Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security Wireless Networking Network Operating Systems Privacy Software Windows Technology

WikiLeaks Dump Reveals CIA Malware For Tracking Windows Devices Via WiFi Networks (bleepingcomputer.com) 85

WikiLeaks has published the documentation manual for an alleged CIA tool that can track users of Wi-Fi-capable Windows devices based on the Extended Service Set (ESS) data of nearby Wi-Fi networks. According to the tool's 42-page manual, the tool's name is ELSA. Bleeping Computer has an image embedded in its report that explains how the tool works. There are six steps that summarize the ELSA operation. Bleeping Computer reports: Step 1: CIA operative configures ELSA implant (malware) based on a target's environment. This is done using a tool called the "PATCHER wizard," which generates the ELSA payload, a simple DLL file.
Step 2: CIA operative deploys ELSA implant on target's Wi-Fi-enabled Windows machine. Because ELSA is an implant (malware), the CIA operator will likely have to use other CIA hacking tools and exploits to place the malware on a victim's PC.
Step 3: The implant begins collecting Wi-Fi access point information based on the schedule set by the operator. Data collection can happen even if the user is disconnected from a Wi-Fi network.
Step 4: When the target user connects to the Internet, ELSA will take the collected Wi-Fi data and query a third-party database for geolocation information.
Step 5: The CIA operative connects to the target's computer and fetches the ELSA log. This is done via the tools that allowed the operator to place ELSA on his system, or through other tools.
Step 6: The operator decrypts the log and performs further analysis on their target. Optionally, he can use the collected WiFi data to query alternate EES geo-location databases, if he feels they provide a better accuracy.

This discussion has been archived. No new comments can be posted.

WikiLeaks Dump Reveals CIA Malware For Tracking Windows Devices Via WiFi Networks

Comments Filter:
  • CIA don't waste their time with linux?
    • Neither do most criminals....Not a coincidence.

    • Wait for Wikileaks to publish how the CIA/NSA etc hack web servers there will be as lot of Linux Hacks there. However they are far more interested in tracking individuals which will largely mean Desktop & Mobile hacks
    • Not when they have a 98% chance of hitting a Windows machine.

    • We'e been selling software that exploits a hole in Linux which allows us to pull all kinds of fun information and elevate user privileges. It's been sold to government agencies since around 2008. Hasn't been patched and won't be unless they fundamentally change the way the OS functions. The truth is that they're far more interested in hacking individual devices like phones and laptops, than the servers Linux typically runs on. Servers are easy to get a warrant for and the companies that own them must coope
    • Worse than that, they spent how much on a CLIENT SIDE version of a basic MAC Address/Tracert sniffer?

    • by AHuxley ( 892839 )
      Improvise, Aquaman with Dancefloor that are OS ready. The automated multi-platform malware like Hive, Cutthroat and Swindle.
    • by AHuxley ( 892839 )
      Another Linux effort is Outlaw Country.
  • Not much here (Score:1, Insightful)

    by Anonymous Coward

    As spying tools go, this one is pretty minor. It doesn't do anything unless you already have root access to the target computer. If you have access to the target computer, you can already probably find out pretty much everything you need anyway.

    • Re:Not much here (Score:5, Informative)

      by omnichad ( 1198475 ) on Thursday June 29, 2017 @08:13AM (#54711685) Homepage

      If you have access to the target computer, you can already probably find out pretty much everything you need anyway.

      People have lives outside their computers. This is for tracking criminals' location without using GPS, which is information that isn't already stored on a target computer.

      • This is for tracking criminals' location without using GPS

        Good thing its not for tracking a suspects location because a suspect might accidentally have rights. These folks have apparently already been convicted so.....

      • If you have access to the target computer, you can already probably find out pretty much everything you need anyway.

        People have lives outside their computers. This is for tracking criminals' location without using GPS, which is information that isn't already stored on a target computer.

        Who said anything about criminals?

        • by XXongo ( 3986865 )

          This is for tracking criminals' location without using GPS, which is information that isn't already stored on a target computer.

          Who said anything about criminals?

          The post you are replying to.

          As the post prior to yours attempted to point out using sarcasm, the use of the word "criminals" has already rendered judgement on the people being tracked: they're not suspects, they're "criminals".

          • by gosand ( 234100 )

            Your calling them "suspects" means that they are suspected of something.
            My point is that this is done to whomever they like, they don't have to be even a suspect.

            Call it like it is - they can gather information on whomever they want - a target. There's no need to imply good vs bad.

            • by XXongo ( 3986865 )

              Your calling them "suspects" means that they are suspected of something. My point is that this is done to whomever they like, they don't have to be even a suspect.

              No, your point was "Who said anything about criminals?"

              Your point did not mention the word "suspect".

      • by AHuxley ( 892839 )
        Re "tracking criminals"
        Other tools mentioned in the past are automated i.e. the Automated Implant Branch (AIB) with names like Medusa, Swindle, HIVE.
  • CIA pwn Windows (Score:1, Flamebait)

    by mspohr ( 589790 )

    Looks like the CIA has completely pwned Windows and of course, now the whole world has access. Windows has never been secure and only a fool would plan to keep using Windows. Wake up, morons!

  • by Anonymous Coward

    Except those come factory-installed on mobile devices.

  • by Anonymous Coward

    How is this different from location services on Android or the Iphone? You -know- those are uploaded to Google and Apple regularly.

    • People already know about switching between burner phones and turning the phones off if they don't want tracked. Those people may not be as careful with a laptop.

    • My first thought. The NSA would probably like to thank Google for compiling this "geo-wifi" information for them with their wardriving vehicles!

  • by Z80a ( 971949 ) on Thursday June 29, 2017 @08:46AM (#54711881)

    CIA operative performs a man in the middle attack on the currently playing youtube/twitch video stream and replaces it by let it go.

  • by Anonymous Coward

    With the new Windows Telemetry Apparatus, Redmond collects all this information with no additional exploitation. Additionally, the telemetry is harder to defend from than this "malware".

  • by davidwr ( 791652 ) on Thursday June 29, 2017 @09:39AM (#54712251) Homepage Journal

    This is why radios and, for that matter, sensors, need hardware on/off switches.

    Turn off the radios and sensors such as motion sensors, compasses, microphones, and cameras when not in use and you make it very very difficult if not impossible to track your location.

    • This is why radios and, for that matter, sensors, need hardware on/off switches.

      I have a stereo with an OFF switch. It works great. It also has an OFF light. It works great, too. When the unit it OFF the light is ON, and vise versa -- damnedest thing I've ever seen. (Dumbest, too.)

      I also miss actual Write Protect switches on USB media. Originally they had them, now at best it's a software mode. ("I promise I won't write anything else -- REALLY! Let me just write that down so I don't forget about it. OK, Done." Now let's re-enable writing. "But you told me not to earlier and

      • by tlhIngan ( 30335 )

        I also miss actual Write Protect switches on USB media. Originally they had them, now at best it's a software mode. ("I promise I won't write anything else -- REALLY! Let me just write that down so I don't forget about it. OK, Done." Now let's re-enable writing. "But you told me not to earlier and that's still set. Oh well, updating that's no problem whatsoever, just like the rest of your read-only data.")

        They were always software switches. Because there's nothing physical you can hard wire to "write prot

      • by Wolfrider ( 856 )

        > I also miss actual Write Protect switches on USB media

        Kanguru has several USB3 thumbdrives available on Amazon with a physical hardware write protect switch. Standard disclaimer, just a satisfied customer.

Keep up the good work! But please don't ask me to help.

Working...