Download - SIRIA Untold Atrocities
-
8/13/2019 SIRIA Untold Atrocities
1/37
-
8/13/2019 SIRIA Untold Atrocities
2/37
Table o Content
U -- .. 0 _Q?j-
I._ L I
f G M M G R O U P
Gamma Grou Fields o 0 eration Gamma TS
Technical Surveillance Equ ipmentSurveillance Vans
G2SystemsIntelligence TrainingVIP Protection
Gamma International FinFisher IT Intrusion
Communication Monitoring
(: G M M G R O U P
1. Introduction2 Tactical IT Intrusion
Portfolio3 Remote Monitoring
Infection Solutions
4 IT Intrusion TrainingProgramm
5 Summary
2
3
1
-
8/13/2019 SIRIA Untold Atrocities
3/37
eon I serve Governmental Customers Law Enforcement Agencies
Police (Intelligence, Special Branch, Anti -Corruption,VIP Protection, Presidentia l Guard, Customs, NavalBoarder Security
Intelligence AgenciesInterna l and External Security Departments
Military:Intelligence, Signal Intelligence, Army, Navy, Air Force
Special Events:International Conferences Events
G M M G R O U P
Facts Sales Su Founded
1996 Office Locations 1offices in 4 continents "' ::::> Partner Sales SupportSouthern America Gamma Group Turnover:EUR 80' (in 2010) Employees :
78 Globally
G M M G R O U P
5
2
-
8/13/2019 SIRIA Untold Atrocities
4/37
Research starting point was the most government usedIntrusion tool worldwide: acktrack {4 Million downloads
Winning one of the top Intrusion Specialists and founder ofacktrack to build up required capabilities and to design a
comprehensive portfolio Generating a team of world class intrusion and research
specialists and programmers {well known through publicpresentations at conventions i.e. Black Hat, DEFCON
G M M G R D U P
6
7
Due to changes in technology, traditional passive monitoring systems face newchallenges that can only be solved by combining them with active solutions
Encryption technologies : SSL/TLS Encryption {Web, E-Mail, Messenger, ... Instant Messaging {Skype , Simplite, Blackberry Messenger ... ; 8lack8eny Data Encryption {PGP , S/MIME, ... Hard-Disk Encryption {Truecrypt, SafeGuard, ... TRU VPN Connections il Global mobility of Devices and Targets
Anonymity through Hotspots, Proxies, Webmail, ... Ef G M M G R O U P
-
8/13/2019 SIRIA Untold Atrocities
5/37
IT Intrusion is used worldwide by many governments since several years.0 Germany Furious Over Chinese SpyHackersBEF .. . ... ......... _ ...... ...............................................
PR Georgia Presidents web site underY DDoS attack from Russian hackers
s y ~ I I C h o C . nSummar Stuxnet malware is 'weapon' out to destroy- ........ ... Iran's Bushehr nuclear plant?(pOOtU:o.O tole? Tho Stuxnet malwant has lnfiltratod industrial computer systems worldwide. Now, oyber HGUrity t p ~ a soccw sl w ths say trs a uarch-and-deatroy w,..pon maant to hit a alngla targat. One expMt auggnt l Itdtl 'ptn m t t d : ~ U may be afbtr nu'l 'a Bushehr nuclur pci WW ptant.oommandcmtr
w r t o r r ; t w m / b ~ ;I I U I : I O i f p o l f t r p e n l ~ l l i n C I I l
A l l g . ~ a b o u 7 5 0 m a .. a u ~ t ~ a f T . t v l n N t ~ p 8 r o t h .
a l g M C I I I h o m a M n l ~
Governmental IT Intrusion- Le al SituationNew laws are bei ng established all around the world and Trojan-Horse technologyis already legally used in many countries.
