WikiLeaks: CIA's Dumbo project can hack webcams and corrupt recordings
WikiLeaks has published the latest installment of its cache of CIA documentation known as Vault 7. This time around we learn about Project Dumbo, a hacking tool which allows for the control of webcams and microphones.
Wired, Bluetooth and wireless devices can all be detected by Dumbo. In addition to this, Dumbo gives the CIA the ability to delete or corrupt recordings that have been made. WikiLeaks has published user guides for three versions of Dumbo, the most recent of which is dated June 2015.
- WikiLeaks reveals CIA's Imperial hacking project targeting Mac and Linux
- WikiLeaks: CIA analyzed Russian and Chinese malware to inspire its own hacking and surveillance tools
- WikiLeaks reveals CIA tool for SMS spying
- WikiLeaks: CIA steals SSH credentials from Windows and Linux with BothanSpy and Gyrfalcon tools
Like some of the other CIA exploits WikiLeaks has revealed so far, executing Dumbo requires not only physical access to a computer, but also administrator privileges. Rather than being used to gather evidence or carry out surveillance, the aim of Dumbo is to detect and wipe out recordings made by others. The documentation for Dumbo 3.0 includes the following description:
Dumbo runs on a target to which we have physical access, mutes all microphones, disables all network adapters, suspends any processes using a camera recording device, and notifies the operator of any files to which those processes were actively writing so that they may be selectively corrupted or deleted.
WikiLeaks explains a little about the contents of the documentation:
Dumbo is a capability to suspend processes utilizing webcams and corrupt any video recordings that could compromise a PAG deployment. The PAG (Physical Access Group) is a special branch within the CCI (Center for Cyber Intelligence); its task is to gain and exploit physical access to target computers in CIA field operations.
Dumbo can identify, control and manipulate monitoring and detection systems on a target computer running the Microsoft Windows operating sytem. It identifies installed devices like webcams and microphones, either locally or connected by wireless (Bluetooth, WiFi) or wired networks. All processes related to the detected devices (usually recording, monitoring or detection of video/audio/network streams) are also identified and can be stopped by the operator. By deleting or manipulating recordings the operator is aided in creating fake or destroying actual evidence of the intrusion operation.
Dumbo is run by the field agent directly from an USB stick; it requires administrator privileges to perform its task. It supports 32bit Windows XP, Windows Vista, and newer versions of Windows operating system. 64bit Windows XP, or Windows versions prior to XP are not supported.
You can read through the Dumbo documentation over on WikiLeaks' Vault 7 pages.