siria untold atrocities

8/13/2019 SIRIA Untold Atrocities

1/37


2/37

Table o Content

U -- .. 0 _Q?j-

I._ L I

f G M M G R O U P

Gamma Grou Fields o 0 eration Gamma TS

Technical Surveillance Equ ipmentSurveillance Vans

G2SystemsIntelligence TrainingVIP Protection

Gamma International FinFisher IT Intrusion

Communication Monitoring

(: G M M G R O U P

1. Introduction2 Tactical IT Intrusion

Portfolio3 Remote Monitoring

Infection Solutions

4 IT Intrusion TrainingProgramm

5 Summary

2

3

1


3/37

eon I serve Governmental Customers Law Enforcement Agencies

Police (Intelligence, Special Branch, Anti -Corruption,VIP Protection, Presidentia l Guard, Customs, NavalBoarder Security

Intelligence AgenciesInterna l and External Security Departments

Military:Intelligence, Signal Intelligence, Army, Navy, Air Force

Special Events:International Conferences Events

G M M G R O U P

Facts Sales Su Founded

1996 Office Locations 1offices in 4 continents "' ::::> Partner Sales SupportSouthern America Gamma Group Turnover:EUR 80' (in 2010) Employees :

78 Globally

G M M G R O U P

5

2


4/37

Research starting point was the most government usedIntrusion tool worldwide: acktrack {4 Million downloads

Winning one of the top Intrusion Specialists and founder ofacktrack to build up required capabilities and to design a

comprehensive portfolio Generating a team of world class intrusion and research

specialists and programmers {well known through publicpresentations at conventions i.e. Black Hat, DEFCON

G M M G R D U P

6

7

Due to changes in technology, traditional passive monitoring systems face newchallenges that can only be solved by combining them with active solutions

Encryption technologies : SSL/TLS Encryption {Web, E-Mail, Messenger, ... Instant Messaging {Skype , Simplite, Blackberry Messenger ... ; 8lack8eny Data Encryption {PGP , S/MIME, ... Hard-Disk Encryption {Truecrypt, SafeGuard, ... TRU VPN Connections il Global mobility of Devices and Targets

Anonymity through Hotspots, Proxies, Webmail, ... Ef G M M G R O U P


5/37

IT Intrusion is used worldwide by many governments since several years.0 Germany Furious Over Chinese SpyHackersBEF .. . ... ......... _ ...... ...............................................

PR Georgia Presidents web site underY DDoS attack from Russian hackers

s y ~ I I C h o C . nSummar Stuxnet malware is 'weapon' out to destroy- ........ ... Iran's Bushehr nuclear plant?(pOOtU:o.O tole? Tho Stuxnet malwant has lnfiltratod industrial computer systems worldwide. Now, oyber HGUrity t p ~ a soccw sl w ths say trs a uarch-and-deatroy w,..pon maant to hit a alngla targat. One expMt auggnt l Itdtl 'ptn m t t d : ~ U may be afbtr nu'l 'a Bushehr nuclur pci WW ptant.oommandcmtr

w r t o r r ; t w m / b ~ ;I I U I : I O i f p o l f t r p e n l ~ l l i n C I I l

A l l g . ~ a b o u 7 5 0 m a .. a u ~ t ~ a f T . t v l n N t ~ p 8 r o t h .

a l g M C I I I h o m a M n l ~

Governmental IT Intrusion- Le al SituationNew laws are bei ng established all around the world and Trojan-Horse technologyis already legally used in many countries.

ZDNet I News I SoftwareAustralian police get go-ahead on spywareBy Mt Leaked Documents Show Gennan Pollee Attempting toHack Skype

By Kimblllfll IB . . ..w? t ?OM I ' 11'1nm I C.IIMnnrii A' HIIdaiAMCmd


6/37

Table of Content

It _ L - Q. j

-- . _- , ___ - - ::::: =:: :

~ ~ ~ ~ ~ ; ~ g----,_f G M M G R O U P

Tactical IT Intrusion Portfolio

FinUSB Suiterllntruc;IOn Kit

Ft lftreWire

G M M G R O U P

1. Introduction2 Tactical IT Intrusion

Portfolio3. Remote Monitoring

Infection Solutions4. IT Intrusion Training

Programm

5. Summary

10

5


7/37

Fin USB Suite erational Usa eThe FinUSB Suite is designed to covertly extract datafrom Target Systems.

Typical Operations:

G A M M A G R O U P

Public Systems Qu ick Forensic Analysis 20-30 seconds) Essential tool for Technical Surveillance Units

Target Systems : Using Sources th t have physical access to automaticallyextract Intelligence Dongle can be used e.g. by housekeeping staff Data is fully encrypted and can only be decrypted in HQ

FinUSB Suite Core FeaturesExtraction of Usernames and Passwords for all commonsoftware like :

E-Mail Clients Messengers Browsers

Silent Copying of Files Search Disks Recycle-Bin, Last Opened)Extracting Network Information Chat Logs Browsing History,WEP/WPA 2) Keys , Cookies, ...Compilation of System Information Running/Installed Software,Hard-Disk Information , ... )

G A M M A G F ; O U P

2

3

6


8/37

FinUS 4The FinUS HQ provides target specific configurations and professional data analysis.

FinUSB Suite Professional Re orts 5Sample report generated by the FinUS HQ software :

F 1NUS H Q

FinUS SUite: Repo rt

C G M M G R O U P

7


9/37

Fin US Suite Portable UnitNotebook Windows 7 Fin USB HQ

10 FinUSB Dongles

2 Boatable CD -Roms

~ G M M G R D U P


I niiSB uitinlntrusion Kit

J:inf 1reW1re

, G M M G R D U P

16

7

8


10/37

Finlntrusion Kit 0 erational Usa eThe Fin Intrusion Kit is a portable IT Intrusion kit which can be used for variousstrategic and tactical attacks by red-teams inside or outside the Headquarters.

Typical Operations :

G M M G R O U P

Wireless Networks: Break Encryption and record all Traffic Record Usernames and Passwords even for SSL-encrypted

sites e.g. Facebook, MySpace, Online Banking)

Access remote Systems: Gain access to remote Infrastructures and Webservers Get access to E-Mail Accounts

Fin Intrusion Kit Core Features Discover Wireless L Ns {802.11) and l u e t o o t h devices

Recover WEP {64 and 128 bit) Passphrase within 2-5 minutesBreak WP l and WPA2 Passphrase using Dict ionary AttacksEmulate Rogue Wi reless Access-Point 802.11)

Actively monitor Loc al Area Network Wired and Wireless) and extractUsernames and Passwords even for SSL/TLS-encrypted Sessions likeGMail, Hotmail, Facebook, etc.

18

19

Remotely break into E-Mail Accounts using Network -, System- andPassword-based Intrusion Techniques

G M ilmsn fY ;

Hotmair

: G M M G R O U P

9


11/37

XFi r 20The Operation Center provides easy-to-use point-and-click attacks.

FTOC Het-ollllt Wireleu P.tss

F T O C Wel c fTOC ... . ..__ A ~- F TOC lnter1.ceIPAddres.s: -- Netma.sk:

0 Biuetl)Qth c ..._.. Gateway: -:. E 1 < 4 ~ 1 II n h ~ ~ q ~fJ..Plls >WOid c BroadcastI Wtlc metaflnWrus lonQ0,9 MACAddress. UpFin Intrusion Kit Covert Tactical Unit 2 Notebook (F inTrack, FTOC)

Autorun and boatable USB Device

FinTrack boatable CO-Rom

Wireless Intrusion Hardware

G M M G R O U P

10


12/37


FmUSB SUiteF nlntr nn K tFinFireWire

G M M G R O U P

FinFireWire 0 erational Usa eThe FinFireWire product enables quick and covert access to locked Target Systemswithout loosing critical evidence due to requiring to reboot the system.

Typical Operations:

G M M G R O U P

Unlock Running Systems: Get Live access to running Systems no more need to reboot

and loose essential Evidence Modification of system is only temporary and reverted afterOperation

Dump RAM Information: Extract data from physical RAM for Forensic analysis Recover crypto passwords and more

22

23


13/37

FinFireWire Core Features The product functions on any major Operating System such as

Microsoft Windows XP -> 7), Linux and Mac OSX The product enables the agent to access the Target System without

providing any password No reboot is required, quick and covert access is possible without

loosing important evidence All configured RAM can be recorded into a file and later analyzed in

common Forensic tools like Encase to discover e.g. Hard-DiskEncryption Passwords

Works with FireWire/1394, PCMCIA and Express Card

G M M G R O U P

FinFireWire User InterfaceOnce connected to the Target System, the software provides a easy-to-use point

and-click Interface.

