Finfisher IT Intrus...
 
Notifications
Clear all

Finfisher IT Intrusion and Remote Monitoring

8 Posts
5 Users
0 Likes
757 Views
 Nash
(@nash)
Posts: 9
Active Member
Topic starter
 

Hey,

Our agency is thinking of buying the Finfisher IT Intrusion and Remote Monitoring Solution from Gamma Group. I need to know if anyone is using the FinFly Lite, FinFly Web or FinFly ISP remote monitoring and infection solutions. How good are these products? The tools claim to remotely install monitoring solutions on the target system by sending fake software updates and by using fake websites.

How effective is the solution in terms of remote monitoring of webmails and VOIP communications. Can the suspect figure out in any way that a remote monitoring solution is being installed on the machine?

Also if there are any similar products to FinFisher available in the market?

Thank you
Nash

 
Posted : 03/05/2010 5:02 pm
(@mindsmith)
Posts: 174
Estimable Member
 

Nash, I have been looking at FinFisher too - after seeing their demos at ISSWorld. I have also been looking at the hackingteam.it (Remote Control v6 - not listed on their website) solution, but they currently don’t support a full range of Mobile Operating systems. Key advantage of FinFisher is the Intrusion suite; which you may need to plant the agent, unless you have physical access to the target devices; this is something that HackingTeam cannot provide.

Both vendors claim that the solution is undetected by AV software and that they do repeated testing daily to enure that that is the case, and will issue updates if the agent is detected on the target by AV software. Also make sure that you look at the auditing/control features in detail.

FinFisher marketing folk implied that their solution has been developed based on the BackTraq toolkit, and that one of their developer's had a hand in co-developing BackTraq, but when I pushed further - they were not very forthcoming.

Feature by feature FinFisher seems to be the best and most advanced commercially available toolkit for tactical LI deployments - if you go for the full solution including the Intrusion suite. Get a full demo or Proof of Concept implemented that you can test and play with to measure suitablity before your decide.

Good luck.

 
Posted : 04/05/2010 4:56 pm
(@raoul)
Posts: 16
Active Member
 

I see both of you come from middle east - are such tactics even allowed by european or US gouverment agencies?

 
Posted : 04/05/2010 11:57 pm
(@mindsmith)
Posts: 174
Estimable Member
 

Raoul, to my knowledge such tactics are permitted in most European & other countries under the equivalent of a WireTap/CALEA or Lawful Interception acts. Court warrants/orders need to be obtained like in most countries by LEAs. There are also many instances of such tools having be created by Law Enforcement themselves.

Interestingly; such tools are also sold by some companies as 'pen testing' tools and used in some organisations as part of their "e-discovery" solutions/Realtime monitoring solutions subject to privacy laws in some of those countries.

 
Posted : 05/05/2010 10:14 am
 Nash
(@nash)
Posts: 9
Active Member
Topic starter
 

@MindSmith….thank you for your reply. I am looking at the HackingTeam Remote Control Solution. However, as you mentioned, the Fin Intrusion kit offers nice features for breaking WPA encryption and remotely breaking into email accounts.

 
Posted : 05/05/2010 3:26 pm
(@belgin)
Posts: 2
New Member
 

Hi Folks, I am a reporter for Bloomberg News. I'm working on a story about the global deployment of intrusion products, such as Finfisher. Nash/MindSmith I'd like to hear about your research into these products.

Can you drop me a note? Our email formula is flast@bloomberg.net

Thanks and best regards,
Ben Elgin

 
Posted : 12/04/2011 11:06 pm
(@kovar)
Posts: 805
Prominent Member
 

Greetings,

Your email bounces. Gives one pause….

-David

 
Posted : 13/04/2011 4:15 am
(@belgin)
Posts: 2
New Member
 

Hello David,
I put the formula "flast" to avoid spam. It is belgin (at) bloomberg.net.

My direct line at work (415) 617-7022. I'd be interested to hear from you.
- Ben

 
Posted : 13/04/2011 4:30 am
Share: