WikiLeaks Reveals Grasshopper, the CIA's Windows Hacking Tool (thenextweb.com)

← Back to Stories (view on slashdot.org)

WikiLeaks Reveals Grasshopper, the CIA's Windows Hacking Tool (thenextweb.com)

Posted by BeauHD on Friday April 7, 2017 @10:40AM from the daily-dose-of-paranoia dept.

An anonymous reader quotes a report from The Next Web: In case you haven't had your dose of paranoia fuel today, WikiLeaks released new information concerning a CIA malware program called "Grasshopper," that specifically targets Windows. The Grasshopper framework was (is?) allegedly used by the CIA to make custom malware payloads. According to the user guide: "Grasshopper is a software tool used to build custom installers for target computers running Microsoft Windows operating systems." Grasshopper is designed to detect the OS and protection on any Windows computer on which it's deployed, and it can escape detection by anti-malware software. If that was enough for you to put your computer in stasis, brace yourself for a doozy: Grasshopper reinstalls itself every 22 hours, even if you have Windows Update disabled. As if this wasn't alarming enough, the Grasshopper user guide even states upfront that Grasshopper uses bits from a toolkit taken from Russian organized crime.

15 of 87 comments (clear)

Min score:

Reason:

Sort:

Windows Update by phantomfive · 2017-04-07 10:44 · Score: 2, Informative

malware removed:

dd if=/dev/zero of=/dev/ntfs

--
"First they came for the slanderers and i said nothing."
1. Re:Windows Update by bill_mcgonigle · 2017-04-07 11:03 · Score: 4, Funny
  
  Nope, it got reinstalled from the EFI rootkit.
  
  --
  My God, it's Full of Source!
  OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
2. Re:Windows Update by AmiMoJo · 2017-04-08 00:45 · Score: 2
  
  Actually quite a good PROTIP there. Many AV vendors offer Linux boot CDs that are more effective at removing viruses than AV software running on Windows. That's because the Linux NTFS driver ignores file/user permissions that prevent Windows software from removing infected files.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
At least it's free by Anonymous Coward · 2017-04-07 10:45 · Score: 4, Informative

Fortunately, all software authored by the federal government is automatically in the public domain, so perfectly legal to reverse engineer, copy, etc.
1. Re:At least it's free by BlueStrat · 2017-04-07 14:31 · Score: 3, Insightful
  
  As if this wasn't alarming enough, the Grasshopper user guide even states upfront that Grasshopper uses bits from a toolkit taken from Russian organized crime.
  
  No, BeauHD, that's not fucking alarming at all. There's nothing even remotely alarming about that. Big fucking deal, they borrowed some attack code. Quit trying to be edgy, you suck at it.
  What IS alarming is that instead of helping US infrastructure protect itself from Russian malware, they simply hop on the gravy-train for their own cut of that sweet, sweet US data security.
  Remind me, *who* exactly are our enemies, again? Having trouble here detecting significant differences.
  Strat
  
  --
  Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
2. Re:At least it's free by TheGratefulNet · 2017-04-07 14:47 · Score: 4, Interesting
  
  there's a limited amount of pain that a foreign entity or a US corp entity could do to me.
  otoh, the US gov can do a LOT of damage to its own people.
  I worry more about our own spying and malware delivery (btw, what would our founding fathers think about THAT?) than from sources outside the US.
  the terrorists to worry the most about: our own government
  and not the elected ones. its the ones that we don't elect that are above the law, those are what I would be the most concerned about.
  they continue to be untouchable and you can't sue them or stop them.
  damn.
  
  --
  
  --
  "It is now safe to switch off your computer."
3. Re:At least it's free by freeze128 · 2017-04-07 16:01 · Score: 2
  
  Remind me, *who* exactly are our enemies, again? Having trouble here detecting significant differences.
  Easy. Anyone connected to the internet is your enemy. That makes security a lot easier to understand.
"einstalls itself every 22 hours" by Anonymous Coward · 2017-04-07 10:52 · Score: 2, Funny

Just like Windows updates whether you want them or not.
1. Re: "einstalls itself every 22 hours" by Anonymous Coward · 2017-04-07 12:38 · Score: 2, Insightful
  
  Why should they care, you are still paying? You aren't going anywhere. Windows users will put up with ANYTHING.
It's OK ... by CaptainDork · 2017-04-07 10:56 · Score: 2

... the CIA got a job to do.
I'd feel better about them if they could keep a secret, but let me restate CaptainDork's corollary:

For every motherfucker out there with a computer, there's another motherfucker out there with a computer. ~ © 2017 CaptainDork

--
It little behooves the best of us to comment on the rest of us.
1. Re:It's OK ... by rtb61 · 2017-04-07 11:47 · Score: 2, Interesting
  
