Release Information s1

FINFISHER: FinFly USB 1.0 FinFly USB / User Manual

FINUSB SUITEUser Manual 1 FinFly USB / User Manual

FINUSB SUITE 2

Date 2010-04-14

Release information

Version Date Author Remarks

1.0 2010-04-13 AH Initial version

1.1 2010-04-14 mjm Review FinFly USB / User Manual

FINUSB SUITE 3

Table of Content

1 Overview...... 4

2 Configuration...... 5

3 Usage...... 6

3.1 Manual Infection...... 7

3.2 Infection Verification...... 7

4 Support...... 8 FinFly USB / User Manual

FINUSB SUITE 4

1 OVERVIEW

FinFly USB is designed to help Law Enforcement and Intelligence Agencies to covertly deploy FinSpy onto Target Systems where physical access is possible. The device automatically deploys the FinSpy software onto Target Systems with little or no user intervention. FinFly USB / User Manual

FINUSB SUITE 5

2 CONFIGURATION The FinFly USB dongle is configured through the FinSpy Agent software.

In order to prepare the infection dongle, login to the FinSpy Agent and select “Create Target”. Follow the Target creation dialog as explained in the FinSpy Agent user manual.

In the last step of the Target creation process, the software offers the possibility to install the created Target (1) on the FinFly USB dongle.

Select the checkbox for “FinFly USB Infection Dongle” (2) and click “Generate” (3) to finalize the FinFly USB dongle.

Note: It is important that the FinFly USB Infection Dongle is plugged into the system! FinFly USB / User Manual

FINUSB SUITE 6

The process might take some time as the generation of the Target will be done on the FinSpy Master. After the successful generation, the Target is placed on the FinFly USB dongle.

The FinFly USB dongle is now prepared and ready for use.

3 USAGE The FinFly USB needs to be plugged into a running and unlocked target system.

The automatic execution feature depends on the currently running Windows system, including its patch- level, installed protection tools and configuration.

On default configurations, the automated execution behavior is the following:

Operating System Default behavior

Windows 2000 <= SP3 Manual interaction required

Windows 2000 SP4 Autorun on Insertion

Windows XP

Windows Vista Depending on the configuration interaction might be required

Windows 7 FinFly USB / User Manual

FINUSB SUITE 7

3.1 Manual Infection The FinFly USB Infection Dongle uses the U3 technology to emulate a virtual CD-Rom drive. Using this technology, the software should run automatically on most systems unless this facility has been de-activated.

If Autorun is disabled on the system, the process must be started manually:

1. Open the “My Computer” dialog 2. Double-click the emulated CD-Rom drive

3.2 Infection Verification After successful infection of the target system, the generated FinSpy Target will appear in the FinSpy Agent target list. FinFly USB / User Manual

FINUSB SUITE 8

4 SUPPORT All customers have access to an after-sales website that gives the customers the following capabilities:

 Download product information (Latest user manuals, specifications, training slides)

 Access change-log and roadmap for products

 Report bugs and submit feature requests

 Inspect frequently asked questions (FAQ)

The after-sales website can be found at

 https://www.gamma-international.de

o Username:

o Password:

FinFly USB / User Manual

FINUSB SUITE 9