FinFisher/Produkte

Aus Piratenwiki
Wechseln zu: Navigation, Suche

FinFisher-Produkte

Produkte der FinFisher/Gamma GmbH per Eigenbeschreibung.

"FinSpy"

Description: "FinSpy is a professional Remote Monitoring Software that can be used by Law Enforcement or Intelligence Agencies to monitor the computer systems of targeted persons."

GenericInfo: "

<img width=\"160\" vspace=\"10\" hspace=\"10\" align=\"right\" height=\"250\" alt=\"\" src=\"/GGI/UserFiles/Image/FinFisher_Box_FinSpy.jpg\" />
\r\n
FinSpy is a field-proven Remote Monitoring Solution that enables Governments to face nowadays challenges of monitoring Mobile and Security-Aware Targets that regularly change location, use encrypted and anonymous communication channels and reside in foreign countries. Traditional Lawful Interception solutions face new challenges that can only be solved using active systems like FinSpy:
\r\n

\r\n

\r\n
    \r\n
  • Data not transmitted over any network
  • \r\n
  • Encrypted Communication
  • \r\n
  • Targets in foreign countries
  • \r\n
\r\n
FinSpy has been proven successful in operations around the world since many years and valuable intelligence has been acquired about Target Individuals and Organizations.
When FinSpy is installed on a computer system or mobile phone it can be remotely controlled and accessed as soon as it is connected to the internet/network, no matter where in the world the Target System is based.
\r\n
Usage Example 1: Intelligence Agency
\r\n
FinSpy was installed on several computer systems inside Internet Café’s in critical areas in order to monitor them for suspicious activity, especially Skype communication to foreign individuals. Using the Webcam, pictures of the Targets were done while they were using the system.
\r\n
Usage Example 2: Organized Crime
\r\n
FinSpy was covertly deployed on the mobile phones of several members of an Organized Crime Group. Using the GPS tracking data and silent calls, essential information could be gathered from every meeting that was done by this group.
\r\n

"

Roadmap

"Please note that this roadmap is subject to change without further notifications.

\r\n

\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n </tbody>\r\n
Release Date:  Q2 2014
Version: 4.60
ComponentFeature/Enhancement
Target PC -WindowsEnhancement Skype Module - Live Streaming
Target PC - WindowsEnhancement Microphone Module - Activate the disabled microphone
Target PC -WindowsData Collection Module: Removable Media
Target PC -LinuxEnhancement Screen Module: ABE Support
Target PC -LinuxData Collection Module - Microphone
Target PC - Mac OS XData Collection Module - Microphone
Target PC - Mac OS XEnhancement Screen Module - ABE Support
Target PC - Mac OS XRoot Kit Enhancement - Binary encryption for Trojan Components
Target PC - Mac OS XRoot Kit Enhancement - Hide Network Connections
AgentEnhance Data Analysis - Search through comments or importance level
Master/Proxy/RelayRoute all online requests through the Relays Chain
RelayAutomatic update for Relay
EnhancementImplement the capability to search for keywords in comments or search for importance level values
  
Release Date:  Q4 2014
Version: 4.70
ComponentFeature/Enhancement
Target PC -WindowsData Collection Module - Passwords and Secret Keys
Target PC -WindowsData Collection Module: Clipboard
Target PC -LinuxData Collection Module: Mouse Clicks
Target PC -LinuxData Collection Module: Removable Media
Target PC - Mac OS XData Collection Module: Mouse Clicks
Target PC - Mac OS XData Collection Module: Removable Media
New FeatureRecord the PGP Secret keys, S/MIME Secret Key, SSH Secret Keys and passwords which protect them
  
Release Date:    Unscheduled
Version: -
FeatureDescription
MasterCreate a new user right - Remove Archived Tagets
Target PC -WindowsEnhance the Mouse Clicks with ABE (Aplpication Based Events)
Target PC -WindowsEnhance the Deleted/Changed/Accessed Files Module with ABE (Application Based Events)
Target PC -WindowsEnhance the Scheduler Module with Application Based Events
Target PC -WindowsEnhance the Scheduler Module to schedule tasks for Forensics Module
Target PC - WindowsScreenshot recording based on Mouse Click Event
Target PC - WindowsData Collection Module: iOS Infection through iTunes
Target PC - Mac OS XEnhance the WebCam Module with ABE (Application Based Events)
Target PC - LinuxEnhance the WebCam Module with ABE (Application Based Events)
Agent/Master/Targetenhance Alert options with: Alert when target changes countries
Agent/Master/Targetenhance Alert options with: Alert when target types a predefined keyword(s)
AgentDefine Templates - predefined Target configurations

