WikiLeaks Dump Reveals CIA Malware For Tracking Windows Devices Via WiFi Networks

WikiLeaks has published the documentation manual for an alleged CIA tool that can track users of Wi-Fi-capable Windows devices based on the Extended Service Set (ESS) data of nearby Wi-Fi networks. According to the tool's 42-page manual, the tool's name is ELSA. