WikiLeaks Reveals Grasshopper, the CIA's Windows Hacking Tool

An anonymous reader quotes a report from The Next Web: In case you haven't had your dose of paranoia fuel today, WikiLeaks released new information concerning a CIA malware program called "Grasshopper," that specifically targets Windows. The Grasshopper framework was (is?) allegedly used by the CIA to make custom malware payloads. According to the user guide: "Grasshopper is a software tool used to build custom installers for target computers running Microsoft Windows operating systems." Grasshopper is designed to detect the OS and protection on any Windows computer on which it's deployed, and it can escape detection by anti-malware software. If that was enough for you to put your computer in stasis, brace yourself for a doozy: Grasshopper reinstalls itself every 22 hours, even if you have Windows Update disabled. As if this wasn't alarming enough, the Grasshopper user guide even states upfront that Grasshopper uses bits from a toolkit taken from Russian organized crime.

Software freedom: best defense against malware

[jbn-o]

The GNU Project told us about Microsoft malware long ago, including what is accurately listed "Microsoft Windows has a universal back door through which any change whatsoever can be imposed on the users" pointing to a mainstream media news reference from 2007 and another link indicating when this was used, and a pointer to a Condé Nast article talking about the (apparently ongoing) forced Windows Updates. Microsoft is also the first PRISM partner with the NSA joining on September 11, 2007, according to an internal NSA document so they have quite a long history of being untrustworthy but the underlying power they're leveraging comes from proprietary software.

Other proprietors are no more trustworthy. Apple didn't fix an intentional back door for 4 years, Apple didn't fix an iTunes backdoor through which others could have gained control of systems running the software. Apple joined PRISM in October 2012. Other proprietors with names you know (Yahoo, Facebook, Google, YouTube, etc.) joined in between the Microsoft and Apple partnerships.

The theme remains the same: it doesn't matter who the proprietor is (Microsoft in this case), proprietary software is always untrustworthy and this doesn't change even after applying lots of updates from the proprietor. Just because a new version is out, or a patch released does not mean the back door is shut or that you can verify their work (or even get someone more technically skilled to verify it on your behalf).

Now we have more confirmation of how the threats come from other directions, not just the proprietor, and that the threat is more organized than we commonly knew. Evidence like this immediately advances the discussion beyond the distraction of calling someone a 'tinfoil hat wearer' or other such nonsense, as did the Snowden documents. And WikiLeaks maintains their perfect record for authenticity in their publications—as far as we can tell these documents are what WikiLeaks claims they are. Proprietary software is always a threat. Software freedom is no guarantee of safety, but you're better off having software you can inspect, run, share, and modify (AKA control) than not. You simply can't trust proprietors to do right by you and all computer users deserve software freedom.

Re:Software freedom: best defense against malware

[Somebody+Is+Using+My]

Except this doesn't sound like a backdoor in Windows. The article is short on details, but if it uses a "custom installer", this sounds more like a trojan. Once the software is installed, your machine is compromised but that's pretty much true for every consumer OS. As it is a customized trojan, its signature won't show up in anti-virus databases. Once it is installed, it can co-op the target system, ensuring it can't be easily detected or removed. Its a bit trickier to write this sort of spyware these days, but in no way impossible even for run-of-the-mill criminals, much less an organization with the resources and talent of the CIA

How they get the target to install the trojan is probably different in each instance, and possibly requires the assistance of software vendors (Microsoft, McAfee, whatever) or the target's ISP so that when the already-running and legitimate software is served the trojan when it checks for an update (alternately, they might just sneak an agent with a USB drive into the target's home and install the trojan when the target is out to lunch or something).

It's like really nasty spyware customized for a very specific user.

In fact, that the CIA is forced to use these sorts of tactics speaks against the idea of there being a universal backdoor in Windows (beyond, you know, the usual and sadly universal backdoor of insecure coding and bad security practices on the part of the user).

Re:It's OK ...

[rtb61]

For any serious computer geek, they often have more than one. I am up to four, generally buying a replacement when ever one breaks whilst also repairing that broken one to become a spare. I just can't bring myself to sell the old ones, so many fond memories. Only two have been hacked, the oldest one on purpose to see how difficult is was to clean up, interesting exercise and good practice (I just installed an app from an expected criminal web site to see what would happen, what changes, what extra installed, how difficult to clean, rather than reinstall) and the last one I was indifferent to as I guessed the source of the hack and they cleaned it up themselves afterwards (better they come through windows(snicker snicker) than the storm troopers come through the doors). The other two never hacked, well, admittedly I never really turned them back on again once they were fixed, so they have not been near the internet for, well, over a decade (oh I forgot smart phone but I never do anything serious on that, never ever and screw you M$ for not understanding that, spying on desktops ass holes). I'll guess I have to repurpose a windows box to a Linux Box for internet access.

Re:It's OK ...

[CaptainDork]

I have 8 desktop computers and two portables.

4 desktops are Windows XP PRO with registry hack to make them appear to be embedded, like an ATM or something, so they continue to get security updates.

They are in service on the local WiFi only for closed security camera duty.

One desktop is Windows 7 and because it has a touch screen, can't be upgraded to Windows 10. Another is Windows 8, updated to Windows 10, the other is Windows 8.1, updated to 10, and my primary is Windows 10 Home Edition.

I got hit with faux ransomeware years ago. It was simply a wallpaper that fired up on startup. I went into Safe Mode and told it to stop the shit.

Other than that, I've been OK.

I don't run anti-virus. Those are so yesterday and usually come in through email attachments. As a retired systems analyst and network administrator, computers are not my first jigsaw puzzle.

I have put out a request for more surplus desktops from family and friends but people just don't have desktops anymore.

Re:At least it's free

[TheGratefulNet]

there's a limited amount of pain that a foreign entity or a US corp entity could do to me.

otoh, the US gov can do a LOT of damage to its own people.

I worry more about our own spying and malware delivery (btw, what would our founding fathers think about THAT?) than from sources outside the US.

the terrorists to worry the most about: our own government

and not the elected ones. its the ones that we don't elect that are above the law, those are what I would be the most concerned about.

they continue to be untouchable and you can't sue them or stop them.

damn.