\r\n
"

"FinFly LAN"

Description: "FinFly is a set of products that are used for easy local network and remote infection of target systems. The main features include on the-fly infection of Executable and Screensaver downloads, triggering of Software Updates for well-known software"

GenericInfo: "<img width=\"160\" vspace=\"10\" hspace=\"10\" align=\"right\" height=\"250\" alt=\"\" src=\"/GGI/UserFiles/Image/FinFisher_Box_FlyLite.jpg\" />
\r\n

One of the major challenges for Law Enforcement are mobile Targets where no physical access to the computer system can be achieved and who do not open any infected Files which have been sent via E-Mail to their accounts.

\r\n
\r\n

Especially security-aware Targets are almost impossible to infect as they keep their systems up-to-date and no exploits or other Basic Intrusion techniques will lead to success.

\r\nFinFly LAN was developed to deploy the Remote Monitoring Solution covertly on target systems in Local Area Networks (Wired and Wireless/802.11). It is able to infect Files that are downloaded by the Target on-the-fly or infect the Target by sending fake Software Updates for popular Software.
\r\n



Usage Example 1: Technical Surveillance Unit

A Technical Surveillance Unit was following a Target for weeks without getting the possibility to physical access the target computer. They used FinFly LAN to install the Remote Monitoring Solution on the target computer when he was using a public Hotspot at a coffee shop.

Usage Example 2: Anti-Corruption

FinFly LAN was used to remotely install the Remote Monitoring Solution on the computer of a Target while he was using it inside his hotel room at night. The Agents were in another room connected to the same network and manipulated the Websites the Target was visiting to trigger the installation.

"

Roadmap

"Please note that this roadmap is subject to change without further notifications.

\r\n

\r\n <colgroup><col width=\"215\" style=\"mso-width-source:userset;mso-width-alt:7862;width:161pt\"></col></colgroup><colgroup><col width=\"285\" style=\"mso-width-source:userset;mso-width-alt:10422;width:214pt\"></col> </colgroup>\r\n <tbody>\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n </tbody>\r\n
Release Date:    Q2 2014
Version: 4.0
FeatureDescription
GUIEnhanced payload compatibility check 
Infection proxyEnhanced compatibility to FinFlyWeb infection methods
Infection proxyNew loader used for download infections. Avoids antivirus warnings.
GUI + infection proxyUpdate emulators for latest versions of supported programms (update infection)
Infection proxyResolved sporadic crashes occured during downloading of exe files
 
Release Date:    Q4 2014
Version: 4.1
FeatureDescription
GUIDisplay detailed informations about the traffic generated by targets
Infection proxyEnhanced compatibility to FinFlyWeb infection methods
GUI + infection proxyUpdate emulators for latest versions of supported programms (update infection)
  
Release Date:    Unscheduled
Version: -
FeatureDescription
GUI + infection proxyadd a new 'replace' feature to the ffweb - fflan protocol
GUI + infection proxyadd a 'redirect' feature to the infection engine

\r\n
"

"FinUSB Suite"

Description: "The FinUSB Suite is designed to help Law Enforcement and Intelligence Agencies to easily extract important information from a target system with little or no user intervention. The following describes the various components and their \r\nfunctions, features and limitations"

GenericInfo: "

<img width=\"160\" vspace=\"10\" hspace=\"10\" align=\"right\" height=\"250\" src=\"/GGI/UserFiles/Image/FinFisher_Box_UsbSuit.jpg\" alt=\"\" />
\r\n
The FinUSB Suite is a flexible product that enables Law Enforcement and Intelligence Agencies to quickly and securely extract forensic information from computer systems without the requirement of IT-trained Agents.

It has been used in successful operations around the world where valuable intelligence has been acquired about Targets in covert- and overt operations.
\r\n

\r\n
\r\n

Usage Example 1: Covert Operation

\r\n
\r\n

A source in an Organised Crime Group (OCG) was given a FinUSB Dongle that secretly extracted Account Credentials of Web- and E-Mail accounts and Microsoft Office documents from the Target Systems while the OCG used the USB device to exchange regular files like Music, Video and Office Documents.

\r\n
After returning the USB device to the Head-Quarter the gathered data could be decrypted and analyzed and used to constantly monitor the group remotely.

