finfisher: confidential document · screenshot finfly isp 3.0 interface: the system functionality...

FinFisher: Newsletter July 2011 / Confidential

1

FINFISHER: Newsletter July 2011

Confidential Document


2

Dear Customers and Partners,

During the past couple of months, we have substantially increased our team in the areas of Research and Development, Quality Assurance and Support in order to be able to upgrade all the FinFisher products to the next level. As you will see in this Newsletter, most Products have been extended quite considerably with new Features, better User Interfaces and support for Mac OSX and Linux Operating Systems. Most noticeably here is the Internationalization that has been added to most User Interfaces, which allows the Operator to select the Display Language. Currently supported Languages are: German, English, French, Arabic, Spanish, Portuguese and Russian. Our brand-new FinSpy Mobile 2.0, to remotely monitor Smartphones, is already going through its first integration test and will be released in Q4 2011 and will be directly dispatched to several customers. We are also currently enhancing our Support Website with a Community section, called FinCommunity, whereby all our customers can actively and anonymously submit Content, like Operational Tricks and Techniques, Feedback, Open Questions/Discussions, and more. We will regularly supply all our Customers on the FinCommunity Support Website with Tutorials, Latest News, Exploit announcements and other useful information. The launch of the FinCommunity is scheduled for August 2011.

Sincerely,

Martin J. Muench

Managing Director

Gamma International GmbH


3

Table of Contents

1 Product Updates ................................................................................................................................... 4

1.1 FinSpy 3.0 ...................................................................................................................................... 4

1.2 FinIntrusion Kit 2.0 ........................................................................................................................ 6

1.3 FinUSB Suite 3.2 ............................................................................................................................ 7

1.4 FinFly LAN 2.0 ................................................................................................................................ 8

2 Upcoming Product Releases ............................................................................................................... 10

2.1 FinFireWire 2.0 ............................................................................................................................ 10

2.2 FinFly ISP 3.0 ............................................................................................................................... 11

2.3 FinFly NET 1.0 .............................................................................................................................. 12

2.4 FinFly Web 2.0 ............................................................................................................................. 13

3 Upcoming Exhibitions ......................................................................................................................... 14


4

1 PRODUCT UPDATES The following product updates were released in Q1 and Q2, 2011.

The full product Release Notes, which include all changes in detail, can be found on the Support

website.

1.1 FinSpy 3.0

We have finally released FinSpy Version 3.0 which contains major new

features and enhancements, such as:

Support for all Major Operating Systems

FinSpy now supports all common Operating Systems: Windows, OSX and Linux!

In Target Creation, the Operating System can be selected and the relevant Target Executable can be

generated.

Screenshot Target Generation


5

Bootable USB/CD

FinFly USB can now be converted to a bootable USB that is able to infect Target

Systems during the boot process. This can now also be done using a CD-Rom.

Important: This infection technique works even when the Target System is

switched off and full hard-disk encryption software like TrueCrypt or Bitlocker is

used.

Integrated Audio Player

The new FinSpy Audio Player simplifies the analysis of

Audio data like:

Skype Voice Calls

Voice-over-IP Calls

Microphone Recordings

The Player contains many important features, like:

Channel Muting

Gain

Jumping to specific positions

Advanced File-Name Conversion

Using a filename-encoding trick, it is now possible to change the file-names of infected files and have

the exe file extension in front of the file-name where it can easily be concealed:

Excel Infection

It is now possible to also infect Microsoft Excel (.xls) files for deployment of the Target.

For a detailed overview of all changes, see the Release Notes.


6

1.2 FinIntrusion Kit 2.0

As announced in the last newsletter, we have been working on the next-

generation FinIntrusion Kit, Version 2.0.

We are proud to finally release the full new system.

Major new Features:

WPA 1/WPA 2 Cracking

The product automatically captures the WPA Hand-Shake and provides functionality for:

Exporting for external Cracking systems

Dictionary Attacks on the Hand-Shake

Client and Network Jammer

Functionality has been added that enables the Operator to:

Jam single Systems in the LAN/WLAN

Jam complete Wireless Networks

SSL/TLS Emulation Attacks

In addition to the traditional SSL/TLS Man-in-the-Middle attacks, a new technique has been

implemented which enables the Operator to monitor SSL/TLS connections without triggering any

certificate warnings on the Target Systems.

This enables silent capturing of Login credentials for all major Social Networks, Webmail Providers and

more.


7

WLAN Client Scanner

The WLAN Client Scanner detects all the Wireless Networks a Target System has used during the last

days/weeks by monitoring the active search of these Clients. This provides important information on

Hotspot usage, potential travel activities, and more.

