and kept on the device \r\n
- Encrypted Communications in the Air-Interface, which avoid the usage of tactical active or passive Off-Air Systems \r\n
- End-to-end encryption from the device such as Messengers, Emails or PIN messages \r\n
FinSpy Mobile has been giving successful results to Government Agencies who gather information remotely from Target Mobile Phones.
When FinSpy Mobile is installed on a mobile phone it can be remotely controlled and monitored no matter where in the world the Target is located.
\r\nWhen FinSpy Mobile is installed on a mobile phone it can be remotely controlled and monitored no matter where in the world the Target is located.
Usage Example 1: Intelligence Agency
\r\n
FinSpy Mobile was deployed on BlackBerry mobile phones of several Targets to monitor all communications, including SMS/MMS, Email and BlackBerry Messenger.
\r\nUsage Example 2: Organized Crime
\r\n
FinSpy Mobile was covertly deployed on the mobile phones of several members of an Organized Crime Group(OCG). Using the GPS tracking data and silent calls, essential information could be gathered from every meeting that was held by this group.
\r\n"
Roadmap
"Please note that this roadmap is subject to change without further notifications.
\r\n
| Release Date: Q2 2014 | |
| Version: 4.60 | |
| Component | Feature/Enhancement |
| Mobile Target - All (supported) Platforms | Update Capabilities for the infection |
| Mobile Target - All (supported) Platforms | New Data Collection Module: Line Messenger |
| Mobile Target - All (supported) Platforms | New Data Collection Module: Viber Messenger |
| Mobile Target - All (supported) Platforms | Record Microphone |
| Mobile Target - Support for Blackberry 10 | Core Functionalities |
| Mobile Target - Android | Exploit Deployment Platform |
| Agent | Enhanced Audio Embedded Viewer (Add sound editting capabilities.) |
| Release Date: Q4 2014 | |
| Version: 4.70 | |
| Component | Feature/Enhancement |
| Mobile Target - All (supported) Platforms | New Data Collection Module: Tango (Video) Messenger |
| Mobile Target - All (supported) Platforms | New Data Colletion Module: Silent Circle |
| Mobile Target - Windows Phone | Core Functionalities |
| Mobile Target - Windows Phone | Calendar |
| Mobile Target - Windows Phone | Send/Received SMSes |
| Mobile Target - Windows Phone | Phone Calls Log |
| Mobile Target - Blackberry 10 | Calendar |
| Mobile Target - Blackberry 10 | Send/Received SMSes |
| Mobile Target - Blackberry 10 | Phone Calls Log |
| Release Date: Unscheduled | |
| Version: - | |
| Feature | Description |
| Mobile Target - All (supported) Platforms | New Data Collection Module: Keylogger |
| Mobile Target - Blackberry | Target Actions: Power Off |
| Mobile Target - Blackberry | Target Actions: Drain Battery |
| Mobile Target - iOS | Target Actions: Power Off |
| Mobile Target - iOS | Target Actions: Drain Battery |
| Mobile Target - Android | Target Actions: Power Off |
| Mobile Target - Android | Target Actions: Drain Battery |
| Mobile Target - Symbian | Target Actions: Power Off |
| Mobile Target - Symbian | Target Actions: Drain Battery |
| Mobile Target - Windows Mobile | Target Actions: Power Off |
| Mobile Target - Windows Mobile | Target Actions: Drain Battery |
\r\n
"
"FinFly USB"
Description: "The FinFly USB provides an easy-to-use and reliable way of installing a Remote Monitoring Solution on computer systems when physical access is available."
GenericInfo: "
<img width=\"160\" vspace=\"10\" hspace=\"10\" align=\"right\" height=\"250\" src=\"/GGI/UserFiles/Image/FinFisher_Box_FlyUsb.jpg\" alt=\"\" />
\r\n
\r\n
The FinFly USB provides an easy-to-use and reliable way of installing a Remote Monitoring Solution on computer systems when physical access is available.
It automatically installs the configured software on insertion into the computer with little or no userinteraction and does not require IT-trained Agents when used in operations. It can be used against multiple systems before being returned to Headquarters.
\r\nIt automatically installs the configured software on insertion into the computer with little or no userinteraction and does not require IT-trained Agents when used in operations. It can be used against multiple systems before being returned to Headquarters.
\r\n
Usage Example 1: Technical Surveillance Unit
In several countries, the FinFly USB was used to covertly install a Remote Monitoring Solution in Internet Cafes and Business Centers by simply inserting the device into the Target Systems so they could be monitored remotely as required
Usage Example 2: Intelligence Agency
A Source in a domestic terror group was given a FinFly USB that secretly installed a Remote Monitoring Solution on several computer systems of the group when they were using the device to exchange documents between each other. The Target Systems were then remotely monitored from Headquarters and the FinFly USB was returned by the Source.
"
Roadmap
"Please note that this roadmap is subject to change without further notifications.
\r\n
| Release Date: Q4 2014 | |
| Version: 3.00 | |
| Feature | Description |
| Offline Extraction | Extract data from offline target |
"
"FinFly Net"
Description: "In many real-life operations, physical access to in-country\r\ntarget systems cannot be achieved.\r\nTo solve this, a covert remote installation of a Remote\r\nMonitoring Solution is required to be able to monitor the\r\nTarget from within Headquarters."
GenericInfo: "
<img width=\"160\" vspace=\"10\" hspace=\"10\" align=\"right\" height=\"250\" src=\"/GGI/UserFiles/Image/FinFisher_Box_FinFlyNet.jpg\" alt=\"\" />
\r\n
FinFly NET is a tactical (portable) solution to be deployed in a „friendly“ LAN environment (like hotels, hotspots, companies - with support of the network owner) on short notice, to remotely install the Remote Monitoring Solution on selected target systems. FinFly NET is based on a high performance portable PC combined with a Management Notebook to provide maximum mobility and flexibility in the targeted networks. A wide range of Network Interface Cards – all secured with bypass functions – is available for the required active network connectivity.