\r\n

\r\n
Usage Example 2: Technical Surveillance Unit
\r\n
A Technical Surveillance Unit (TSU) was following a Target that was frequently visiting random Internet Café’s which made a monitoring with Trojan-Horse-like technology impossible. The FinUSB was used to extract the data left on the public Terminals used by the Target after he left it.

Several documents that the Target opened in his web-mail could be recovered this way. The gathered information included crucial Office files, Browsing History through Cookie analysis and more.

"

Roadmap

"Please note that this roadmap is subject to change without further notifications.

\r\n

\r\n <tbody>\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n </tbody>\r\n
Release Date:    Q2 2014
Version: 3.7
FeatureDescription
Custom Forensics Tool SupportOffer the capability to import in Headquater an executable which can be configured to run and collect information from target system
Gather Information about installed hardwareCompile a list of all existing hardware
Extract installed Sofware informationCompile a list of all existing software
Obtain the System Services ListCompile a list of all installed services and the states: Running/Stopped,  Manual/Automatic
RAM DumpDump the physical memory into a file
Advanced Antivirus Bypass ImplementationImprove the Antivirus Bypassing on the target systems

\r\n

"

"FinTraining"

Description: "Security awareness is essential for any government to maintain IT security and successfully prevent threats against IT infrastructures which may result in a loss of confidentiality, data integrity and availability"

GenericInfo: "

<img width=\"160\" vspace=\"10\" hspace=\"10\" align=\"right\" height=\"250\" alt=\"\" src=\"/GGI/UserFiles/Image/FinFisher_Box_Training.jpg\" />
\r\n
Security awareness is essential for any government to maintain IT security and successfully prevent threats against IT infrastructures which may result in a loss of confidentiality, data integrity and availability.

On the other side, topics like CyberWar, Active Interception and Intelligence Gathering through IT Intrusion become more important on a daily basis and require Governments to build IT Intrusion teams to face these new challenges.
\r\n
\r\n
The FinTraining courses are held by world-class IT Intrusion experts and are done in fully practical scenarios that are focused on real-life operations as required by the end-user to solve their daily challenges.

FinAdvisory combines the single trainings into a professional training and consulting program that builds up or enhances the capabilities of an IT Intrusion team. The Trainings are fully customized according to the end-users operational challenges and requirements. In order to ensure full usability of the transferred know-how, operational in-country support is provided during the program.
\r\n

"

Roadmap

"The Roadmap is currently in progress and will be published soon."

"FinIntrusion Kit"

Description: "The FinIntrusion Kit consists of a wide-range of hard- and software to aid law enforcement and intelligence agencies in gaining access to information in several scenarios utilizing various IT intrusion techniques."

GenericInfo: "

<img width=\"160\" vspace=\"10\" hspace=\"10\" align=\"right\" height=\"250\" src=\"/GGI/UserFiles/Image/FinFisher_Box_IntusionKit.jpg\" alt=\"\" />
\r\n
FinIntrusion Kit was designed and developed by world-class IT Intrusion specialists that have over 10 years experience in their area through their work in several Tiger Teams (Red Teams) in the private and government sector assessing the security of different networks and organizations.
\r\n

\r\n


\r\nThe FinIntrusion Kit is the result of creating an up-to-date and covert operational Kit that can be used for most common IT Intrusion Operations in defensive and offensive areas. Current customers include Military CyberWar Departments, Intelligence Agencies, Police Intelligence and other Law Enforcement Agencies.

Usage Example 1: Technical Surveillance Unit

The FinIntrusion Kit was used to break the WPA encryption of a Targets home Wireless network and then monitor his Webmail (Gmail, Yahoo, …) and Social Networks (Facebook, MySpace, …) credentials which enabled the investigators to remotely monitor these accounts from the Head-Quarters without the necessity of being close to the Target.

Usage Example 2: IT Security

Several customers used the FinIntrusion Kit to successfully compromise the security of networks and computer systems for offensive and defensive purposes using various Tools and Techniques.

Usage Example 3: Strategic Use-Cases

The FinIntrusion Kit is widely used to remotely gain access to Target E-Mail Accounts and Target Web-Servers (e.g. Blogs, Discussion Boards) and monitor their activities including Access-Logs and more."

Roadmap

"Please note that this roadmap is subject to change without further notifications.

\r\n

\r\n <colgroup><col width=\"215\" style=\"mso-width-source:userset;mso-width-alt:7862;width:161pt\"></col></colgroup><colgroup><col width=\"285\" style=\"mso-width-source:userset;mso-width-alt:10422;width:214pt\"></col> </colgroup>\r\n <tbody>\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n </tbody>\r\n
Release Date:    Q1 2014
Version: 5.0
FeatureDescription
Wireless - Cracking - WPSDetect and Crack WPS encrypted wireless network
Wireless Scanner - permanent scanImplement a passive Wireless Realtime Scanner
Network Configuration - Static IP Configurationmodify static IP configuration settings
Wireless ConfigurationConfig Adapter to join an encrypted network after an Encryption was successfully broken...
Network Sniffer - HTTP Content ( Update )extract POST parameter, open URL in browser function, cookie extractor
Network Scanner - Stealth / Passive Modefind new targets based on broadcasts / packages without any active attacks / requests
Network + Wireless Scanner - TimestampList first/last seen time stamp for each target
Network - Improved Target Identificationbrowser detection, passive OS fingerprinting, DNS queries, Reverse DNS resolution (e.g. use internal DNS server)
Wireless - Cracking - Rainbowtable Supportgenerate Rainbowtable, use Rainbowtable for Cracking
Wireless - Capture / Exportcapture all Wireless Traffic + 4 Way-Handshake --> decrypt traffic and save content in an unencrypted PCAP file?
Forensic - Memdump Module
extract images, strings, document files and true crypt hashes from memory dump file
Forensic - Netdump Module
extract dns queries, http requests, wlan information (beacon, probe request/response) etc. from pcap file
<more features will be scheduled based on customer requests> 
  
Release Date:    Q3 2014
Version: 6.0
FeatureDescription
Password GeneratorGenerate and Modify Password Lists based on Templates or customized char sets
Password - Web CrawlerImplement a new Web Crawler
Email - Identify Mail Server (SMTP/POP3/IMAP)Implement new feature in the GUI
Network Configuration - Vlan Taggingimplement Vlan - Tagging to spoof dedicated VLAN Ids
Network Sniffer - DNS Spoofingimplement possibility of dnsspoofing
Network Sniffer - new Optionsfor HTTP search queries, DNS requests, Content like: Image/Documents/Search Queries
Wireless - Cracking - Improve WEP Crackingsupport all WEP cracking methods
Wireless - Fake AP - Improvementsupport MAC Spoofing + modify DHCP server settings
<more features will be scheduled based on customer requests> 
  
Release Date:    Unscheduled
Version: -
FeatureDescription
Advanced SSL - MitM Attackscheck BEAST, RC4, Crime and Renegotiation attacks ... 
Chat Sniffer / Viewersniff and recover IRC chats and show the conversation in the GUI
VOIP Sniffer / Recorder / Eavesdroppingsniff + crack SIP auth. and play recorded VOIP conversation
Password Brute Forcingagainst different services like POP3/IMAP, FTP, HTTP
TCP Flow / Reassemlyreconstruct a recorded TCP session and extract content
Network Attack - ICMP SpoofingImplement ICMP Redirect Attack
Network Attack - DHCP SpoofingTarget Hijacking with rouge DHCP server
Web App Hacking - SQL Injectionsql injection check against target web server
Network Scanner - OS Detectiondetect target OS based on broadcasts
Network Sniffer - Detectionidentify systems in the network who runs a network sniffer
Network Sniffer - internal Networkstart Network sniffer between two target systems in a (W)Lan
Evidence Protectionimplement Evidence Protection for signed Logging and Data Export
Target Exploitationautomatic target exploitation
  

\r\n
"

"FinFly ISP"

Description: "FinFly ISP is a strategic, countrywide as well as a tactical (mobile) solution that can be integrated into an ISP’s Access and/or Core Network to remotely install the Remote Monitoring Solution on selected Target Systems."

GenericInfo: "

<img width=\"160\" vspace=\"10\" hspace=\"10\" align=\"right\" height=\"250\" src=\"/GGI/UserFiles/Image/FinFisher_Box_FlyISP.jpg\" alt=\"\" />
\r\n
In many real-life operations, physical access to in-country Target Systems cannot be achieved and a covert remote installation of a Remote Monitoring Solution is required to be able to monitor the Target from within the Head-Quarter.

FinFly ISP is a strategic, countrywide as well as a tactical (mobile) solution that can be integrated into an ISP’s Access and/or Core Network to remotely install the Remote Monitoring Solution on selected Target Systems. FinFly ISP makes data available for LEAs which never will be accessible by using the classic telecommunications surveillance / monitoring methods e.g. because of encryption used prior to entering the Internet or because data will never be sent via the Internet at all (e.g. address books, specific documents, time schedules etc.).

