±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 2 Overall: 36290
New Yesterday: 4 Visitors: 166

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Finfisher IT Intrusion and Remote Monitoring

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page 1, 2  Next 
  

nash
Newbie
 

Finfisher IT Intrusion and Remote Monitoring

Post Posted: May 03, 10 17:02

Hey,

Our agency is thinking of buying the Finfisher IT Intrusion and Remote Monitoring Solution from Gamma Group. I need to know if anyone is using the FinFly Lite, FinFly Web or FinFly ISP remote monitoring and infection solutions. How good are these products? The tools claim to remotely install monitoring solutions on the target system by sending fake software updates and by using fake websites.

How effective is the solution in terms of remote monitoring of webmails and VOIP communications. Can the suspect figure out in any way that a remote monitoring solution is being installed on the machine?

Also if there are any similar products to FinFisher available in the market?

Thank you
Nash  
 
  

MindSmith
Senior Member
 

Re: Finfisher IT Intrusion and Remote Monitoring

Post Posted: May 04, 10 16:56

Nash, I have been looking at FinFisher too - after seeing their demos at ISSWorld. I have also been looking at the hackingteam.it (Remote Control v6 - not listed on their website) solution, but they currently don’t support a full range of Mobile Operating systems. Key advantage of FinFisher is the Intrusion suite; which you may need to plant the agent, unless you have physical access to the target devices; this is something that HackingTeam cannot provide.

Both vendors claim that the solution is undetected by AV software and that they do repeated testing daily to enure that that is the case, and will issue updates if the agent is detected on the target by AV software. Also make sure that you look at the auditing/control features in detail.

FinFisher marketing folk implied that their solution has been developed based on the BackTraq toolkit, and that one of their developer's had a hand in co-developing BackTraq, but when I pushed further - they were not very forthcoming.


Feature by feature FinFisher seems to be the best and most advanced commercially available toolkit for tactical LI deployments - if you go for the full solution including the Intrusion suite. Get a full demo or Proof of Concept implemented that you can test and play with to measure suitablity before your decide.


Good luck.
_________________
#include <std.disclaimer.H> 
 
  

raoul
Member
 

Re: Finfisher IT Intrusion and Remote Monitoring

Post Posted: May 04, 10 23:57

I see both of you come from middle east - are such tactics even allowed by european or US gouverment agencies?  
 
  

MindSmith
Senior Member
 

Re: Finfisher IT Intrusion and Remote Monitoring

Post Posted: May 05, 10 10:14

Raoul, to my knowledge such tactics are permitted in most European & other countries under the equivalent of a WireTap/CALEA or Lawful Interception acts. Court warrants/orders need to be obtained like in most countries by LEAs. There are also many instances of such tools having be created by Law Enforcement themselves.

Interestingly; such tools are also sold by some companies as 'pen testing' tools and used in some organisations as part of their "e-discovery" solutions/Realtime monitoring solutions subject to privacy laws in some of those countries.
_________________
#include <std.disclaimer.H> 
 
  

nash
Newbie
 

Re: Finfisher IT Intrusion and Remote Monitoring

Post Posted: May 05, 10 15:26

@MindSmith....thank you for your reply. I am looking at the HackingTeam Remote Control Solution. However, as you mentioned, the Fin Intrusion kit offers nice features for breaking WPA encryption and remotely breaking into email accounts.  
 
  

belgin
Newbie
 

Re: Finfisher IT Intrusion and Remote Monitoring

Post Posted: Apr 12, 11 23:06

Hi Folks, I am a reporter for Bloomberg News. I'm working on a story about the global deployment of intrusion products, such as Finfisher. Nash/MindSmith: I'd like to hear about your research into these products.

Can you drop me a note? Our email formula is flast @ bloomberg.net

Thanks and best regards,
Ben Elgin  
 
  

kovar
Senior Member
 

Re: Finfisher IT Intrusion and Remote Monitoring

Post Posted: Apr 13, 11 04:15

Greetings,

Your email bounces. Gives one pause....

-David
_________________
CISSP, CCE, EnCE, Licensed Private Investigator (CA) 
 

Page 1 of 2
Page 1, 2  Next