I:= __ Af I NFIRE W IRTMget o n f l g u r ~ t l o n

onne t to Target System

finFireWire PC Target P

4

5

12


14/37

FinFireWire Portable Unit FinFireWire Software- -- .- =' : FireWire Cables or all Ports

PCMCIA Express Card Adapters

Table of Content

I

G M M G R O U P

1 Introduction2 Tactical IT Intrusion

Portfolio

3 Remote MonitoringInfection Solutions

4. IT Intrusion TrainingProgramm

5. Summary

-26

27

13


15/37

Remote Monitorin and Infection Solutions

FinSpyFinFlyFrnSpy Mob1le

: G M M G R D U P

FinSpy is an advanced Intrusion system which once implemented into a TargetSystem guarantees fu ll access to the system with advanced features.

Typical Operations:

onitor Encrypted Communication: Full access to all communication including Skype Record even SSL encrypted Communication

Remotely ccess Target Systems: Full File System ccess Surveillance through Webcam and Microphone Live Monitoring even if Targets are in foreign Countries

8

9

4


16/37

FinS Core Features The product functions on any major Operating System such as

Microsoft Windows {2000 > 7), Mac OSX and Linux All communication and all temporary files are fully encrypted Target software is regularly tested to bypass the world s top 40 Anti-

Virus applications and hide deep inside the Target System True location ofth Headquarter is completely hidden th rough

anonymizing Proxies around the world The system can be fully integrated with an existing Law Enforcement

Monitoring Functionality {LEMF Court-proof Evidence according to European Standards

G M M G R O U P

Full Skype Monitoring {Calls, Chats, File Transfers, Video, Contact ListRecording of all VoiP communicationLive Surveillance th rough Webcam and Microphone

Country Tracing of Target Full File Access: Live File-Browsing, capturing of

deleted/printed/opened Documents Process based Keylogger for faster analysis

Forensic Tools for Live Remote ForensicEnhanced Filtering of data and recorded Information

f G M M G R O U P

3

Eridence

3

15


17/37

i 32With the FinSpy aster LEMF Interface the tactical solution can be fu lly integratedinto the Law Enforcement Moni toring Functionality LEMF)

Target

as soon t is online

inS User Interface

FinSpyRelay

The FinSpy Relay s) forwardconnections betweenTargets and Master

33

The whole system is controlled through the easy to use Graphical User Interface.

G M M G R O U P

-

16


18/37

FinSpy Master and Relay

FinSpy Agent s)

f G M M G R O U P

Remote Monitorin and nfection Solutions

G M M G R O U P

mSpvin ly

US J\loob L N ISP

FmSpy Mob le

34

35

7


19/37

FinFiy USB provides an easy touse and reliable way of installing RemoteMonito ring Solutions on Target Systems when physical access is available.

Typical Operations:Deploy FinSpy on running System : Plugin US in runn ing Target System to install FinSpy

Deploy FinSpy on turned off System: Boot US to automatically deploy FinSpy

_ G M M G R D U P

Core Features Common US Device with hidden functionality Automatic execution on Windows 2000/XP based Systems One C lick execution on Windows Vista/7 based Systems utomatic Installation through boatable System

Can even infect switched off Target Systems when the HardDisk isfully encrypted with TrueCrypt

G M M G R O U P

6

37

8


20/37

5 FinFiy B Dongles

Full Integration in to FinSpy

t G M M G R D U P

Remote Monitorin and nfection Solutions

G M M G R D U P

Fin Spyin ly

US Web

L/ \N

SPFinSp{ Mob le

38

39

9


21/37

FinFiy Web is designed to covertly inject a configurable software into remoteTarget Systems through integration in Websites.

Typical Operations:Deploy FinSpy through custom Homepages: Create Website o Target Interest Field Infect Target wit h FinSpy when it vists the Website

Create FinFiy LAN FinFiy ISP Module Create Infection Module or Integration into FinFiy L N and

FinFiy ISP

Core FeaturesAll common Browsers are supportedVarious Modules are available or InfectionSupports generation o Stand Alone Websites to infect Targetswhere only E-Mail Address or Username inside a DiscussionBoard is knownCreates Fin Fly LAN/FinFiy ISP Packages to inject the Moduleseven into popular sites li ke GMail YouTube etc.