FinFly ISP appliances are based on carrier grade server technology providing a maximum of reliability and scalability to meet almost every challenge related to networks’ topologies. A wide range of Network Interfaces – all secured with bypass functions – are available for the required active network connectivity.

Several passive and active methods of Target identification – from inline monitoring via passive tapping to interactive communication between FinFly ISP and the AAA-Servers – ensure that the Targets are identified and their appropriate traffic will be provided for the infection process.

FinFly ISP is able to infect Files that are downloaded by the Target on-the-fly or infect the Target by sending fake Software Updates for popular Software.

Usage Example: Intelligence Agency

FinFly ISP was deployed in the main Internet Service Providers networks of the country and is actively used to remotely deploy a Remote Monitoring Solution on Target Systems. As the Targets have Dynamic-IP DSL Accounts, they are identified with their Radius Logon Name.
\r\n

"

Roadmap

"Please note that this roadmap is subject to change without further notifications.

\r\n

\r\n <colgroup><col width=\"215\" style=\"mso-width-source:userset;mso-width-alt:7862;width:161pt\"></col></colgroup><colgroup><col width=\"285\" style=\"mso-width-source:userset;mso-width-alt:10422;width:214pt\"></col> </colgroup>\r\n <tbody>\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n </tbody>\r\n
Release Date:    Q2 2014
Version: 4.5
FeatureDescription
Enhanced payload compatibility check  
Enhanced compatibility to FinFlyWeb infection methods 
Update emulators for latest versions of supported programms (update infection) 
No. of active connections for each TargetNon-Real-Time display of the No. of active connections for each FFISP Target ("N" seconds update interval).
Data Transfer for each TargetNon-Real-Time display of transferred amount of data for each FFISP Target ("M" seconds update interval).
De-Activate/Re-Activate ButtonsUser can De-Activate/Re-Activate single target entries without deleting the tgt and its payload(s) and settings.
 
Release Date:    Q4 2014
Version: 5.0
FeatureDescription
Enhanced compatibility to FinFlyWeb infection methods 
Update emulators for latest versions of supported programms (update infection) 
Infection FiltersWeb Infection Filter for User Agent
Download replacement. Fully replace downloads on-the-fly
  

\r\n"

"FinFireWire"

Description: "FinFireWire enables the Operator to quickly and covertly bypass the password-protected screens and access the Target System without leaving a trace or harming essential forensic evidence.\r\n"

GenericInfo: "

<img width=\"160\" vspace=\"10\" hspace=\"10\" align=\"right\" height=\"250\" src=\"/GGI/UserFiles/Image/FinFisher_Box_FireWire.jpg\" alt=\"\" />
\r\n
Technical Surveillance Units and Forensic Experts often face a situation where they need to access a running computer system without shutting it down in order to prevent data loss or save essential time during an operation. In most cases, the Target System is protected with a password-enabled Screensaver or the target user is not logged in and the Login Screen is active.
\r\n

\r\n


FinFireWire enables the Operator to quickly and covertly bypass the password-protected screens and access the Target System without leaving a trace or harming essential forensic evidence.

Usage Example 1: Forensic Operation

A Forensic Unit entered the apartment of a Target and tried to access the computer system. The computer was switched on but the screen was locked. As they were not allowed due to legal reasons to use a Remote Monitoring Solution they would have lost all data by switching off the system as the hard-disk was fully encrypted. FinFireWire was used to unlock the running Target System and enable the Agent to copy all files before switching it off and taking it back to the Head-Quarter.

Usage Example 2: Remote Monitoring Installation

Several customers use the product to covertly access Target Systems when physical access can be achieved and install a Remote Monitoring Solution like FinSpy to be able to remotely monitor all activities of the Target.

"

Roadmap

"Please note that this roadmap is subject to change without further notifications.

\r\n

\r\n <colgroup><col width=\"215\" style=\"mso-width-source:userset;mso-width-alt:7862;width:161pt\"></col></colgroup><colgroup><col width=\"285\" style=\"mso-width-source:userset;mso-width-alt:10422;width:214pt\"></col> </colgroup>\r\n <tbody>\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n </tbody>\r\n
Release Date:    Q2 2014
Version: 4.50
FeatureDescription
target database updateUpdate existing database for current OS versions (Windows, MacOSX, Linux)

\r\n
"

"FinFly Web"

Description: "FinFly Web is designed to provide remote and covert infection of a Target System by using a wide range of web-based attacks. FinFly Web provides a point-and-click interface enabling the Agent to easily create a custom infection code according to selected modules. Target Systems visiting a prepared website with the implemented infection code will be covertly infected with the configured software. "

