Join Us!

Finfisher IT Intrus...
 
Notifications
Clear all

Finfisher IT Intrusion and Remote Monitoring  

  RSS
nash
 nash
(@nash)
New Member

Hey,

Our agency is thinking of buying the Finfisher IT Intrusion and Remote Monitoring Solution from Gamma Group. I need to know if anyone is using the FinFly Lite, FinFly Web or FinFly ISP remote monitoring and infection solutions. How good are these products? The tools claim to remotely install monitoring solutions on the target system by sending fake software updates and by using fake websites.

How effective is the solution in terms of remote monitoring of webmails and VOIP communications. Can the suspect figure out in any way that a remote monitoring solution is being installed on the machine?

Also if there are any similar products to FinFisher available in the market?

Thank you
Nash

Quote
Posted : 03/05/2010 6:02 pm
MindSmith
(@mindsmith)
Active Member

Nash, I have been looking at FinFisher too - after seeing their demos at ISSWorld. I have also been looking at the hackingteam.it (Remote Control v6 - not listed on their website) solution, but they currently don’t support a full range of Mobile Operating systems. Key advantage of FinFisher is the Intrusion suite; which you may need to plant the agent, unless you have physical access to the target devices; this is something that HackingTeam cannot provide.

Both vendors claim that the solution is undetected by AV software and that they do repeated testing daily to enure that that is the case, and will issue updates if the agent is detected on the target by AV software. Also make sure that you look at the auditing/control features in detail.

FinFisher marketing folk implied that their solution has been developed based on the BackTraq toolkit, and that one of their developer's had a hand in co-developing BackTraq, but when I pushed further - they were not very forthcoming.

Feature by feature FinFisher seems to be the best and most advanced commercially available toolkit for tactical LI deployments - if you go for the full solution including the Intrusion suite. Get a full demo or Proof of Concept implemented that you can test and play with to measure suitablity before your decide.

Good luck.

ReplyQuote
Posted : 04/05/2010 5:56 pm
raoul
(@raoul)
New Member

I see both of you come from middle east - are such tactics even allowed by european or US gouverment agencies?

ReplyQuote
Posted : 05/05/2010 12:57 am
MindSmith
(@mindsmith)
Active Member

Raoul, to my knowledge such tactics are permitted in most European & other countries under the equivalent of a WireTap/CALEA or Lawful Interception acts. Court warrants/orders need to be obtained like in most countries by LEAs. There are also many instances of such tools having be created by Law Enforcement themselves.

Interestingly; such tools are also sold by some companies as 'pen testing' tools and used in some organisations as part of their "e-discovery" solutions/Realtime monitoring solutions subject to privacy laws in some of those countries.

ReplyQuote
Posted : 05/05/2010 11:14 am
nash
 nash
(@nash)
New Member

@MindSmith….thank you for your reply. I am looking at the HackingTeam Remote Control Solution. However, as you mentioned, the Fin Intrusion kit offers nice features for breaking WPA encryption and remotely breaking into email accounts.

ReplyQuote
Posted : 05/05/2010 4:26 pm
belgin
(@belgin)
New Member

Hi Folks, I am a reporter for Bloomberg News. I'm working on a story about the global deployment of intrusion products, such as Finfisher. Nash/MindSmith I'd like to hear about your research into these products.

Can you drop me a note? Our email formula is [email protected]

Thanks and best regards,
Ben Elgin

ReplyQuote
Posted : 13/04/2011 12:06 am
kovar
(@kovar)
Senior Member

Greetings,

Your email bounces. Gives one pause….

-David

ReplyQuote
Posted : 13/04/2011 5:15 am
belgin
(@belgin)
New Member

Hello David,
I put the formula "flast" to avoid spam. It is belgin (at) bloomberg.net.

My direct line at work (415) 617-7022. I'd be interested to hear from you.
- Ben

ReplyQuote
Posted : 13/04/2011 5:30 am
Share: