wikileaks.org€¦ · web viewcurrent antivirus systems in our quality assurance environment:...

FinFly USB / Product Specifications

1

FINFISHER: FinFly USB 1.0

Product Specifications


2

Copyright 2010 by Gamma Group International, UK

Date 2010-03-22

Release information

Version Date Author Remarks

1.0 2010-03-22 mjm Initial Version

1.1 2010-06-29 ht New format


3

Table of Content

1 Overview.............................................................................................................................................4

2 Capabilities..........................................................................................................................................5

2.1 FinSpy Integration........................................................................................................................5

2.2 Supported Operating Systems.....................................................................................................5

2.3 Automated Execution..................................................................................................................5

3 Components........................................................................................................................................6

4 Anti-Virus Testing................................................................................................................................7

5 Updates & Support..............................................................................................................................8


4

1 OVERVIEWFinFly USB is designed to help Law Enforcement and Intelligence Agencies to covertly deploy FinSpy onto Target Systems where physical access is possible.

The device automatically deploys the FinSpy software onto Target Systems with little or no user intervention.

This document describes the full capabilities, included hard- and software, antivirus testing and the support and update system.


5

2 CAPABILITIES

2.1 FinSpy IntegrationThe FinSpy product has full support for FinFly USB devices which enables the end-user to directly install the generated FinSpy Target executables onto the inserted USB dongles and activate them.

Integration Example

2.2 Supported Operating SystemsCurrently the following Operating Systems are supported by the FinFly USB Dongle:

Microsoft Windows 2000 (all Service Packs)

Microsoft Windows XP (all Service Packs)

Microsoft Windows Vista (all Service Packs)

Microsoft Windows 7 (all Service Packs)

2.3 Automated ExecutionThe FinFly USB Dongle needs to be plugged into a running and unlocked Target System.

The automatic execution feature depends on the currently running Windows system, including its patch-level, installed protection tools and configuration.

On default configurations, the automated execution behavior is the following:

Operating System Default behavior

Windows 2000 <= SP3 Manual interaction required

Windows 2000 SP4

Windows XP

Autorun on Insertion

Windows Vista

Windows 7

Depending on the configuration interaction might be required


6

3 COMPONENTSComponent Details

5 FinFly USB Dongles Model: SanDisk Cruzer Micro

Storage Size: min 8GB

Extras: U3 Functionality

Documentation 1 User Manual

1 Product Specifications


7

4 ANTI-VIRUS TESTINGThe FinFly USB Dongle utilizes various techniques to bypass most known Anti-Virus and Anti-Spyware tools. In case a product cannot be bypassed, the agent will be faced with one of the following scenarios:

The product will block the installation of the FinSpy software

The product displays pop-ups warning about suspicious activities and/or programs which can be accepted or rejected by the agent

Due to regular updates of these products, their behavior cannot exactly be specified. Regular tests are conducted within the Gamma Quality Assurance where all FinFisher products are checked against the latest version of these security products and new techniques for bypassing them are being researched in case a new detection has been discovered.

Current Antivirus systems in our quality assurance environment:

Kaspersky Internet Security Comodo Internet Security Pro

Norton Internet Security ESET Smart Security

F-Secure Internet Security avast! Professional Edition

Panda Internet Security AVG Internet Security

ZoneAlarm Internet Security Suite BitDefender Internet Security

Bullguard Internet Security CA Internet Security Suite Plus

McAfee Internet Security Trend Micro Internet Security PRO

ClamAV Sophos Security Suite

VIPRE® Antivirus + Antispyware F-PROT Antivirus Version

G DATA Internet Security Ikarus

Mamutu NORMAN SECURITY SUITE

Outpost Security Suite Pro RISING Internet Security

Spybot Search & Destroy Spyware Doctor

Steganos Internet Security Trustport PC Security

VirusBuster Internet Security Suite

Quick Heal Total Security

Windows Defender

K7 TotalSecurity

Ad-Aware PRO Ashampoo AntiSpyware

a-squared Anti-Malware Avira Premium Security Suite

Dr.Web Security Space Security Essentials


8

5 UPDATES & SUPPORTThe software has a built-in update feature that pulls updates automatically from the Gamma Update server at configured time intervals. In case the system it not connected to the Internet, download locations are provided on request so the updates can be manually downloaded from other systems.

Every update is done through a secure encrypted link to ensure integrity of the transferred update files.

The amount of updates per year depends on the changes in the IT Intrusion field and the requirement of bug-fixes and new features. At least two major feature updates are provided per year per product.

Additional to the updates, all customers have access to an after-sales website that gives the customers the following capabilities:

Download product information (Latest user manuals, specifications, training slides)

Access change-log and roadmap for products

Report bugs and submit feature requests

Inspect frequently asked questions (FAQ)

Furthermore support is provided via telephone and E-Mail.


9

wikileaks.org€¦ · web viewcurrent antivirus systems in our quality assurance environment:...

Documents