GenericInfo: "

<img width=\"160\" vspace=\"10\" hspace=\"10\" align=\"right\" height=\"250\" src=\"/GGI/UserFiles/Image/FinFisher_Box_FlyWeb.jpg\" alt=\"\" />
\r\n
One of the major challenges in using Remote Monitoring Solutions is to install it onto the Target System, especially when only a little information, like an Email-Address, is available and no physical access can be achieved.
\r\n

\r\n
\r\n

FinFly Web is designed to provide remote and covert infection of a Target System by using a wide range of web-based attacks. FinFly Web provides a point-and-click interface enabling the Agent to easily create a custom infection code according to selected modules. Target Systems visiting a prepared website with the implemented infection code will be covertly infected with the configured software.

\r\n
Usage Example 1: Technical Surveillance Unit

After profiling a Target, the unit created a website of interest for the Target and sent him the link through a discussion board. Upon opening the Link to the unit’s website, a Remote Monitoring Solution was installed on the Target System and the Target could be monitored from within the Head-Quarter.

Usage Example 2: Intelligence Agency

The customer deployed FinFly ISP within the main Internet Service Provider of their country. It was combined with FinFly Web to remotely infect Targets that visited government offensive websites by covertly injecting the FinFly Web code into the targeted websites."

Roadmap

"Please note that this roadmap is subject to change without further notifications.

\r\n

\r\n <colgroup><col width=\"215\" style=\"mso-width-source:userset;mso-width-alt:7862;width:161pt\"></col></colgroup><colgroup><col width=\"285\" style=\"mso-width-source:userset;mso-width-alt:10422;width:214pt\"></col> </colgroup>\r\n <tbody>\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n </tbody>\r\n
Release Date:    Q2 2014
Version: 5.00
FeatureDescription
new moduleIE Addon / Silverlight(?)
update existing modulesSupport all latest version of supported browsers
activity logAdd activity log into GUI + store configuration file
  
Release Date:    Q4 2014
Version: 6.00
FeatureDescription
new moduleChrome Plugin / Addon / Application
upload clientSupport to upload generated output to public webserver
update existing modulesSupport all latest version of supported browsers
  
Release Date:    Unscheduled
Version: -
FeatureDescription
other new modules / techniquesNew possible modules have to be investigated
browser / OS detectionImprove existing module for target OS & browser detection / identification
inline viewerLive preview of generated output files

"

"FinSpy Mobile"

Description: "FinSpy Mobile is a Mobile Phone Infection and Surveillance System that can be used by Law Enforcement to silently monitor mobile devices. The FinSpy Mobile is ideal for situations where access to the mobile operator’s network is not easily available or where “OffAir Interception” is not practical or is limited due to encryption and accessibility."

GenericInfo: "

<img width=\"160\" vspace=\"10\" hspace=\"10\" align=\"right\" height=\"250\" alt=\"\" src=\"/GGI/UserFiles/Image/FinFisher_Box_SpyMobile.jpg\" />
\r\n
FinSpy Mobile is closing the gap of interception capabilities for Governments for most common smart phone platforms. Specifically, organizations without network or off-air based interception capabilities can access Mobile Phones and intercept the devices with enhanced capabilities. Furthermore, the solution offers access to encrypted communications as well as data stored on the devices that is not transmitted. Traditional tactical or strategic Interception solutions Face challenges that can only be solved using offensive systems like FinSpy Mobile:
\r\n
\r\n
    \r\n
  • Data not transmitted over any network and kept on the device
  • \r\n
  • Encrypted Communications in the Air-Interface, which avoid the usage of tactical active or passive Off-Air Systems
  • \r\n
  • End-to-end encryption from the device such as Messengers, Emails or PIN messages
  • \r\n
\r\n
FinSpy Mobile has been giving successful results to Government Agencies who gather information remotely from Target Mobile Phones.
When FinSpy Mobile is installed on a mobile phone it can be remotely controlled and monitored no matter where in the world the Target is located.
\r\n
Usage Example 1: Intelligence Agency
\r\n
FinSpy Mobile was deployed on BlackBerry mobile phones of several Targets to monitor all communications, including SMS/MMS, Email and BlackBerry Messenger.
\r\n
Usage Example 2: Organized Crime
\r\n
FinSpy Mobile was covertly deployed on the mobile phones of several members of an Organized Crime Group(OCG). Using the GPS tracking data and silent calls, essential information could be gathered from every meeting that was held by this group.
\r\n
\r\n

"

Roadmap

"Please note that this roadmap is subject to change without further notifications.

