Sales Report

FAE
Sales

Philippe Vinci

Partner
Customer

Ministre de lIntrieur
(?)

Report
Type

Customer meeting followup

Country

France

City

Paris

Date

02/04/2015

Activities performed: Follow-up Meeting

3 participants on MOI side: TXXXX LXXXX (ex DGSI), Yvan X (?), Y (?)
2 participants on HT side: Emanuele Levi, Philippe Vinci
Objective of the meeting was to touch base again with French Ministre de
lIntrieur, update them on Hacking Team and above all qualify their appetite on
solutions such as Galileo.
Internal objective was to get them interested sufficiently so that they request a
complete product presentation and demo, a) in France, or b) in Milano. Our goal was
to find the arguments to bring them to Milano.

Considerations
Yvan was driving the technical / solution discussion, while Tancrede was managing
the political context and describing the judicial requirements from the French
Government towards solutions such as HTs.
Yvan seemed very knowledgeable on offensive solutions, on the players in the
market and the eco-system. Based on the type of questions he was asking, both on
the functionalities of the solution, on the IT architecture, on the infection methods
and exploits, as well as on the internal processes such as crisis management or
notification and alerting to customers, judicial use and compliance of the
solution (evidences).
Tancrede of course started by mentioning the mandatory involvement of the
ANSSI (Agence Nationale de la Scurit des Systmes dInformation) for the
introduction of such solution into any French Government (R-226 requiring the audit
of any interception solution to avoid back-doors). While we argued that business
first would drive such requirement, Tancrede suggested to go into the features and
technical aspect of the solution and leaving this discussion for later.
Im convinced that Emanuele and I did a real good job in opening their appetite to

Document version 1.0 (Nov 03,

2014)

Pag. 1

Sales Report

know more about the solution. Of course at a very high-level in term of

functionalities. Nevertheless, I think that theyve shown interest and took notes
several times on the following aspects of our speech:
1. Complete solution, true Suite of products (compared to Exploit only
companies such as Vupen)
2. R&D for our own Exploits (we try to master the full chain)
3. ISP Network Injection solution (I think this one caused an excellent body
language reaction)
4. The Architecture with separated components such as Master Node,
Collectors, Anonymizers. All controlled by them
5. Target-Centric solution with a unified Graphical User Interface independent of
Platform and independent on Infection methods.
6. Multi-stage infection our Event / Action easily configurable for each
scenario.
7. RITE or our Testing-Ecosystem
8. A clear published Customer Policy
9. Crisis Management Process (although we were not able to describe the
process in detail)
10.A pure Software License business model + including M&S with Upgrades +
EDN Services
My guess is that #3, 4, 6, 7 and 9 were of particular interest as they took notes as
we spoke.
Im listing below the more important questions that we were asked during the
meeting or the most important topics in their eyes. This should help us in preparing
next steps and learning from their requirements (not in chronological order, nor
priority order):
a) Crisis Management Process. From the alert, through the corrective action and
communication to LE customer
b) Agent signature. Different for each LE customer. How we address evolution
and upgrade of the Agents once discovered.
c) Agent/Exploit lifecycle. Do we have many versions in stock in anticipation of
the one that is patched or discovered. Do we have different levels of Exploits
(for the use of different level of Customers)
d) Independence on the creation of any infection vectors. How they can protect
the secrecy of the operation (the type of file or document they are using)
when using Exploit Delivery Network.
e) Judicial evidences. How we make sure that evidences have not been altered
and that they come from the correct target.
f) Judicial evidences. How can we guarantee the continuity of the service that is
required when a judge ask for evidences (guarantee of results in the law).
g) What is the back-up in case an Exploit is no more available (we answered
other methods of infection)they asked again the question of Exploits in
Document version 1.0 (Nov 03,
2014)

Pag. 2

Sales Report

stock or in anticipation
h) Judicial evidences. Has there been in the past any claim from Defense on the
use of the technology (Polizia Postale experience would be good)

Next Steps
The ball is (unfortunately as usual) in MOIs hands. They will debrief internally and
possibly contact us for the next step: meaning a prepared meeting with product
presentation, Q&A with our technical, R&S and process team and a complete demo.
Hopefully in Milano (we gave all the possible arguments to make it compelling for
them to visit us). Otherwise in France.
Based on the questions above by MOI, well have time to prepare the meeting.

Document version 1.0 (Nov 03,

2014)

Pag. 3