ZDNet I News I SoftwareAustralian police get go-ahead on spywareBy Mt Leaked Documents Show Gennan Pollee Attempting toHack Skype
By Kimblllfll IB . . ..w? t ?OM I ' 11'1nm I C.IIMnnrii A' HIIdaiAMCmd
-
8/13/2019 SIRIA Untold Atrocities
6/37
Table of Content
It _ L - Q. j
-- . _- , ___ - - ::::: =:: :
~ ~ ~ ~ ~ ; ~ g----,_f G M M G R O U P
Tactical IT Intrusion Portfolio
FinUSB Suiterllntruc;IOn Kit
Ft lftreWire
G M M G R O U P
1. Introduction2 Tactical IT Intrusion
Portfolio3. Remote Monitoring
Infection Solutions4. IT Intrusion Training
Programm
5. Summary
10
5
-
8/13/2019 SIRIA Untold Atrocities
7/37
Fin USB Suite erational Usa eThe FinUSB Suite is designed to covertly extract datafrom Target Systems.
Typical Operations:
G A M M A G R O U P
Public Systems Qu ick Forensic Analysis 20-30 seconds) Essential tool for Technical Surveillance Units
Target Systems : Using Sources th t have physical access to automaticallyextract Intelligence Dongle can be used e.g. by housekeeping staff Data is fully encrypted and can only be decrypted in HQ
FinUSB Suite Core FeaturesExtraction of Usernames and Passwords for all commonsoftware like :
E-Mail Clients Messengers Browsers
Silent Copying of Files Search Disks Recycle-Bin, Last Opened)Extracting Network Information Chat Logs Browsing History,WEP/WPA 2) Keys , Cookies, ...Compilation of System Information Running/Installed Software,Hard-Disk Information , ... )
G A M M A G F ; O U P
2
3
6
-
8/13/2019 SIRIA Untold Atrocities
8/37
FinUS 4The FinUS HQ provides target specific configurations and professional data analysis.
FinUSB Suite Professional Re orts 5Sample report generated by the FinUS HQ software :
F 1NUS H Q
FinUS SUite: Repo rt
C G M M G R O U P
7
-
8/13/2019 SIRIA Untold Atrocities
9/37
Fin US Suite Portable UnitNotebook Windows 7 Fin USB HQ
10 FinUSB Dongles
2 Boatable CD -Roms
~ G M M G R D U P
Tactical IT Intrusion Portfolio
I niiSB uitinlntrusion Kit
J:inf 1reW1re
, G M M G R D U P
16
7
8
-
8/13/2019 SIRIA Untold Atrocities
10/37
Finlntrusion Kit 0 erational Usa eThe Fin Intrusion Kit is a portable IT Intrusion kit which can be used for variousstrategic and tactical attacks by red-teams inside or outside the Headquarters.
Typical Operations :
G M M G R O U P
Wireless Networks: Break Encryption and record all Traffic Record Usernames and Passwords even for SSL-encrypted
sites e.g. Facebook, MySpace, Online Banking)
Access remote Systems: Gain access to remote Infrastructures and Webservers Get access to E-Mail Accounts
Fin Intrusion Kit Core Features Discover Wireless L Ns {802.11) and l u e t o o t h devices
Recover WEP {64 and 128 bit) Passphrase within 2-5 minutesBreak WP l and WPA2 Passphrase using Dict ionary AttacksEmulate Rogue Wi reless Access-Point 802.11)
Actively monitor Loc al Area Network Wired and Wireless) and extractUsernames and Passwords even for SSL/TLS-encrypted Sessions likeGMail, Hotmail, Facebook, etc.
18
19
Remotely break into E-Mail Accounts using Network -, System- andPassword-based Intrusion Techniques
G M ilmsn fY ;
Hotmair
: G M M G R O U P
9
-
8/13/2019 SIRIA Untold Atrocities
11/37
XFi r 20The Operation Center provides easy-to-use point-and-click attacks.