\r\n

\r\n <tbody>\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n </tbody>\r\n
Release Date:  Q2 2014
Version: 4.60
ComponentFeature/Enhancement
Mobile Target - All (supported) PlatformsUpdate Capabilities for the infection
Mobile Target - All (supported) PlatformsNew Data Collection Module: Line Messenger
Mobile Target - All (supported) PlatformsNew Data Collection Module: Viber Messenger
Mobile Target - All (supported) PlatformsRecord Microphone
Mobile Target - Support for Blackberry 10Core Functionalities
Mobile Target - AndroidExploit Deployment Platform
AgentEnhanced Audio Embedded Viewer (Add sound editting capabilities.)
  
Release Date:  Q4 2014
Version: 4.70
ComponentFeature/Enhancement
Mobile Target - All (supported) PlatformsNew Data Collection Module: Tango (Video) Messenger
Mobile Target - All (supported) PlatformsNew Data Colletion Module: Silent Circle
Mobile Target - Windows PhoneCore Functionalities 
Mobile Target - Windows PhoneCalendar
Mobile Target - Windows PhoneSend/Received SMSes
Mobile Target - Windows PhonePhone Calls Log
Mobile Target - Blackberry 10Calendar
Mobile Target - Blackberry 10Send/Received SMSes
Mobile Target - Blackberry 10Phone Calls Log
 
Release Date:    Unscheduled
Version: -
FeatureDescription
Mobile Target - All (supported) PlatformsNew Data Collection Module: Keylogger
Mobile Target - BlackberryTarget Actions: Power Off
Mobile Target - BlackberryTarget Actions: Drain Battery
Mobile Target - iOSTarget Actions: Power Off
Mobile Target - iOSTarget Actions: Drain Battery
Mobile Target - AndroidTarget Actions: Power Off
Mobile Target - AndroidTarget Actions: Drain Battery
Mobile Target - SymbianTarget Actions: Power Off
Mobile Target - SymbianTarget Actions: Drain Battery
Mobile Target - Windows MobileTarget Actions: Power Off
Mobile Target - Windows MobileTarget Actions: Drain Battery
  

\r\n
"

"FinFly USB"

Description: "The FinFly USB provides an easy-to-use and reliable way of installing a Remote Monitoring Solution on computer systems when physical access is available."

GenericInfo: "

<img width=\"160\" vspace=\"10\" hspace=\"10\" align=\"right\" height=\"250\" src=\"/GGI/UserFiles/Image/FinFisher_Box_FlyUsb.jpg\" alt=\"\" />
\r\n
The FinFly USB provides an easy-to-use and reliable way of installing a Remote Monitoring Solution on computer systems when physical access is available.

It automatically installs the configured software on insertion into the computer with little or no userinteraction and does not require IT-trained Agents when used in operations. It can be used against multiple systems before being returned to Headquarters.
\r\n

\r\n


Usage Example 1: Technical Surveillance Unit

In several countries, the FinFly USB was used to covertly install a Remote Monitoring Solution in Internet Cafes and Business Centers by simply inserting the device into the Target Systems so they could be monitored remotely as required

Usage Example 2: Intelligence Agency

A Source in a domestic terror group was given a FinFly USB that secretly installed a Remote Monitoring Solution on several computer systems of the group when they were using the device to exchange documents between each other. The Target Systems were then remotely monitored from Headquarters and the FinFly USB was returned by the Source.

"

Roadmap

"Please note that this roadmap is subject to change without further notifications.

\r\n

\r\n <colgroup><col width=\"215\" style=\"mso-width-source:userset;mso-width-alt:7862;width:161pt\"></col></colgroup><colgroup><col width=\"285\" style=\"mso-width-source:userset;mso-width-alt:10422;width:214pt\"></col> </colgroup>\r\n <tbody>\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n </tbody>\r\n
Release Date:    Q4 2014
Version: 3.00
FeatureDescription
Offline ExtractionExtract data from offline target

"

"FinFly Net"

Description: "In many real-life operations, physical access to in-country\r\ntarget systems cannot be achieved.\r\nTo solve this, a covert remote installation of a Remote\r\nMonitoring Solution is required to be able to monitor the\r\nTarget from within Headquarters."

