F-Secure’s Mikko Hypponen has shared several interesting slides from a presentation that displays the wide range of capabilities offered by the FinFisher commercial spyware toolkit.
Sold by UK-based Gamma Group International, the toolkit was apparently created by Martin J. Muench, one of the founders of the BackTrack pentesting Linux distribution and at the time its main developer.
The presentation mentions FinUSB Suite, a special USB stick designed to covertly extract data from public and target systems. In the hands of an attacker that has physical access to such systems, the device can execute a quick forensic analysis and to extract intelligence.
The FinIntrusion kit is able to discover Wireless LANs and Bluetooth devices, retrieve the 64 or 128 bit WEP passphrase required to access the WiFi network in 5 minutes tops or break the WPA1 and WPA2 passphrase using dictionary attacks, and even emulate a rogue wireless access point.
Once it has gained access to the LAN, it monitors both the wired and wireless network traffic and extracts usernames and passwords for Gmail, Hotmail, Facebook, online banking, and so on – even if the login information is protected by SSL/TLS. It can also remotely break into email accounts, remote infrastructure and webservers by using netwok-, system- and password-based intrusion techniques.
FinFly USB, the backdoor tool deployed from a USB drive, can execute automatically on Windows 2000/XP systems and with one click on Windows Vista and 7, and can apparently even infect switched off target systems when the hard disk is fully encrypted with TrueCrypt.
FinFly Web can inject a number of modules into popular websites in order to deliver malware, and FinFly ISP can be used by the victim’s ISP to hide a remote monitoring solution in his downloads, inject it into his software updates, or install it through websites he visits.
Finally, FinSpy Mobile is able to compromise iOS, Android, BlackBerry, and Windows Mobile / Windows Phone devices, record incoming and outgoing emails, calls, SMS / MMS messages, perform live surveillance via silent calls, track the victim’s location via GPS data and cell IDs, and more.