FTOC Het-ollllt Wireleu P.tss
F T O C Wel c fTOC ... . ..__ A ~- F TOC lnter1.ceIPAddres.s: -- Netma.sk:
0 Biuetl)Qth c ..._.. Gateway: -:. E 1 < 4 ~ 1 II n h ~ ~ q ~fJ..Plls >WOid c BroadcastI Wtlc metaflnWrus lonQ0,9 MACAddress. UpFin Intrusion Kit Covert Tactical Unit 2 Notebook (F inTrack, FTOC)
Autorun and boatable USB Device
FinTrack boatable CO-Rom
Wireless Intrusion Hardware
G M M G R O U P
10
-
8/13/2019 SIRIA Untold Atrocities
12/37
Tactical IT Intrusion Portfolio
FmUSB SUiteF nlntr nn K tFinFireWire
G M M G R O U P
FinFireWire 0 erational Usa eThe FinFireWire product enables quick and covert access to locked Target Systemswithout loosing critical evidence due to requiring to reboot the system.
Typical Operations:
G M M G R O U P
Unlock Running Systems: Get Live access to running Systems no more need to reboot
and loose essential Evidence Modification of system is only temporary and reverted afterOperation
Dump RAM Information: Extract data from physical RAM for Forensic analysis Recover crypto passwords and more
22
23
-
8/13/2019 SIRIA Untold Atrocities
13/37
FinFireWire Core Features The product functions on any major Operating System such as
Microsoft Windows XP -> 7), Linux and Mac OSX The product enables the agent to access the Target System without
providing any password No reboot is required, quick and covert access is possible without
loosing important evidence All configured RAM can be recorded into a file and later analyzed in
common Forensic tools like Encase to discover e.g. Hard-DiskEncryption Passwords
Works with FireWire/1394, PCMCIA and Express Card
G M M G R O U P
FinFireWire User InterfaceOnce connected to the Target System, the software provides a easy-to-use point
and-click Interface.
I:= __ Af I NFIRE W IRTMget o n f l g u r ~ t l o n
onne t to Target System
finFireWire PC Target P
4
5
12
-
8/13/2019 SIRIA Untold Atrocities
14/37
FinFireWire Portable Unit FinFireWire Software- -- .- =' : FireWire Cables or all Ports
PCMCIA Express Card Adapters
Table of Content
I
G M M G R O U P
1 Introduction2 Tactical IT Intrusion
Portfolio
3 Remote MonitoringInfection Solutions
4. IT Intrusion TrainingProgramm
5. Summary
-26
27
13
-
8/13/2019 SIRIA Untold Atrocities
15/37
Remote Monitorin and Infection Solutions
FinSpyFinFlyFrnSpy Mob1le
: G M M G R D U P
FinSpy is an advanced Intrusion system which once implemented into a TargetSystem guarantees fu ll access to the system with advanced features.
Typical Operations:
onitor Encrypted Communication: Full access to all communication including Skype Record even SSL encrypted Communication
Remotely ccess Target Systems: Full File System ccess Surveillance through Webcam and Microphone Live Monitoring even if Targets are in foreign Countries
8
9
4
-
8/13/2019 SIRIA Untold Atrocities
16/37
FinS Core Features The product functions on any major Operating System such as
Microsoft Windows {2000 > 7), Mac OSX and Linux All communication and all temporary files are fully encrypted Target software is regularly tested to bypass the world s top 40 Anti-
Virus applications and hide deep inside the Target System True location ofth Headquarter is completely hidden th rough
anonymizing Proxies around the world The system can be fully integrated with an existing Law Enforcement
Monitoring Functionality {LEMF Court-proof Evidence according to European Standards
G M M G R O U P
Full Skype Monitoring {Calls, Chats, File Transfers, Video, Contact ListRecording of all VoiP communicationLive Surveillance th rough Webcam and Microphone
Country Tracing of Target Full File Access: Live File-Browsing, capturing of
deleted/printed/opened Documents Process based Keylogger for faster analysis
Forensic Tools for Live Remote ForensicEnhanced Filtering of data and recorded Information
f G M M G R O U P
3
Eridence
3
15
-
8/13/2019 SIRIA Untold Atrocities
17/37
i 32With the FinSpy aster LEMF Interface the tactical solution can be fu lly integratedinto the Law Enforcement Moni toring Functionality LEMF)
Target
as soon t is online
inS User Interface
FinSpyRelay
The FinSpy Relay s) forwardconnections betweenTargets and Master
33
The whole system is controlled through the easy to use Graphical User Interface.
