FinFisher - IT Intrusion lets Government Agents Steal ALL your info
Bob Hurt
FinFisher (http://www.finfisher.com/FinFisher/en/index.php) has arrived to help you FORGET your 4th Amendment rights. The developers provide an array of tools and training to let government agents capture everything from your phone and computer, and even control it remotely without your knowing, including making it seem that you controlled it.
https://www.gammagroup.com/finfisheritintrusion.aspx offers this:
· Tactical IT Intrusion Portfolio - Gamma addresses ongoing developments in the IT Intrusion field with solutions to enhance the capabilities of our clients. Easy-to-use, high-end solutions and techniques complement the intelligence community’s know-how enabling it to address relevant Intrusion challenges on a tactical level.
· Remote Monitoring & Infection Solutions - The Remote Monitoring and Infection Solutions are used to access target systems. They give full access to stored information, the ability to take control of the target systems’ functions, and even capturing encrypted data and communications. In combination with advanced remote infection methods, Government Agencies have the capability to remotely infect and monitor all activity on target systems.
· IT Intrusion Training Program - The IT Intrusion Training Program includes courses on products supplied as well as practical IT Intrusion methods and techniques. Our training program efficiently transfers years of knowledge and experience to end-users, maximizing their capabilities in this field.
Look at what one associated company offers (http://www.elaman.de/finfisher-it-intrusion.php):
FINFISHER IT INTRUSION
Leading IT experts from the Intrusion field are part of Elaman's team. They are constantly developing and enhancing solutions to gather information from a variety of IT systems.
· FinUSB Suite: The FinUSB Suite is a tactical USB device, which extracts predefined information from a target PC.
· FinSpy: FinSpy guarantees full and real-time remote access and control of the target's computer.
· FinFly: FinFly is an infection proxy which is used to deliver intrusion software.
· FinIntrusion Kit: For professionals to gain access to networks and computers.
· FinTraining: Basic and Advanced IT Intrusion Training.
[Click here for catalogue request form]
INTERNET MONITORING, IP-BLOCK ING AND SHAPING, IT-INTRUSION
The methods and used technology for communications worldwide have moved into the IP world. All types of communication are becoming more based on IP technology (e.g. VoIP). Unfortunately no standards for intercepting IP-based networks are yet in place. Most IP networks do not provide active LI-capability yet as known from classical switch based networks (PSTN, GSM). Currently there are two ways of intercepting IP traffic:
· Interception of IP traffic within the IP network of the internet service provider - purely passive
· Trying to get access to the target PC directly with IT-Intrusion tools
In case of passive IP interception within the IP network, the task of filtering IP based traffic is within the interception system (Monitoring Center). The interception system receives all "raw" IP traffic which needs to get filtered, stored, decoded and viewed. The problem here is that no encrypted IP-traffic can be restored or decrypted (e.g. VPN traffic, https, Skype, PGP, etc.) and this is an essential amount of the overall IP traffic within an IP network. This problem can be solved if the intercepted IP data can be grabbed directly from the target PC because encryption takes place "behind" the target PC. This can be achieved using IT-Intrusion Software. Of course, such an approach is only target-based, i.e. the target must be known, and if a Trojan is embedded on the PC all IP traffic can be intercepted (also Skype, VPN, etc.). A variety of techniques are available to deliver a Trojan to the target either IS P-based or with tools if physical access to the target PC is possible. A powerful countrywide IP interception solution is based on the realization of both concepts, preferably combining them into one system: Passive IP interception and IT Intrusion Software.
SMS INTERCEPTION
The SMS interception system is connected to the GSM operators Short Message Service Centre (SMSC) within a Mobile Switching Centre (MSC) and receives all SMS. The system decodes, monitors, and stores them via the secure TCP/IP connections. All SMS are inserted in a central database for later analysis. The system is capable of holding multibillions of records over terabytes of storage systems and can process up to 200 million SMS' per day. By implementing the latest database technologies the system offers long-term archiving of SMS and fast data mining capabilities, including a full indexed multilingual SMS text-search. The implementation and interfacing of an SMS interception system depends on the type and version of the operator's Short Message Service Center (SMSC). The modular configuration of the SMS interception system allows it to interface and adapt to each vendor of such SMSC.
PABX MONITORING
A strategic LI monitoring system can intercept all communications within an operator's communication network (e.g. GSM, PSTN). Such a system does not offer the ability to monitor calls, faxes and data within private networks (PABX of hotels, companies, etc.). Based on the type of PABX, a variety of interception solutions are possible. For instance, equipment must be installed in the PABX in order to have access to a private network to mark certain numbers to be intercepted (extension) and to route intercepted calls to a place where the recording and storage should be done. Remote control is possible, also for network wide recording solutions in case several PABXs are connected to a communication network. A PABX interception solution can also be integrated into LI -Monitoring Systems in order to use a single platform and give the operator one common Graphical User Interface.
In case you wondered, this stuff did not just arrive on the scene. Check this dialogue from 2005:
http://www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=5765
I would recommend TRUECRYPT (http://truecrypt.com) and gpg for encrypting and hiding your stuff. But if you leave a computer or cell phone unattended, government agents can access it, plant spytools in it, and then capture any encryption keys you enter. This might mean you have to keep secret stuff in an encrypted SD memory chip that has an on/off switch, AND a netbook that you can hide, or use a library or internet café computer and secret identity to do your computer work. I don’t know of any tools that will protect you from IT intrusion tools like FinFisher.
| 2460 Persian Drive #70 - Clearwater, FL 33763 |
Confidentiality Notice. The Electronic Communications Privacy Act, 18 U.S.C. Ch.119 Sections 2510-2521 et seq., governs distribution of this “Message,” including attachments. The originator intended this Message for the specified recipients only; it may contain the originator’s confidential and proprietary information. The originator hereby notifies unintended recipients that they have received this Message in error, and strictly proscribes their Message review, dissemination, copying, and content-based actions. Recipients-in-error shall notify the originator immediately by e-mail, and delete the original message. Authorized carriers of this message shall expeditiously deliver this Message to intended recipients. See: Quon v. Arch.
Wireless Copyright Notice. Federal and State laws govern copyrights to this Message. You must have the originator’s full written consent to alter, copy, or use this Message. Originator acknowledges others’ copyrighted content in this Message. Otherwise, Copyright © 2010 by originator Bob Hurt, bob at bobhurt dot com, http://bobhurt.com. All Rights Reserved.