CIA has apparently stacked up on a mass of spying tools. CouchPotato and Dumbo are two such recently leaked exploits that reveal CIA’s strategies on controlling surveillance.
In March, WikiLeaks began publishing a series of leaks on the U.S. Central Intelligence Agency. Code-named “Vault 7“, the project is focused on sharing exploits created and used by the United States Central Intelligence Agency. It began with the leaking of 8,761 documents discovered within an isolated network in Langley, Virginia.
Vault7 now sheds light on two new exploits aimed at hijacking and manipulating webcams and microphones to corrupt or delete recordings, and real-time spying of video streams.
Dubbed CouchPotato, the recently leaked document details how the CIA agents use a remote tool to stealthy collect RTSP/H.264 video streams. Another document unveils another classified CIA project, dubbed ‘Dumbo,’ which details how CIA agents use monitoring devices “to gain and exploit physical access to target computers in CIA field operations.”
The Dumbo CIA project involves a USB thumb drive equipped with a Windows hacking tool that can identify installed connectivity or surveillance devices. The tool disables security cameras and corrupts recordings made on computers using Windows XP and newer versions of the Microsoft operating system.
It is said to be used by the CIA’s Physical Access Group (PAG)—a special branch within the Center for Cyber Intelligence (CCI) which is tasked to gain and exploit physical access to target computers in CIA field operations.
It identifies installed devices like webcams and microphones, either locally or connected by wireless (Bluetooth, WiFi) or wired networks. Once identified, the Dumbo program allows the CIA agents to:
- Mute all microphones
- Disables all network adapters
- Suspends any processes using a camera recording device
- Selectively corrupted or delete recording
By deleting or manipulating recordings the operator is aided in creating fake or destroying actual evidence of the intrusion operation.
However, for a successful operation, it requires SYSTEM level privilege to run. For the log to be maintained, the thumb drive Dumbo is executed from must remain plugged into the system throughout the duration of the operation.
Previous Vault7 Leaks
“Vault 7” is a substantial collection of material about CIA activities obtained by WikiLeaks since March 2017. These leaked tools include:
- Imperial: Explores 3 CIA-developed hacking tools and implants targetting Apple Mac OS X and some flavours of Linux operating systems.
- UCL/Raytheon: An alleged CIA contractor, which analyzed malware, allowing the CIA developed its own malware.
- Highrise: An alleged CIA project that let the spying agency stealthy collects and forwards stolen data from compromised smartphones to its server via SMS.
- BothanSpy and Gyrfalcon: CIA implants that let the CIA intercept and exfiltrate SSH credentials from targeted Windows and Linux PCs using different attack vectors.
- OutlawCountry: An alleged CIA project aimed at hacking and remotely spying on systems running Linux OS.
- ELSA: Alleged CIA malware that tracks geolocation of targeted computers and laptops running Windows.
- Brutal Kangaroo: A tool suite for Windows used by the CIA agents to target closed networks or air-gap computers within an organisation or enterprise without requiring any direct access.
- Cherry Blossom: A framework employed by the agency to monitor the Internet activity of the targeted systems by exploiting flaws in Wi-Fi devices.
- Pandemic: A CIA’s project that allowed the spying agency to turn Windows file servers into covert attack machines that can silently infect other PCs of interest inside the same network.
- Athena: A spyware framework that the agency designed to take full control over an infected Windows systems remotely and works against every version of Windows OS–from Windows XP to Windows 10.
- AfterMidnight and Assassin: CIA malware frameworks for the Microsoft Windows platform that’s meant to monitor and report back actions on the infected remote host PC and execute malicious actions.
- Archimedes: Man-in-the-middle attack tool reportedly developed by the CIA to target computers and laptops inside a Local Area Network (LAN).
- Scribbles: Software supposedly designed to embed ‘web beacons’ into confidential files and documents, allowing the CIA to track insiders and whistleblowers.
- Grasshopper: A framework that allowed the spying agency to quickly create custom malware for breaking into Microsoft Windows OS and bypassing antivirus protection.
- Marble: Source code of a secret anti-forensic framework used by the CIA agents to hide the actual source of its malware.
- Dark Matter: Hacking tools the spying agency used to target iPhones and Macs.
- Weeping Angel: Spying tool used by the CIA to infiltrate smart TVs, and transforming them into covert microphones.
- Year Zero: CIA hacking tools and exploits for popular hardware and software.