finfisher: confidential document · screenshot finfly isp 3.0 interface: the system functionality...
TRANSCRIPT
FinFisher: Newsletter July 2011 / Confidential
1
FINFISHER: Newsletter July 2011
Confidential Document
FinFisher: Newsletter July 2011 / Confidential
2
Dear Customers and Partners,
During the past couple of months, we have substantially increased our team in the areas of Research and Development, Quality Assurance and Support in order to be able to upgrade all the FinFisher products to the next level. As you will see in this Newsletter, most Products have been extended quite considerably with new Features, better User Interfaces and support for Mac OSX and Linux Operating Systems. Most noticeably here is the Internationalization that has been added to most User Interfaces, which allows the Operator to select the Display Language. Currently supported Languages are: German, English, French, Arabic, Spanish, Portuguese and Russian. Our brand-new FinSpy Mobile 2.0, to remotely monitor Smartphones, is already going through its first integration test and will be released in Q4 2011 and will be directly dispatched to several customers. We are also currently enhancing our Support Website with a Community section, called FinCommunity, whereby all our customers can actively and anonymously submit Content, like Operational Tricks and Techniques, Feedback, Open Questions/Discussions, and more. We will regularly supply all our Customers on the FinCommunity Support Website with Tutorials, Latest News, Exploit announcements and other useful information. The launch of the FinCommunity is scheduled for August 2011.
Sincerely,
Martin J. Muench
Managing Director
Gamma International GmbH
FinFisher: Newsletter July 2011 / Confidential
3
Table of Contents
1 Product Updates ................................................................................................................................... 4
1.1 FinSpy 3.0 ...................................................................................................................................... 4
1.2 FinIntrusion Kit 2.0 ........................................................................................................................ 6
1.3 FinUSB Suite 3.2 ............................................................................................................................ 7
1.4 FinFly LAN 2.0 ................................................................................................................................ 8
2 Upcoming Product Releases ............................................................................................................... 10
2.1 FinFireWire 2.0 ............................................................................................................................ 10
2.2 FinFly ISP 3.0 ............................................................................................................................... 11
2.3 FinFly NET 1.0 .............................................................................................................................. 12
2.4 FinFly Web 2.0 ............................................................................................................................. 13
3 Upcoming Exhibitions ......................................................................................................................... 14
FinFisher: Newsletter July 2011 / Confidential
4
1 PRODUCT UPDATES The following product updates were released in Q1 and Q2, 2011.
The full product Release Notes, which include all changes in detail, can be found on the Support
website.
1.1 FinSpy 3.0
We have finally released FinSpy Version 3.0 which contains major new
features and enhancements, such as:
Support for all Major Operating Systems
FinSpy now supports all common Operating Systems: Windows, OSX and Linux!
In Target Creation, the Operating System can be selected and the relevant Target Executable can be
generated.
Screenshot Target Generation
FinFisher: Newsletter July 2011 / Confidential
5
Bootable USB/CD
FinFly USB can now be converted to a bootable USB that is able to infect Target
Systems during the boot process. This can now also be done using a CD-Rom.
Important: This infection technique works even when the Target System is
switched off and full hard-disk encryption software like TrueCrypt or Bitlocker is
used.
Integrated Audio Player
The new FinSpy Audio Player simplifies the analysis of
Audio data like:
Skype Voice Calls
Voice-over-IP Calls
Microphone Recordings
The Player contains many important features, like:
Channel Muting
Gain
Jumping to specific positions
Advanced File-Name Conversion
Using a filename-encoding trick, it is now possible to change the file-names of infected files and have
the exe file extension in front of the file-name where it can easily be concealed:
Excel Infection
It is now possible to also infect Microsoft Excel (.xls) files for deployment of the Target.
For a detailed overview of all changes, see the Release Notes.
FinFisher: Newsletter July 2011 / Confidential
6
1.2 FinIntrusion Kit 2.0
As announced in the last newsletter, we have been working on the next-
generation FinIntrusion Kit, Version 2.0.
We are proud to finally release the full new system.
Major new Features:
WPA 1/WPA 2 Cracking
The product automatically captures the WPA Hand-Shake and provides functionality for:
Exporting for external Cracking systems
Dictionary Attacks on the Hand-Shake
Client and Network Jammer
Functionality has been added that enables the Operator to:
Jam single Systems in the LAN/WLAN
Jam complete Wireless Networks
SSL/TLS Emulation Attacks
In addition to the traditional SSL/TLS Man-in-the-Middle attacks, a new technique has been
implemented which enables the Operator to monitor SSL/TLS connections without triggering any
certificate warnings on the Target Systems.
This enables silent capturing of Login credentials for all major Social Networks, Webmail Providers and
more.
FinFisher: Newsletter July 2011 / Confidential
7
WLAN Client Scanner
The WLAN Client Scanner detects all the Wireless Networks a Target System has used during the last
days/weeks by monitoring the active search of these Clients. This provides important information on
Hotspot usage, potential travel activities, and more.
