The Target Eye Compiler is the "factory" which is used to define, edit and create Secret Agents.

Detailed Features List

Surveillance Type -> Start Always

When this checkbox is checked, the Secret Agent will run automatically whenever the monitored computer is working.

The default mode would be On, while only for certain tests it would be turned Off.

Surveillance Type -> Show Warrning

When this checkbox is checked, a warning will be displayed on the Icons Tray. This option should be used when the monitoring is not discrete.

Surveillance Type -> Activate Keyboard Capturing

When this checkbox is checked, each keystroke will be captured. The Keyboard Capturing used by Target Eye Monitoring System is multi-lingual and doesn't require any DLLs.

Surveillance Type -> Connect Always

When this checkbox is checked, the Secret Agent will always connect to the network in order to send information. When this checkbox is unchecked, the Secret Agent will wait for another connection to be initialized and will then "hijack" it for it's own transmission.

Surveillance Type -> Self Test

When this checkbox is checked, the Secret Agent will perform some tests which will predict it's efficiency prior to doing it's planned work. The outcomes of such test will be sent to the Server or by a hidden Email transmission.

Surveillance Type -> Send Passwords

When this checkbox is checked, the Secret Agent will send all stored passwords taken from the Windows Protected Storage Area. This information may contain user name, Email account details, saved login details for internet sites, etc.

Surveillance Type -> Reset Log File

When this checkbox is checked, the Secret Agent will clear any old log file that is hidden kept from past operations. This is useful in cases that a large log file was created and we wish to delete it.

Surveillance Type -> Send User History

When this checkbox is checked, the User History File will be created and sent to the Server. This file contains the following information:

• Any searches made


• Recent documents


• Process List


• URL and files history

Shopping List Mechanism  -Activate Shopping List Mechanism

When this checkbox is checked, the Shopping List Mechanism will be used for interactive requests of files to be sent to the Server or collected while offline.

Shopping List Mechanism  -Shopping List Query

This is where a list of initial queries is entered.

Shopping List Mechanism  - Encrypt Shopping List on the Server

When this checkbox is checked, the Shopping List file will be encrypted on the Server. When it is unchecked, it is possible to use the Explorer to modify and edit this file on the fly, while getting faster results from the Secret Agent. For example: adding a new query. When the file is encrypted, the Target Eye Decryptor tool is required to make any changes.

Shopping List Mechanism  - Ignore Files Larger Than

When this checkbox is checked, the amount of MB indicated bellow, are the higher limit of files that will be sent to the Server. Files which are larger than that size will be ignored.

Transmission Settings

The Transmission Settings are used to determine the time between each cycle and the number of cycles between each activity. That approach is to our opinion, the best way to define how the Secret Agent will work.

Cycle Time -           the number of seconds in which the Secret Agent "sleeps" before going into the loop of tasks to do.

Screen Capture -           the number of cycles between each capture of the screen image.

Send File -           the number of cycles between each file to be sent, according to the Shopping List.

Check for Updates -           the number of cycles between each check for updates for the software on the server.

Send Audio -           the number of cycles between each transmission of captured audio.

Send Keyboard         - the number of cycles between each transmission of data captured from the keyboard.

Send Log                    - mostly for tests and QA. The number of cycles between each transmission of the latest operation log file the Secret Agent creates.

First Time Delay -           an amount of time which can be set which indicates a delay prior to the Secret Agent start of any activity.

Change Cover Name Every - the number of cycles between changes the Secret Agent can make in the way it is hidden in the system.

All of the above can be disabled by entering "-1" as the numeric value.

Start / End Operation at

This feature is used to determine the lifetime of the Secret Agent. The operator can define the exact date and time in which the Secret Agent will start to operate and the exact date and time in which the Secret Agent will terminate itself.

Alternatively, it can be defined that the Secret Agent will last X cycles.

When checking the Destroy Compiled Agent after end of operation when the Secret Agent terminates, the Compiled Agent will be deleted, along with the Secret Agent itself which will complete uninstall itself without any traces.

Offline Mode

The Offline Mode definitions are taken into place whenever the suspect is not connected to the Internet. In such case we can determine how much data to collect, and when the monitored PC as back on the net, how often to send this data.

Send Offline Files Every

Is used to set the number of cycles between each file captured offline (could be any type of file set in a queue) is sent to the Server.

Limit Offline Folder to

Is used to set the maximum storage area in MB. When the storage is filled, the Secret Agent doesn't accept new files, until some of the old files are sent to the Server and some storage space is freed.

