Articles about CIA

Following on from its Vault 7 series of leaks relating to CIA hacking tools, WikiLeaks has kicked off a new series -- Vault 8. The purpose of this latest series is to reveal the source code of previously exposed hacking and surveillance tools, and the first release relates to Hive.

The tool itself is interesting enough, serving as backbone to the CIA's malware operations, but there's more. What's intriguing about the first leak in the Vault 8 series is that it seems to show the agency impersonating Kaspersky, by making use of a fake certificate for the anti-virus company.

Continue reading →

The latest addition to WikiLeaks' Vault 7 cache of CIA documents and tools is a user guide for CouchPotato. This project is designed to capture RTSP/H.264 video streams, typically from networked cameras.

This is rather different to the approach taken with the Dumbo project which required physical access to a computer. The CouchPotato documentation is relatively recent, only dating back to February 14, 2014.

Continue reading →

WikiLeaks has published the latest installment of its cache of CIA documentation known as Vault 7. This time around we learn about Project Dumbo, a hacking tool which allows for the control of webcams and microphones.

Wired, Bluetooth and wireless devices can all be detected by Dumbo. In addition to this, Dumbo gives the CIA the ability to delete or corrupt recordings that have been made. WikiLeaks has published user guides for three versions of Dumbo, the most recent of which is dated June 2015.

Continue reading →

WikiLeaks has published the latest of its Vault 7 CIA leaks, this time looking at a project going by the name Imperial. The project is made up of three tools: Achilles and SeaPea which target OS X, and Aeris which targets various flavors of Linux, including RedHat, Debian and CentOS.

User guides relating to the two Mac tools date from mid-2011 and show they can be used to Trojanize an OS X disk image or install a persistent rootkit. Aeris was designed to provide a backdoor into Linux-based systems.

Continue reading →

Some four months after the first Vault 7 leak, WikiLeaks continues to publish revealing CIA documents that detail the agency's ability to hack, infiltrate and surveil targets. The latest batch goes under the banner "UCL / Raytheon", and comprises documents from CIA contractor Raytheon Blackbird Technologies.

Dating from late 2014 and late 2015, the documents show how the CIA, through Raytheon Blackbird Technologies, monitored malware in the wild to see how it could be used by the agency. The documents cover tools produced by the infamous Hacking Team as well as the Russian HammerToss malware delivered via Twitter.

Continue reading →

The latest addition to WikiLeaks' Vault 7 cache of leaked CIA documents details an app that can be used to intercept SMS messages on Android devices. The HighRise tool can grab messages before sending them on to a CIA-controlled server.

The app itself goes by the name of TideCheck and it serves as an SMS proxy to allow for the interception of messages on a target's phone. The app itself is password protected (with the word "inshallah") to prevent unwanted tinkering. It also seems to serve a dual purpose, acting as a secure communication channel for CIA operatives.

Continue reading →

The latest addition to WikiLeaks' Vault 7 cache of CIA tools and documents gives details of tools used by the agency to attack Windows and Linux computers. The BothanSpy and Gyrfalcon projects can be used to intercept and exfiltrate SSH (Secure Shell) credentials.

BothanSpy is used to target Windows, while Gyrfalcon is used for Linux machines, with both working in different ways. A number of popular distros can be hit by Gyrfalcon, including CentOS, Debian, RedHat, openSUSE and Ubuntu, and both tools function as implants that steal credentials before transmitting them to a CIA server.

Continue reading →

The Vault 7 leaks continue to flow thick and fast from WikiLeaks, shedding more and more light on the hacking and infiltration capabilities of the CIA. The latest batch details the OutlawCountry project which finds the CIA targeting Linux systems.

With Linux-based operating systems usually lauded for their impenetrability, news of a possible chink in the armour will undoubtedly cause concern. With OutlawCountry, it seems the CIA was able to redirect network traffic from a target machine to an agency-controlled machine for infiltration.

Continue reading →

Wikileaks has released a batch of documents from the middle of 2012 revealing details of the CIA's CherryBlossom project. A joint venture with the Stanford Research Institute, the CherryBlossom files show how the agency can take remote control of routers and other networking devices from numerous manufacturers, transforming them into listening devices.

CherryBlossom also enables the CIA to interfere with both incoming and outgoing traffic. Passwords present little obstacle in many cases and the fact that remote infection is possible makes the implant very simple to install. The documents reveal how the CIA can home in on a target using information such as MAC address, email address, or even chat handles.

Continue reading →