wikileaks.org€¦ · web viewcurrent antivirus systems in our quality assurance environment:...
TRANSCRIPT
FinFly USB / Product Specifications
1
FINFISHER: FinFly USB 1.0
Product Specifications
FinFly USB / Product Specifications
2
Copyright 2010 by Gamma Group International, UK
Date 2010-03-22
Release information
Version Date Author Remarks
1.0 2010-03-22 mjm Initial Version
1.1 2010-06-29 ht New format
FinFly USB / Product Specifications
3
Table of Content
1 Overview.............................................................................................................................................4
2 Capabilities..........................................................................................................................................5
2.1 FinSpy Integration........................................................................................................................5
2.2 Supported Operating Systems.....................................................................................................5
2.3 Automated Execution..................................................................................................................5
3 Components........................................................................................................................................6
4 Anti-Virus Testing................................................................................................................................7
5 Updates & Support..............................................................................................................................8
FinFly USB / Product Specifications
4
1 OVERVIEWFinFly USB is designed to help Law Enforcement and Intelligence Agencies to covertly deploy FinSpy onto Target Systems where physical access is possible.
The device automatically deploys the FinSpy software onto Target Systems with little or no user intervention.
This document describes the full capabilities, included hard- and software, antivirus testing and the support and update system.
FinFly USB / Product Specifications
5
2 CAPABILITIES
2.1 FinSpy IntegrationThe FinSpy product has full support for FinFly USB devices which enables the end-user to directly install the generated FinSpy Target executables onto the inserted USB dongles and activate them.
Integration Example
2.2 Supported Operating SystemsCurrently the following Operating Systems are supported by the FinFly USB Dongle:
Microsoft Windows 2000 (all Service Packs)
Microsoft Windows XP (all Service Packs)
Microsoft Windows Vista (all Service Packs)
Microsoft Windows 7 (all Service Packs)
2.3 Automated ExecutionThe FinFly USB Dongle needs to be plugged into a running and unlocked Target System.
The automatic execution feature depends on the currently running Windows system, including its patch-level, installed protection tools and configuration.
On default configurations, the automated execution behavior is the following:
Operating System Default behavior
Windows 2000 <= SP3 Manual interaction required
Windows 2000 SP4
Windows XP
Autorun on Insertion
Windows Vista
Windows 7
Depending on the configuration interaction might be required
FinFly USB / Product Specifications
6
3 COMPONENTSComponent Details
5 FinFly USB Dongles Model: SanDisk Cruzer Micro
Storage Size: min 8GB
Extras: U3 Functionality
Documentation 1 User Manual
1 Product Specifications
FinFly USB / Product Specifications
7
4 ANTI-VIRUS TESTINGThe FinFly USB Dongle utilizes various techniques to bypass most known Anti-Virus and Anti-Spyware tools. In case a product cannot be bypassed, the agent will be faced with one of the following scenarios:
The product will block the installation of the FinSpy software
The product displays pop-ups warning about suspicious activities and/or programs which can be accepted or rejected by the agent
Due to regular updates of these products, their behavior cannot exactly be specified. Regular tests are conducted within the Gamma Quality Assurance where all FinFisher products are checked against the latest version of these security products and new techniques for bypassing them are being researched in case a new detection has been discovered.
Current Antivirus systems in our quality assurance environment:
Kaspersky Internet Security Comodo Internet Security Pro
Norton Internet Security ESET Smart Security
F-Secure Internet Security avast! Professional Edition
Panda Internet Security AVG Internet Security
ZoneAlarm Internet Security Suite BitDefender Internet Security
Bullguard Internet Security CA Internet Security Suite Plus
McAfee Internet Security Trend Micro Internet Security PRO
ClamAV Sophos Security Suite
VIPRE® Antivirus + Antispyware F-PROT Antivirus Version
G DATA Internet Security Ikarus
Mamutu NORMAN SECURITY SUITE
Outpost Security Suite Pro RISING Internet Security
Spybot Search & Destroy Spyware Doctor
Steganos Internet Security Trustport PC Security
VirusBuster Internet Security Suite
Quick Heal Total Security
Windows Defender
K7 TotalSecurity
Ad-Aware PRO Ashampoo AntiSpyware
a-squared Anti-Malware Avira Premium Security Suite
Dr.Web Security Space Security Essentials
FinFly USB / Product Specifications
8
5 UPDATES & SUPPORTThe software has a built-in update feature that pulls updates automatically from the Gamma Update server at configured time intervals. In case the system it not connected to the Internet, download locations are provided on request so the updates can be manually downloaded from other systems.
Every update is done through a secure encrypted link to ensure integrity of the transferred update files.
The amount of updates per year depends on the changes in the IT Intrusion field and the requirement of bug-fixes and new features. At least two major feature updates are provided per year per product.
Additional to the updates, all customers have access to an after-sales website that gives the customers the following capabilities:
Download product information (Latest user manuals, specifications, training slides)
Access change-log and roadmap for products
Report bugs and submit feature requests
Inspect frequently asked questions (FAQ)
Furthermore support is provided via telephone and E-Mail.
FinFly USB / Product Specifications
9