Screenshots FinIntrusion Kit 2.0


1.3 FinUSB Suite 3.2

The new FinUSB Suite was issued in June this year and sent to all existing

FinUSB customers. This new version was totally revised and rewritten and

offers several new important features like:

64-Bit Support

FinUSB Suite now has full 64-bit support.

Web Browser-Stored Passwords

All passwords saved by any common Web browser can now be retrieved.


8

Google Chrome Cookies

Cookies saved by Google Chrome are now extracted from Target Systems.

Screenshot FinUSB Suite 3.0


1.4 FinFly LAN 2.0

The new version of FinFly LAN is now ready. It has been completely rewritten

and redesigned from the former version.

New Features include:

Simplified Target Identification

The new Interface simplifies the Target Identification process by providing extended information about

each System within the Local Area Network, like:

Operating System

Hardware Vendor


9

MAC Address

IP Address

Multi-OS Support

FinFly LAN 2.0 supports infection of Mac OSX systems through Update Injections.

Additional Update Injections

We have analyzed several popular products that are widely used on the internet and are now able to

send software updates for a broader range of client software.

Screenshots of the new Interface



10

2 UPCOMING PRODUCT RELEASES The following product updates will be released in Q3 and Q4, 2011.

Note: Any input from your side to improve the functionality of these products in your daily operations

is highly appreciated, and will be considered for these and future updates.

2.1 FinFireWire 2.0

We are currently running the final test for the new Version which will be

released in the upcoming weeks.

The major new Features include:

RAM Dump

Additional to the Unlock System option, it is

now possible to dump the full content of the

RAM into a dump file that can be analyzed with

common forensic tools like EnCase® to recover

hard-disk encryption passphrases, encryption

certificates, and a lot more critical information.

64-bit Support

FinFireWire now also has full 64-bit Support to

unlock 64-bit Operating Systems.

Linux Support

Linux-based Operating Systems are now

supported and can be unlocked.

OSX Support

Mac OSX Systems are now supported and can

be unlocked.


11

2.2 FinFly ISP 3.0

We are currently re-designing the FinFly ISP Infection GUI for a common

look and feel with all other FinFisher products. The major changes will be

the tabs in the headline for the different phases defining a target for

infection and a single table to display all systems currently under infection

or successfully infected.

Screenshot FinFly ISP 3.0 Interface:

The system functionality will be enhanced by giving the user the possibility to define Targets for

infection depending on the network they belong to.

This is of importance for countrywide FinFly ISP system deployments with heterogeneous networks

(e.g. a mixed environment of fixed and mobile networks).


12

2.3 FinFly NET 1.0

Based on the development and improvement of FinFly ISP 3.0 and the

already existing Portable Infection solution we are creating another mobile

tactical FinFly appliance called FinFly NET. The system will consist of a

portable Identification and Infection Proxy managed and administered

using the Management Notebook.

Designed for deploying remote access solutions on target systems inside friendly LANs (e.g. Hotels or

Hotspots), its approach is not a man-in-the-middle-attack (like using FinIntrusion Kit and FinFly LAN) but

rather a transparent part of the LAN, identifying the targets of interest using different sophisticated

Sniffer Modules for profiling.

The profiling process is provided by separate “Profiling GUI” running on the same Management

Notebook as the Infection GUI Version 3.0

Screenshot FinFly NET Profiling Interface:


13

2.4 FinFly Web 2.0

The new major FinFly Web release will contain several enhancements to

increase the infection success-rate and stealth techniques of this product.

New Features include:

Infection Detection

Sends the Payload only once, the first time the Target System visits the prepared Website.

Multi-OS Support

Automatically detects the Target Operating System and sends the corresponding Payload.

Full FinFly LAN/NET/ISP Integration

Export all Modules so they can easily be imported into the FinFly LAN, ISP and Net Products.

Product Interface:


14

3 UPCOMING EXHIBITIONS Following are the exhibitions in which the FinFisher team will be participating:

ISS World Latin America

Brasilia, Brazil

July 26-28, 2011

ISS World Americas

Washington D.C., USA

October 11-13, 2011

Cyber Warfare Europe

Berlin, Germany

September 26-29, 2011

If you wish to visit any of these events, please contact us beforehand so we can reserve sufficient time

for live demonstrations and project discussions.

We look forward to hearing from you.


15

finfisher: confidential document · screenshot finfly isp 3.0 interface: the system functionality...

Documents