WikiLeaks Dump Reveals CIA Malware For Tracking Windows Devices Via WiFi Networks (bleepingcomputer.com) 85
WikiLeaks has published the documentation manual for an alleged CIA tool that can track users of Wi-Fi-capable Windows devices based on the Extended Service Set (ESS) data of nearby Wi-Fi networks. According to the tool's 42-page manual, the tool's name is ELSA. Bleeping Computer has an image embedded in its report that explains how the tool works. There are six steps that summarize the ELSA operation. Bleeping Computer reports: Step 1: CIA operative configures ELSA implant (malware) based on a target's environment. This is done using a tool called the "PATCHER wizard," which generates the ELSA payload, a simple DLL file.
Step 2: CIA operative deploys ELSA implant on target's Wi-Fi-enabled Windows machine. Because ELSA is an implant (malware), the CIA operator will likely have to use other CIA hacking tools and exploits to place the malware on a victim's PC.
Step 3: The implant begins collecting Wi-Fi access point information based on the schedule set by the operator. Data collection can happen even if the user is disconnected from a Wi-Fi network.
Step 4: When the target user connects to the Internet, ELSA will take the collected Wi-Fi data and query a third-party database for geolocation information.
Step 5: The CIA operative connects to the target's computer and fetches the ELSA log. This is done via the tools that allowed the operator to place ELSA on his system, or through other tools.
Step 6: The operator decrypts the log and performs further analysis on their target. Optionally, he can use the collected WiFi data to query alternate EES geo-location databases, if he feels they provide a better accuracy.
Step 2: CIA operative deploys ELSA implant on target's Wi-Fi-enabled Windows machine. Because ELSA is an implant (malware), the CIA operator will likely have to use other CIA hacking tools and exploits to place the malware on a victim's PC.
Step 3: The implant begins collecting Wi-Fi access point information based on the schedule set by the operator. Data collection can happen even if the user is disconnected from a Wi-Fi network.
Step 4: When the target user connects to the Internet, ELSA will take the collected Wi-Fi data and query a third-party database for geolocation information.
Step 5: The CIA operative connects to the target's computer and fetches the ELSA log. This is done via the tools that allowed the operator to place ELSA on his system, or through other tools.
Step 6: The operator decrypts the log and performs further analysis on their target. Optionally, he can use the collected WiFi data to query alternate EES geo-location databases, if he feels they provide a better accuracy.
No linux hacks? (Score:1)
Re: (Score:2)
Neither do most criminals....Not a coincidence.
Re: No linux hacks? (Score:2)
Re: (Score:2)
Apparently not if you consider privacy important.
Re: (Score:2)
Re: (Score:2)
Not when they have a 98% chance of hitting a Windows machine.
Re: (Score:2)
Re:No linux hacks? (Score:4, Insightful)
Thanks for being an evil cyber-mercenary...just kidding, actually fuck you.
Re: (Score:2)
The low hanging fruit is always tricking users into installing your malware. There is no security through obscurity in cell phones now, which at least temporarily lowers the value of Linux and BSD kernel exploits.
Re: (Score:2)
Worse than that, they spent how much on a CLIENT SIDE version of a basic MAC Address/Tracert sniffer?
Re: (Score:2)
Re: (Score:2)
Not much here (Score:1, Insightful)
As spying tools go, this one is pretty minor. It doesn't do anything unless you already have root access to the target computer. If you have access to the target computer, you can already probably find out pretty much everything you need anyway.
Re:Not much here (Score:5, Informative)
If you have access to the target computer, you can already probably find out pretty much everything you need anyway.
People have lives outside their computers. This is for tracking criminals' location without using GPS, which is information that isn't already stored on a target computer.
Re: (Score:2)
Good that they're with the government, or this might be illegal.
Re: (Score:2)
CIA is not really an intelligence organisation.
A small part of the CIA is gathering intelligence.If you look where the money goes it's foreign operations. The operations arm runs the CIA.
The CIA get most of their money from the US government so I guess the main function of the intelligence department is to make sure the operations arm gets good funding.
Re: (Score:3)
This is for tracking criminals' location without using GPS
Good thing its not for tracking a suspects location because a suspect might accidentally have rights. These folks have apparently already been convicted so.....
target - not criminal (Score:2)
If you have access to the target computer, you can already probably find out pretty much everything you need anyway.