Operation Condition

This feature provides the operator to assure that the Secret Agent will only operate on the Target PC. The Target PC can be identified using either IP address, email address or the hardware unique ID.

Server Predefined Settings

This section allows the operator to define the settings of the Server in which the data captured by the Secret Agent is sent to. Alternatively, a local folder can be defined to simulate the Secret Agent without sending any information outside. That option (i.e. Emulation Mode) is used for tests, but can be used by our client to test newly created Secret Agent prior to sending them to the battlefield.

Other Compiler Settings

There are some other compiler settings which are not discussed in this document. That is because we prefer discussing these issues during a later stage of our mutual work with your agency. These settings include methods we have developed for using Hot Words as triggers to certain actions and the way we implement KeyBoard capturing.

The Shopping List Mechanism ™

Target Eye Monitoring System has a unique mechanism for bi-directional files requests from the monitored computer. Using the Shopping List Mechanism ™ , the operator can define requests as for which criteria to be used, and then, to modify these requests on the fly.

What is the Shopping List

The Shopping List is in fact, a file, managed manually by the Operator, and the Secret Agent.

The Operator defines the queries, and then manipulate and edit them, as well as their results, while the Secret Agent execute them and marks which one of the requested files we sent.

The Shopping List is constantly updated by the Secret Agent, and as a result, it can be used to get an updated view of the operation activity.

The Shopping List Naming Structure

In order of doing so, The Shopping List file is placed on the Server, and can be identified by it's unique naming structure.

<OperationID><AgentID><Shopping List Alias>

For example:

If the OperationID is “SECRET00” and the AgentID is “IBM000000001”, and provided that the Shopping List Alias is “files.txt”, you will get:

SECRET00IBM000000001-files.txt

The Shopping List Structure

There are different types of entries which can be part of the Shopping List.

A Single Request

When the Operator needs a specific file, knowing it's exact location, a Single Request is used.

For example

To request the file 'autoexec.bat' located in C:\  the request would be:

[ ] c:\autoexec.bat

and after successful execution of this request, the entry will be:

[X] c:\autoexec.bat

or alternatively, in case of failure (for example: if there is no such file), the entry will be:

[!] c:\autoexec.bat

A Simple Query

When the Operator needs all files of a certain type, with or without specific name, a Simple Query is used. Such query will always start with [Q] and will use SQL syntax to define the criteria.

For example

To request all DOC files containing the word 'spy', in any place in the monitored computer, the entry will be:

[Q] *spy*.doc

As a result, the Secret Agent might, for example, find the following files, and the operator will see the following entries added:

[ ] c:\docs\About Spyware.doc

[ ] d:\backup\A letter to james spyropolos.doc

etc.

Deleting a file

When the Operator wishes to delete a single or several files, with or without specific name, a Simple Delete Query is used. Such query will always start with [D] and will use SQL syntax to define the criteria.

For example

To request all DOC files containing the word 'spy', in any place in the monitored computer, the entry will be:

[D] *spy*.doc

will delete all Word documents with the string "spy" as part of their names.

Commands Sent to the Secret Agent

The Target Eye Monitoring System has its own command syntax which is used to send instructions to the Secret Agent during a mission. Here is a list of the commands that are currently supported. Of course, the syntax, the commands and the ability to add them or change them are part of the way we see and thing of the typical type of projects we conduct. In fact, this part should be customized according to specific client's demands in order to meet their precise needs.

KILLPRO <Process Name>

Find a process by the name <Process Name> and kill it.

ADDKPRL <Process Name>

Adds a process name to a list of processes that are blacklisted in the way of not allowing them to run at all.

SETKPRL <Process Names separated by the Pound key (#)>

Define the list of blacklisted processes.

REMVPRO <Process Name>

Removes a process from the blacklist

EMAIL <Email Address>

Sets an email address which will be used to covertly send information by the Secret Agent. When not email address is defined, no email communication will be made by the Secret Agents.

Name <New Name>

Changes the unique name given to the Secret Agent.

MSG <Message String>

Used to send a message to the suspect, which will be displayed on his / her computer.

SLEEP

Puts the Secret Agent to sleep until a WAKE command is received.

WAKE

Wakes the Secret Agent when it is in SLEEP mode.

©2000-2013 Michael Haephrati and Target Eye LTD

All materials contained on this site are protected by International copyright law and may not be used, reproduced, distributed, transmitted, displayed, published or broadcast without the prior written permission given by Michael Haephrati and Target Eye LTD. You may not alter or remove any trademark, copyright or other notice from copies of the content.