G M M G R O U P
-
16
-
8/13/2019 SIRIA Untold Atrocities
18/37
FinSpy Master and Relay
FinSpy Agent s)
f G M M G R O U P
Remote Monitorin and nfection Solutions
G M M G R O U P
mSpvin ly
US J\loob L N ISP
FmSpy Mob le
34
35
7
-
8/13/2019 SIRIA Untold Atrocities
19/37
FinFiy USB provides an easy touse and reliable way of installing RemoteMonito ring Solutions on Target Systems when physical access is available.
Typical Operations:Deploy FinSpy on running System : Plugin US in runn ing Target System to install FinSpy
Deploy FinSpy on turned off System: Boot US to automatically deploy FinSpy
_ G M M G R D U P
Core Features Common US Device with hidden functionality Automatic execution on Windows 2000/XP based Systems One C lick execution on Windows Vista/7 based Systems utomatic Installation through boatable System
Can even infect switched off Target Systems when the HardDisk isfully encrypted with TrueCrypt
G M M G R O U P
6
37
8
-
8/13/2019 SIRIA Untold Atrocities
20/37
5 FinFiy B Dongles
Full Integration in to FinSpy
t G M M G R D U P
Remote Monitorin and nfection Solutions
G M M G R D U P
Fin Spyin ly
US Web
L/ \N
SPFinSp{ Mob le
38
39
9
-
8/13/2019 SIRIA Untold Atrocities
21/37
FinFiy Web is designed to covertly inject a configurable software into remoteTarget Systems through integration in Websites.
Typical Operations:Deploy FinSpy through custom Homepages: Create Website o Target Interest Field Infect Target wit h FinSpy when it vists the Website
Create FinFiy LAN FinFiy ISP Module Create Infection Module or Integration into FinFiy L N and
FinFiy ISP
Core FeaturesAll common Browsers are supportedVarious Modules are available or InfectionSupports generation o Stand Alone Websites to infect Targetswhere only E-Mail Address or Username inside a DiscussionBoard is knownCreates Fin Fly LAN/FinFiy ISP Packages to inject the Moduleseven into popular sites li ke GMail YouTube etc.
G M M G R O U P
4
4
2
-
8/13/2019 SIRIA Untold Atrocities
22/37
FinFiv Web Hardware and Software FinFiy Web User nterfa e
G M M G R D U P
O p ~ t l n g s s t ~~ t h e l ~ p e m i n g ~ e m
iMtd P..p...d M lftfm. AddanJ V nanP.. . . . ,M,_App\et
l f f U I M E ~ P ~ I T o m e < C f ' I W I - . w ST TIC incbHP.fJl'-l lo< . . . - ~
43
) fl
21
-
8/13/2019 SIRIA Untold Atrocities
23/37
Remote Monitorin and Infection Solutions
: G M M GR O U P
FinF
inSpyFin Fly
LSB V. eb L N SP
F mSpy Mob le
FinFiy LAN is designed to covertly inject a configurable software into remoteTarget Systems in Local Area Networks.