G M M G R O U P

4

4

2


22/37

FinFiv Web Hardware and Software FinFiy Web User nterfa e

G M M G R D U P

O p ~ t l n g s s t ~~ t h e l ~ p e m i n g ~ e m

iMtd P..p...d M lftfm. AddanJ V nanP.. . . . ,M,_App\et

l f f U I M E ~ P ~ I T o m e < C f ' I W I - . w ST TIC incbHP.fJl'-l lo< . . . - ~

43

) fl

21


23/37


: G M M GR O U P

FinF

inSpyFin Fly

LSB V. eb L N SP

F mSpy Mob le

FinFiy LAN is designed to covertly inject a configurable software into remoteTarget Systems in Local Area Networks.

Typical OperationsDeploy FinSpy through Hotspots Install FinSpy on Target System through Hotspot Wireless

Network Deploy by infecting common Websites e.g. YouTube)

Deploy FinSpy through LAN Install FinSpy on Target System in Local Area etwork Deploy by injecting fake Software Updates

5


24/37

Core FeaturesDiscovers all computer systems connected to the Local AreaNetwork via IP-Address MAC-Address Host-Name andOperating SystemWorks in ired and Wireless 802.11) networksCan be combined with Finlntrusion Kit for covert network accessHides Remote Monitoring Solution in Downloads of TargetsInjects Remote Monitoring Solution as Software UpdatesRemotely installs Remote Monitoring Solution throughWebsites visited by the Target

G M M G R D U P

Targetfor Infection

G M M G R O U P

orkflowRouter

6

-

7

Gateway

infly L N

3


25/37

Fin Fly L N I Hardware and Software FinFiy L N User Interface

-q; .S y s b m S

192.168.G.ll9 O : e O : S l . d : S ~ : 1 7 YyanComp..UrI M . D . : 1 0 2 0 : 1 b : f e : M : U : 1 4 ~ C O I I O p l f t f

Ul.lM-0.32 O : . U U : ~ b : b 2 ~ IISU5tek c.ompo.ur9 6 J l ~ J O : B 0 : 7 1 : 1 1 : 2 ~ S 9ro he'lr'lcU Iies

t l .l .O.l 0:1' :86:91: -' Wllillont9'2.16&0.la 0".27U:b1:11Uo: IJ5I192.161 0.55 o::2:81::Dl:e-8:7e As\6\et:CClmjlVIer

G A M M A G R O U P

WtH.O.YOX4TS40 . M i a t s Q f i W V \ 1 U f 2 0 0 1 j 7iQ a MicrosQitWincluW5oXP G HPembeddedI lPCopUfl.a1A JCJl iJrw:U)Ia lo(iuosott:WltldowfXP

6/71:10119:21 lio7R0111.21N &7 20119;l1AI

6 ' 7 1 2 0 1 1 ~ . 2 0 , . , &n'llOll 'UlN

IS/7flDU9.21AI 1117121lll9:ll


FmSpyFin Fly

USB Web LAN ISP

FinSpy Mobilef G A M M A G R O U P

48

49

24


26/37

Finfly ISP is designed to covertly inject a configurable software intoremote Target Systems through ISP networks.Typical Operations

f G M M G R D U P

Deploy in Backbone o ISP Install FinSpy on Target Systems by selecting their

Username/RADIUS name for Infection

Install in Core of Local Area Networks Install in smaiiiSP/LAN Env ironments to install FinSpy on

local clients e.g. in Hotels or Corporate Networks)

Core FeaturesIden tify Targets by:

Username, Password e.g. xDSL) MAC-Addresses Cable) Dial-in phone number ISDN, POTS) IMSI, T-IMSI, MSISDN Internet Access in Mobile Networks)

Hides Remote Monitoring Solution in Downloads of TargetsInjects Remote Monitoring Solution as Software UpdatesRemotely installs Remote Monito ring Solution throughWebsites visited by the Target

{ G M M G R O U P

50

5

5


27/37

m nt xam l 5SP etwork

_ G M M G R O U P

6


28/37

FinFiy P User Interface {GUI)

Hardware dependent on requires pe rformance

GAMMAGROUP

.i : II II II I( II I


GAMMAGROUP

F m ~ p yFmFiyFinSpy Mobile

54

55

7


29/37

inS 6FinSpy obile is an advanced Intrusion system which once implemented into a TargetPhone guarantees full access to the communication and built-in features .

