Slashdot Mirror

← Back to Stories (view on slashdot.org)

CIA Created 'CherryBlossom' Toolkit For Hacking Hundreds of Routers Models (bleepingcomputer.com)

Posted by BeauHD on from the targets-of-interest dept.

An anonymous reader writes: After a two-week hiatus, WikiLeaks dumped new files as part of the Vault 7 series -- documents about a CIA tool named CherryBlossom, a multi-purpose framework developed for hacking hundreds of home router models. The tool is by far one of the most sophisticated CIA malware frameworks in the CIA's possession. The purpose of CherryBlossom is to allow operatives to interact and control SOHO routers on the victim's network. The tool can sniff, log, and redirect the user's Internet traffic, open a VPN to the victim's local network, execute actions based on predefined rules, alert operators when the victim becomes active, and more. A 24-page document included with the CherryBlossom docs lists over 200 router models from 21 vendors that the CIA could hack. The biggest names on this list are Apple, D-Link, Belkin, Aironet (Cisco), Linksys, and Motorola.

3 of 107 comments (clear)

  1. Re:Can this infect 3rd party firmware? by hashish · · Score: 5, Informative

    Did you actually read the article?
    They are replacing the existing firmware with a new version with 'extra' functionality.
    The people who would not notice are the ones who would use the system out of the box and would not notice a hard reset. I am guessing a custom firmware users would notice.

  2. Re:DD-WRT by skids · · Score: 4, Insightful

    Read further in that section:

    Prerequisites:
      client computer with ethernet interface and firmware file
      ethernet cable
      device LAN IP address (referred to below as )
      device web interface password

    They have an embedded agent for most common hardware models and kernels (and a "CB Manual" possibly for custom building the agent.)
    No surprise... once you have code you can manage to graft it into almost anything.

    However, unlike lots of the other entries, no tool to crack it in the first place... they'd have to have physical access, or an exploit tool not covered in this document.

    --
    Someone had to do it.
  3. "At least in the US" by WaffleMonster · · Score: 5, Insightful

    Page 24...

    "Barring guidance from the Sponsor with regards to particular devices of interest, Cherry Blossom has attempted to support wireless network devices that are ubiquitous and readily available (at least in the US)."

    Why does CIA care what is "ubiquitous" and "readily available" in the United States? Who are they targeting? Why would they waste considerable sums of time and effort developing cracked firmware images based on US market availability? Is the CIA's mission spying on Americans? Isn't this supposed to be "Illegal"?