Typical OperationsDeploy FinSpy through Hotspots Install FinSpy on Target System through Hotspot Wireless
Network Deploy by infecting common Websites e.g. YouTube)
Deploy FinSpy through LAN Install FinSpy on Target System in Local Area etwork Deploy by injecting fake Software Updates
5
-
8/13/2019 SIRIA Untold Atrocities
24/37
Core FeaturesDiscovers all computer systems connected to the Local AreaNetwork via IP-Address MAC-Address Host-Name andOperating SystemWorks in ired and Wireless 802.11) networksCan be combined with Finlntrusion Kit for covert network accessHides Remote Monitoring Solution in Downloads of TargetsInjects Remote Monitoring Solution as Software UpdatesRemotely installs Remote Monitoring Solution throughWebsites visited by the Target
G M M G R D U P
Targetfor Infection
G M M G R O U P
orkflowRouter
6
-
7
Gateway
infly L N
3
-
8/13/2019 SIRIA Untold Atrocities
25/37
Fin Fly L N I Hardware and Software FinFiy L N User Interface
-q; .S y s b m S
192.168.G.ll9 O : e O : S l . d : S ~ : 1 7 YyanComp..UrI M . D . : 1 0 2 0 : 1 b : f e : M : U : 1 4 ~ C O I I O p l f t f
Ul.lM-0.32 O : . U U : ~ b : b 2 ~ IISU5tek c.ompo.ur9 6 J l ~ J O : B 0 : 7 1 : 1 1 : 2 ~ S 9ro he'lr'lcU Iies
t l .l .O.l 0:1' :86:91: -' Wllillont9'2.16&0.la 0".27U:b1:11Uo: IJ5I192.161 0.55 o::2:81::Dl:e-8:7e As\6\et:CClmjlVIer
G A M M A G R O U P
WtH.O.YOX4TS40 . M i a t s Q f i W V \ 1 U f 2 0 0 1 j 7iQ a MicrosQitWincluW5oXP G HPembeddedI lPCopUfl.a1A JCJl iJrw:U)Ia lo(iuosott:WltldowfXP
6/71:10119:21 lio7R0111.21N &7 20119;l1AI
6 ' 7 1 2 0 1 1 ~ . 2 0 , . , &n'llOll 'UlN
IS/7flDU9.21AI 1117121lll9:ll
Remote Monitorin and Infection Solutions
FmSpyFin Fly
USB Web LAN ISP
FinSpy Mobilef G A M M A G R O U P
48
49
24
-
8/13/2019 SIRIA Untold Atrocities
26/37
Finfly ISP is designed to covertly inject a configurable software intoremote Target Systems through ISP networks.Typical Operations
f G M M G R D U P
Deploy in Backbone o ISP Install FinSpy on Target Systems by selecting their
Username/RADIUS name for Infection
Install in Core of Local Area Networks Install in smaiiiSP/LAN Env ironments to install FinSpy on
local clients e.g. in Hotels or Corporate Networks)
Core FeaturesIden tify Targets by:
Username, Password e.g. xDSL) MAC-Addresses Cable) Dial-in phone number ISDN, POTS) IMSI, T-IMSI, MSISDN Internet Access in Mobile Networks)
Hides Remote Monitoring Solution in Downloads of TargetsInjects Remote Monitoring Solution as Software UpdatesRemotely installs Remote Monito ring Solution throughWebsites visited by the Target
{ G M M G R O U P
50
5
5
-
8/13/2019 SIRIA Untold Atrocities
27/37
m nt xam l 5SP etwork
_ G M M G R O U P
6
-
8/13/2019 SIRIA Untold Atrocities
28/37
FinFiy P User Interface {GUI)
Hardware dependent on requires pe rformance
GAMMAGROUP
.i : II II II I( II I
Remote Monitorin and Infection Solutions
GAMMAGROUP
F m ~ p yFmFiyFinSpy Mobile
54
55
7
-
8/13/2019 SIRIA Untold Atrocities
29/37
inS 6FinSpy obile is an advanced Intrusion system which once implemented into a TargetPhone guarantees full access to the communication and built-in features .
Typical Operations:
onitor all Communication: Full access to all basic Communication like SMS/MMS, Calls etc
f G M M G R D U P
inS
Record even encrypted Communication like BlackBerryMessenger
Live Surveillance: GPS Tracking of Target Phones Spycalls to listen Live to Pho ne
Core Features The product functions on any major Operating System such as
BlackBerry, iOS iPhone), Android and Windows obileWindows Phone
All communi cation and all temporary files are fully encrypted BlackBerry Messenger surveillance Recording of incoming and outgoing E-Mails Location Tracking Cell IDs and GPS Data) Live Surveillance through Silent Calls Basic Communication Interception like Calls, SMS/MMS, Call Logs
, G M M G R O U P
57
Evidence
-
8
-
8/13/2019 SIRIA Untold Atrocities
30/37
inS 58The FinSpy obile server is connected by infected Target Phones over the InternetGPRS UMTS Wi-Fi or through the VoiP Server SMS Phone Calls .