  For any serious computer geek, they often have more than one. I am up to four, generally buying a replacement when ever one breaks whilst also repairing that broken one to become a spare. I just can't bring myself to sell the old ones, so many fond memories. Only two have been hacked, the oldest one on purpose to see how difficult is was to clean up, interesting exercise and good practice (I just installed an app from an expected criminal web site to see what would happen, what changes, what extra installed, how difficult to clean, rather than reinstall) and the last one I was indifferent to as I guessed the source of the hack and they cleaned it up themselves afterwards (better they come through windows(snicker snicker) than the storm troopers come through the doors). The other two never hacked, well, admittedly I never really turned them back on again once they were fixed, so they have not been near the internet for, well, over a decade (oh I forgot smart phone but I never do anything serious on that, never ever and screw you M$ for not understanding that, spying on desktops ass holes). I'll guess I have to repurpose a windows box to a Linux Box for internet access.
  
  --
  Chaos - everything, everywhere, everywhen
Software freedom: best defense against malware by jbn-o · 2017-04-07 11:39 · Score: 4, Interesting

The GNU Project told us about Microsoft malware long ago, including what is accurately listed "Microsoft Windows has a universal back door through which any change whatsoever can be imposed on the users" pointing to a mainstream media news reference from 2007 and another link indicating when this was used, and a pointer to a Condé Nast article talking about the (apparently ongoing) forced Windows Updates. Microsoft is also the first PRISM partner with the NSA joining on September 11, 2007, according to an internal NSA document so they have quite a long history of being untrustworthy but the underlying power they're leveraging comes from proprietary software.
Other proprietors are no more trustworthy. Apple didn't fix an intentional back door for 4 years, Apple didn't fix an iTunes backdoor through which others could have gained control of systems running the software. Apple joined PRISM in October 2012. Other proprietors with names you know (Yahoo, Facebook, Google, YouTube, etc.) joined in between the Microsoft and Apple partnerships.
The theme remains the same: it doesn't matter who the proprietor is (Microsoft in this case), proprietary software is always untrustworthy and this doesn't change even after applying lots of updates from the proprietor. Just because a new version is out, or a patch released does not mean the back door is shut or that you can verify their work (or even get someone more technically skilled to verify it on your behalf).
Now we have more confirmation of how the threats come from other directions, not just the proprietor, and that the threat is more organized than we commonly knew. Evidence like this immediately advances the discussion beyond the distraction of calling someone a 'tinfoil hat wearer' or other such nonsense, as did the Snowden documents. And WikiLeaks maintains their perfect record for authenticity in their publications—as far as we can tell these documents are what WikiLeaks claims they are. Proprietary software is always a threat. Software freedom is no guarantee of safety, but you're better off having software you can inspect, run, share, and modify (AKA control) than not. You simply can't trust proprietors to do right by you and all computer users deserve software freedom.

--
Digital Citizen
1. Re:Software freedom: best defense against malware by Somebody+Is+Using+My · 2017-04-07 12:42 · Score: 4, Interesting
  
  Except this doesn't sound like a backdoor in Windows. The article is short on details, but if it uses a "custom installer", this sounds more like a trojan. Once the software is installed, your machine is compromised but that's pretty much true for every consumer OS. As it is a customized trojan, its signature won't show up in anti-virus databases. Once it is installed, it can co-op the target system, ensuring it can't be easily detected or removed. Its a bit trickier to write this sort of spyware these days, but in no way impossible even for run-of-the-mill criminals, much less an organization with the resources and talent of the CIA
  How they get the target to install the trojan is probably different in each instance, and possibly requires the assistance of software vendors (Microsoft, McAfee, whatever) or the target's ISP so that when the already-running and legitimate software is served the trojan when it checks for an update (alternately, they might just sneak an agent with a USB drive into the target's home and install the trojan when the target is out to lunch or something).
  It's like really nasty spyware customized for a very specific user.
  In fact, that the CIA is forced to use these sorts of tactics speaks against the idea of there being a universal backdoor in Windows (beyond, you know, the usual and sadly universal backdoor of insecure coding and bad security practices on the part of the user).
2. Re:Software freedom: best defense against malware by Motherfucking+Shit · 2017-04-07 15:04 · Score: 2
  
  Your argument stops with heartbleed.
  Which was found and fixed. It took a long time, but it still happened because people can look at the source. What unknown critical Windows vulnerabilities are being exploited right now? We can't find out.
  
  --
  "BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
You might be a developer if... by grilled-cheese · 2017-04-07 15:34 · Score: 3, Funny

Your first though is that you're jealous of how good their documentation is.