Screenshots FinIntrusion Kit 2.0
For a detailed overview of all changes, see the Release Notes.
1.3 FinUSB Suite 3.2
The new FinUSB Suite was issued in June this year and sent to all existing
FinUSB customers. This new version was totally revised and rewritten and
offers several new important features like:
64-Bit Support
FinUSB Suite now has full 64-bit support.
Web Browser-Stored Passwords
All passwords saved by any common Web browser can now be retrieved.
FinFisher: Newsletter July 2011 / Confidential
8
Google Chrome Cookies
Cookies saved by Google Chrome are now extracted from Target Systems.
Screenshot FinUSB Suite 3.0
For a detailed overview of all changes, see the Release Notes.
1.4 FinFly LAN 2.0
The new version of FinFly LAN is now ready. It has been completely rewritten
and redesigned from the former version.
New Features include:
Simplified Target Identification
The new Interface simplifies the Target Identification process by providing extended information about
each System within the Local Area Network, like:
Operating System
Hardware Vendor
FinFisher: Newsletter July 2011 / Confidential
9
MAC Address
IP Address
Multi-OS Support
FinFly LAN 2.0 supports infection of Mac OSX systems through Update Injections.
Additional Update Injections
We have analyzed several popular products that are widely used on the internet and are now able to
send software updates for a broader range of client software.
Screenshots of the new Interface
For a detailed overview of all changes, see the Release Notes.
FinFisher: Newsletter July 2011 / Confidential
10
2 UPCOMING PRODUCT RELEASES The following product updates will be released in Q3 and Q4, 2011.
Note: Any input from your side to improve the functionality of these products in your daily operations
is highly appreciated, and will be considered for these and future updates.
2.1 FinFireWire 2.0
We are currently running the final test for the new Version which will be
released in the upcoming weeks.
The major new Features include:
RAM Dump
Additional to the Unlock System option, it is
now possible to dump the full content of the
RAM into a dump file that can be analyzed with
common forensic tools like EnCase® to recover
hard-disk encryption passphrases, encryption
certificates, and a lot more critical information.
64-bit Support
FinFireWire now also has full 64-bit Support to
unlock 64-bit Operating Systems.
Linux Support
Linux-based Operating Systems are now
supported and can be unlocked.
OSX Support
Mac OSX Systems are now supported and can
be unlocked.
FinFisher: Newsletter July 2011 / Confidential
11
2.2 FinFly ISP 3.0
We are currently re-designing the FinFly ISP Infection GUI for a common
look and feel with all other FinFisher products. The major changes will be
the tabs in the headline for the different phases defining a target for
infection and a single table to display all systems currently under infection
or successfully infected.
Screenshot FinFly ISP 3.0 Interface:
The system functionality will be enhanced by giving the user the possibility to define Targets for
infection depending on the network they belong to.
This is of importance for countrywide FinFly ISP system deployments with heterogeneous networks
(e.g. a mixed environment of fixed and mobile networks).
FinFisher: Newsletter July 2011 / Confidential
12
2.3 FinFly NET 1.0
Based on the development and improvement of FinFly ISP 3.0 and the
already existing Portable Infection solution we are creating another mobile
tactical FinFly appliance called FinFly NET. The system will consist of a
portable Identification and Infection Proxy managed and administered
using the Management Notebook.
Designed for deploying remote access solutions on target systems inside friendly LANs (e.g. Hotels or
Hotspots), its approach is not a man-in-the-middle-attack (like using FinIntrusion Kit and FinFly LAN) but
rather a transparent part of the LAN, identifying the targets of interest using different sophisticated
Sniffer Modules for profiling.
The profiling process is provided by separate “Profiling GUI” running on the same Management
Notebook as the Infection GUI Version 3.0
Screenshot FinFly NET Profiling Interface:
FinFisher: Newsletter July 2011 / Confidential
13
2.4 FinFly Web 2.0
The new major FinFly Web release will contain several enhancements to
increase the infection success-rate and stealth techniques of this product.
New Features include:
Infection Detection
Sends the Payload only once, the first time the Target System visits the prepared Website.
Multi-OS Support
Automatically detects the Target Operating System and sends the corresponding Payload.
Full FinFly LAN/NET/ISP Integration
Export all Modules so they can easily be imported into the FinFly LAN, ISP and Net Products.
Product Interface:
FinFisher: Newsletter July 2011 / Confidential
14
3 UPCOMING EXHIBITIONS Following are the exhibitions in which the FinFisher team will be participating:
ISS World Latin America
Brasilia, Brazil
July 26-28, 2011
ISS World Americas
Washington D.C., USA
October 11-13, 2011
Cyber Warfare Europe
Berlin, Germany
September 26-29, 2011
If you wish to visit any of these events, please contact us beforehand so we can reserve sufficient time
for live demonstrations and project discussions.
We look forward to hearing from you.
FinFisher: Newsletter July 2011 / Confidential
15