Infected
The infected Target Phone communicatest rough GPRS/UMTS/Wi-Fi orSMS/Voice-Calls
The inSpy Masteraccepts the connections andstores the data inside the database FinSpy aster
User Interface
TCP IP
FinSpy Relay
External VoiPProvideror
FinSpyVoiP Server
FinSpy Agents
59
The whole system is controlled through the easy to use Graphical User Interface.
_f G M M G R O U P
9
-
8/13/2019 SIRIA Untold Atrocities
31/37
FinS Infection Techni ues 6Various infection techniques exists like: Remote Infect ion via Bookmark SMS to Target Phone
Provider-Supported Infection via W P Push
Tactical Infect ion via Cable or luetooth
Infection when synchronizing with infected PC 04 2 11}
t G M M G R O U P
6
FinSpy Master and Relay
FinSpy Agent s)
FinSpy VoiP Server PR Cards for up to 3 lines
f G M M G R O U P
3
-
8/13/2019 SIRIA Untold Atrocities
32/37
Table o ontent 62
1. Introduction1
2 Tactical T IntrusionPortfolio
3. Remote MonitoringInfection Solutions
4 IT Intrusion TrainingProgramm
5 Summary
G M M G R O U P
63
FinTraining
G M M G R O U P
3
-
8/13/2019 SIRIA Untold Atrocities
33/37
FinTraininWith Gamma s Team of world-leading IT Intrusion experts a wide-range ofpractical IT Intrusion trainings is available.Typical Operations:
Gain Access to Webserver: Remotely get access to Target Servers Actively onitor foreign Targets
Perform Security Assessment Evaluate Security of critical Infrastructures Increase Security through regular Penetrat ion Tests
f G M M G R D U P
FinTrainin Core FactsTraining Facts
Trainings conducted in Europe or In-Country Limited to 2-4 participants Fully practical trainings Techniques can immediately be used for real-life operations
Contents asic IT Intrusion Training courses for all Topics
6
65
ost Trainings are fully customized to fulfill customer needs and requirements
G M M G R O U P
3
-
8/13/2019 SIRIA Untold Atrocities
34/37
FinTraini es 66Example Courses
Basic and Advanced IT Intrusion Basic and Advanced Software Exploitation Basic and Advanced Web Application Intrusion Wireless IT Intrusion (WLAN, Bluetooth, RF
Example Topics Profiling of Target Websites, Networks and Persons Tracing of anonymous EM ails Remote access to Webmail Accounts Security Assessment of Web-Servers Web-Services Monitoring Hot-Spots, Internet Cafe's and Hotel Networks
Table of Content 67
1. Introduction2. Tactical IT Intrusion
Portfolio3. Remote Monitoring
Infection Solutions4. IT Intrusion Training
Programm5 ummary
{ G M M G R O U P
-
8/13/2019 SIRIA Untold Atrocities
35/37
FinUSB Suite FinFly USBFinFire e Physical
\1F nSpy
L N
Finlntrusion Kit Finfly L N
Professional u ortOnline Support Website includes
Use r ManualsProduct RoadmapsProduct Change-LogsFrequently Asked QuestionsBug Reporting System
Software updates provided viaDownload from WebVia Online Update System
G M M G R O U P
68FinSpy Mobile
69
' ~ . c .- ... . . .
- . . -...., , _ . . ... . .
4
-
8/13/2019 SIRIA Untold Atrocities
36/37
Wh Gamma as a Partner?Commercial:
Long-term, stable strong partnerEnti rely self-financed, independent and privately-owned companyll solutions are made in accordance to end-users requirements
Technical:Many years of experience on the field of Governmental IT Intrusion
ost advanced solutions and portfolio in the marketExisting global support infrastructure
( GAMMAGRDUP
70
5
-
8/13/2019 SIRIA Untold Atrocities
37/37