Typical Operations:

onitor all Communication: Full access to all basic Communication like SMS/MMS, Calls etc

f G M M G R D U P

inS

Record even encrypted Communication like BlackBerryMessenger

Live Surveillance: GPS Tracking of Target Phones Spycalls to listen Live to Pho ne

Core Features The product functions on any major Operating System such as

BlackBerry, iOS iPhone), Android and Windows obileWindows Phone

All communi cation and all temporary files are fully encrypted BlackBerry Messenger surveillance Recording of incoming and outgoing E-Mails Location Tracking Cell IDs and GPS Data) Live Surveillance through Silent Calls Basic Communication Interception like Calls, SMS/MMS, Call Logs

, G M M G R O U P

57

Evidence

-

8


30/37

inS 58The FinSpy obile server is connected by infected Target Phones over the InternetGPRS UMTS Wi-Fi or through the VoiP Server SMS Phone Calls .

Infected

The infected Target Phone communicatest rough GPRS/UMTS/Wi-Fi orSMS/Voice-Calls

The inSpy Masteraccepts the connections andstores the data inside the database FinSpy aster

User Interface

TCP IP

FinSpy Relay

External VoiPProvideror

FinSpyVoiP Server

FinSpy Agents

59

The whole system is controlled through the easy to use Graphical User Interface.

_f G M M G R O U P

9


31/37

FinS Infection Techni ues 6Various infection techniques exists like: Remote Infect ion via Bookmark SMS to Target Phone

Provider-Supported Infection via W P Push

Tactical Infect ion via Cable or luetooth

Infection when synchronizing with infected PC 04 2 11}

t G M M G R O U P

6

FinSpy Master and Relay

FinSpy Agent s)

FinSpy VoiP Server PR Cards for up to 3 lines

f G M M G R O U P

3


32/37

Table o ontent 62

1. Introduction1

2 Tactical T IntrusionPortfolio

3. Remote MonitoringInfection Solutions

4 IT Intrusion TrainingProgramm

5 Summary

G M M G R O U P

63

FinTraining

G M M G R O U P

3


33/37

FinTraininWith Gamma s Team of world-leading IT Intrusion experts a wide-range ofpractical IT Intrusion trainings is available.Typical Operations:

Gain Access to Webserver: Remotely get access to Target Servers Actively onitor foreign Targets

Perform Security Assessment Evaluate Security of critical Infrastructures Increase Security through regular Penetrat ion Tests

f G M M G R D U P

FinTrainin Core FactsTraining Facts

Trainings conducted in Europe or In-Country Limited to 2-4 participants Fully practical trainings Techniques can immediately be used for real-life operations

Contents asic IT Intrusion Training courses for all Topics

6

65

ost Trainings are fully customized to fulfill customer needs and requirements

G M M G R O U P

3


34/37

FinTraini es 66Example Courses

Basic and Advanced IT Intrusion Basic and Advanced Software Exploitation Basic and Advanced Web Application Intrusion Wireless IT Intrusion (WLAN, Bluetooth, RF

Example Topics Profiling of Target Websites, Networks and Persons Tracing of anonymous EM ails Remote access to Webmail Accounts Security Assessment of Web-Servers Web-Services Monitoring Hot-Spots, Internet Cafe's and Hotel Networks

Table of Content 67

1. Introduction2. Tactical IT Intrusion

Portfolio3. Remote Monitoring

Infection Solutions4. IT Intrusion Training

Programm5 ummary

{ G M M G R O U P


35/37

FinUSB Suite FinFly USBFinFire e Physical

\1F nSpy

L N

Finlntrusion Kit Finfly L N

Professional u ortOnline Support Website includes

Use r ManualsProduct RoadmapsProduct Change-LogsFrequently Asked QuestionsBug Reporting System

Software updates provided viaDownload from WebVia Online Update System

G M M G R O U P

68FinSpy Mobile

69

' ~ . c .- ... . . .

- . . -...., , _ . . ... . .

4


36/37

Wh Gamma as a Partner?Commercial:

Long-term, stable strong partnerEnti rely self-financed, independent and privately-owned companyll solutions are made in accordance to end-users requirements

Technical:Many years of experience on the field of Governmental IT Intrusion

ost advanced solutions and portfolio in the marketExisting global support infrastructure

( GAMMAGRDUP

70

5


37/37