The end-user can select several sophisticated passive methods of Target and Traffic Identification. These vary from DHCP/RADIUS Monitoring (MAC-Addresses, User Names), Flow Monitoring and Finger-Printing. Each method can be used either stand-alone or combined, to provide maximum success identifying the targets of interest. Of course fixed IP-Addresses can be used too. It is able to patch Files that are downloaded by the Target on-the-fly, send fake Software Updates for popular Software or inject the Payload into visited Websites.
\r\n
Usage Example LAN: Intelligence Agency
A FinFly NET is deployed i.e. in a hotel’s LAN in front of the DSLModem before the IP-traffic is transmitted to an Internet Service Provider network.
Targets of interest are identified in the IP-traffic by various passive profiling and identification methods and the Remote Monitoring Solution will be deployed on the positively identified Target Systems.
\r\n
In many real-life operations, physical access to in-country target systems cannot be
achieved. To solve this, a covert remote installation of a Remote Monitoring Solution is required to be able to monitor the Target from within Headquarters.
\r\nachieved. To solve this, a covert remote installation of a Remote Monitoring Solution is required to be able to monitor the Target from within Headquarters.
FinFly NET is a tactical (portable) solution to be deployed in a „friendly“ LAN environment (like hotels, hotspots, companies - with support of the network owner) on short notice, to remotely install the Remote Monitoring Solution on selected target systems. FinFly NET is based on a high performance portable PC combined with a Management Notebook to provide maximum mobility and flexibility in the targeted networks. A wide range of Network Interface Cards – all secured with bypass functions – is available for the required active network connectivity.
The end-user can select several sophisticated passive methods of Target and Traffic Identification. These vary from DHCP/RADIUS Monitoring (MAC-Addresses, User Names), Flow Monitoring and Finger-Printing. Each method can be used either stand-alone or combined, to provide maximum success identifying the targets of interest. Of course fixed IP-Addresses can be used too. It is able to patch Files that are downloaded by the Target on-the-fly, send fake Software Updates for popular Software or inject the Payload into visited Websites.
Usage Example LAN: Intelligence Agency
A FinFly NET is deployed i.e. in a hotel’s LAN in front of the DSLModem before the IP-traffic is transmitted to an Internet Service Provider network.
Targets of interest are identified in the IP-traffic by various passive profiling and identification methods and the Remote Monitoring Solution will be deployed on the positively identified Target Systems.
"
Roadmap
"Please note that this roadmap is subject to change without further notifications.
\r\n
| Release Date: Q2 2014 | |
| Version: 4.5 | |
| Feature | Description |
| GUI | Enhanced payload compatibility check |
| Infection proxy | Enhanced compatibility to FinFlyWeb infection methods |
| GUI + proxy | Update emulators for latest versions of supported programms (update infection) |
| Release Date: Q4 2014 | |
| Version: 5.0 | |
| Feature | Description |
| Infection proxy | Enhanced compatibility to FinFlyWeb infection methods |
| GUI + proxy | Update emulators for latest versions of supported programms (update infection) |
| Infection proxy | Infection Filters |
| GUI + proxy | Download replacement. Fully replace downloads on-the-fly |
| New Feature | Web Infection Filter for User Agent |
\r\n
"
"FinFly Exploit"
Description: "The FinFly Exploit Portal offers access to a large library of 0-Day and 1-Day Exploits for popular software like Microsoft® Office, Internet Explorer, Adobe Acrobat Reader, and many more.\r\nIn most scenarios, 0-Day Exploits provide an extremely powerful and reliable way to deploy Remote Monitoring Solutions by exploiting unpatched vulnerabilities in Software the Target is using."
GenericInfo: "
<img width=\"160\" vspace=\"10\" hspace=\"10\" align=\"right\" height=\"250\" src=\"/GGI/UserFiles/Image/FinFisher_Box_FinFlyExploit.jpg\" alt=\"\" />
\r\n
\r\n
Standard Deployment methods for Remote Monitoring Solutions can often not be applied when dealing with well-trained and extremely careful Targets as they are familiar with common Deployment techniques and tools.
In most scenarios, 0-Day Exploits provide an extremely powerful and reliable way to deploy Remote Monitoring Solutions by exploiting unpatched vulnerabilities in Software the Target is using.
\r\nIn most scenarios, 0-Day Exploits provide an extremely powerful and reliable way to deploy Remote Monitoring Solutions by exploiting unpatched vulnerabilities in Software the Target is using.
\r\n
\r\nThe FinFly Exploit Portal offers access to a large library of 0-Day and 1-Day Exploits for popular software like Microsoft® Office, Internet Explorer, Adobe Acrobat Reader, and many more.
Usage Example 1: High-Tech Crime Unit
A High-Tech Crime Unit was investigating a Cyber-Crime and needed to deploy a Remote Monitoring Solution on a Target System. They used an Adobe Acrobat Reader 0-Day Exploit and sent a prepared PDF file via Email to the Target. The Remote Monitoring Solution was automatically deployed once the Target opened the file.
Usage Example 2: Intelligence Agency
A Target was identified within a Discussion Board but no direct or Email contact was possible. The Agency created a Webserver containing an Internet Explorer 0-day Exploit which deployed the Payload on the Target System once the Target opened the URL that was sent to him through a private message in the Discussion Board."
Roadmap
"The Roadmap is currently in progress and will be published soon."