People have lives outside their computers. This is for tracking criminals' location without using GPS, which is information that isn't already stored on a target computer.
Who said anything about criminals?
Re: (Score:2)
This is for tracking criminals' location without using GPS, which is information that isn't already stored on a target computer.
Who said anything about criminals?
The post you are replying to.
As the post prior to yours attempted to point out using sarcasm, the use of the word "criminals" has already rendered judgement on the people being tracked: they're not suspects, they're "criminals".
Re: (Score:2)
Your calling them "suspects" means that they are suspected of something.
My point is that this is done to whomever they like, they don't have to be even a suspect.
Call it like it is - they can gather information on whomever they want - a target. There's no need to imply good vs bad.
Re: (Score:2)
Your calling them "suspects" means that they are suspected of something. My point is that this is done to whomever they like, they don't have to be even a suspect.
No, your point was "Who said anything about criminals?"
Your point did not mention the word "suspect".
Re: (Score:2)
Other tools mentioned in the past are automated i.e. the Automated Implant Branch (AIB) with names like Medusa, Swindle, HIVE.
Re: (Score:2)
They use these tools on any old criminals, not just cybercriminals. Physical access is something you can get with a warrant (and probably without) and most criminals' computers are not hardened against this kind of injection (no encryption).
Re: (Score:2)
Does windows 10 really collect your wifi passwords and send them off? No wonder I am not running it.
Re: (Score:2)
I gladly would. They may even take all the data with them.
Provided I get to choose which computer they take from me.
Re: (Score:2)
I'm not convinced that they need physical access. From TFS:
Step 2: CIA operative deploys ELSA implant on target's Wi-Fi-enabled Windows machine.
'Deploy' might involve other then physical access. Open an e-mailed document with embedded malware for example.
CIA pwn Windows (Score:1, Flamebait)
Looks like the CIA has completely pwned Windows and of course, now the whole world has access. Windows has never been secure and only a fool would plan to keep using Windows. Wake up, morons!
Re: (Score:1)
Geolocation is easy.
https://en.wikipedia.org/wiki/... [wikipedia.org]
The Geolocation of your wifi is already well known. I know where you are, by what APs are nearby. Often, within a few meters. On your Android Phone, there is even a setting that allows better GPS Geolocation by pairing it with Wifi Signals.
Location outside of the US is just as easy as being inside. And yes, the internet works outside the US too!
So it's basically what Android and iOS do. (Score:1)
Except those come factory-installed on mobile devices.
So, just what every cellphone already does (Score:1)
How is this different from location services on Android or the Iphone? You -know- those are uploaded to Google and Apple regularly.
Re: (Score:2)
People already know about switching between burner phones and turning the phones off if they don't want tracked. Those people may not be as careful with a laptop.
Re: (Score:2)
My first thought. The NSA would probably like to thank Google for compiling this "geo-wifi" information for them with their wardriving vehicles!
Step 7: (Score:3)
CIA operative performs a man in the middle attack on the currently playing youtube/twitch video stream and replaces it by let it go.
Re: (Score:2)
Already outdated (Score:1)
With the new Windows Telemetry Apparatus, Redmond collects all this information with no additional exploitation. Additionally, the telemetry is harder to defend from than this "malware".
This is why radios need HW on/off switches (Score:5, Insightful)
This is why radios and, for that matter, sensors, need hardware on/off switches.
Turn off the radios and sensors such as motion sensors, compasses, microphones, and cameras when not in use and you make it very very difficult if not impossible to track your location.
Re: (Score:2)
This is why radios and, for that matter, sensors, need hardware on/off switches.
I have a stereo with an OFF switch. It works great. It also has an OFF light. It works great, too. When the unit it OFF the light is ON, and vise versa -- damnedest thing I've ever seen. (Dumbest, too.)
I also miss actual Write Protect switches on USB media. Originally they had them, now at best it's a software mode. ("I promise I won't write anything else -- REALLY! Let me just write that down so I don't forget about it. OK, Done." Now let's re-enable writing. "But you told me not to earlier and
Re: (Score:2)
They were always software switches. Because there's nothing physical you can hard wire to "write prot
Re: (Score:2)
> I also miss actual Write Protect switches on USB media
Kanguru has several USB3 thumbdrives available on Amazon with a physical hardware write protect switch. Standard disclaimer, just a satisfied customer.