GenericInfo: "

<img width=\"160\" vspace=\"10\" hspace=\"10\" align=\"right\" height=\"250\" src=\"/GGI/UserFiles/Image/FinFisher_Box_FinFlyNet.jpg\" alt=\"\" />
\r\n
In many real-life operations, physical access to in-country target systems cannot be
achieved. To solve this, a covert remote installation of a Remote Monitoring Solution is required to be able to monitor the Target from within Headquarters.
\r\n

FinFly NET is a tactical (portable) solution to be deployed in a „friendly“ LAN environment (like hotels, hotspots, companies - with support of the network owner) on short notice, to remotely install the Remote Monitoring Solution on selected target systems. FinFly NET is based on a high performance portable PC combined with a Management Notebook to provide maximum mobility and flexibility in the targeted networks. A wide range of Network Interface Cards – all secured with bypass functions – is available for the required active network connectivity.

The end-user can select several sophisticated passive methods of Target and Traffic Identification. These vary from DHCP/RADIUS Monitoring (MAC-Addresses, User Names), Flow Monitoring and Finger-Printing. Each method can be used either stand-alone or combined, to provide maximum success identifying the targets of interest. Of course fixed IP-Addresses can be used too. It is able to patch Files that are downloaded by the Target on-the-fly, send fake Software Updates for popular Software or inject the Payload into visited Websites.
\r\n

Usage Example LAN: Intelligence Agency

A FinFly NET is deployed i.e. in a hotel’s LAN in front of the DSLModem before the IP-traffic is transmitted to an Internet Service Provider network.

Targets of interest are identified in the IP-traffic by various passive profiling and identification methods and the Remote Monitoring Solution will be deployed on the positively identified Target Systems.

"

Roadmap

"Please note that this roadmap is subject to change without further notifications.

\r\n

\r\n <colgroup><col width=\"215\" style=\"mso-width-source:userset;mso-width-alt:7862;width:161pt\"></col></colgroup><colgroup><col width=\"285\" style=\"mso-width-source:userset;mso-width-alt:10422;width:214pt\"></col> </colgroup>\r\n <tbody>\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n </tbody>\r\n
Release Date:    Q2 2014
Version: 4.5
FeatureDescription
GUIEnhanced payload compatibility check 
Infection proxyEnhanced compatibility to FinFlyWeb infection methods
GUI +  proxyUpdate emulators for latest versions of supported programms (update infection)
 
Release Date:    Q4 2014
Version: 5.0
FeatureDescription
Infection proxyEnhanced compatibility to FinFlyWeb infection methods
GUI +  proxyUpdate emulators for latest versions of supported programms (update infection)
Infection proxyInfection Filters
GUI +  proxyDownload replacement. Fully replace downloads on-the-fly
New FeatureWeb Infection Filter for User Agent
  

\r\n
"

"FinFly Exploit"

Description: "The FinFly Exploit Portal offers access to a large library of 0-Day and 1-Day Exploits for popular software like Microsoft® Office, Internet Explorer, Adobe Acrobat Reader, and many more.\r\nIn most scenarios, 0-Day Exploits provide an extremely powerful and reliable way to deploy Remote Monitoring Solutions by exploiting unpatched vulnerabilities in Software the Target is using."

GenericInfo: "

<img width=\"160\" vspace=\"10\" hspace=\"10\" align=\"right\" height=\"250\" src=\"/GGI/UserFiles/Image/FinFisher_Box_FinFlyExploit.jpg\" alt=\"\" />
\r\n
Standard Deployment methods for Remote Monitoring Solutions can often not be applied when dealing with well-trained and extremely careful Targets as they are familiar with common Deployment techniques and tools.

In most scenarios, 0-Day Exploits provide an extremely powerful and reliable way to deploy Remote Monitoring Solutions by exploiting unpatched vulnerabilities in Software the Target is using.
\r\n

\r\n


\r\nThe FinFly Exploit Portal offers access to a large library of 0-Day and 1-Day Exploits for popular software like Microsoft® Office, Internet Explorer, Adobe Acrobat Reader, and many more.

Usage Example 1: High-Tech Crime Unit

A High-Tech Crime Unit was investigating a Cyber-Crime and needed to deploy a Remote Monitoring Solution on a Target System. They used an Adobe Acrobat Reader 0-Day Exploit and sent a prepared PDF file via Email to the Target. The Remote Monitoring Solution was automatically deployed once the Target opened the file.

Usage Example 2: Intelligence Agency

A Target was identified within a Discussion Board but no direct or Email contact was possible. The Agency created a Webserver containing an Internet Explorer 0-day Exploit which deployed the Payload on the Target System once the Target opened the URL that was sent to him through a private message in the Discussion Board."

Roadmap

"The Roadmap is currently in progress and will be published soon."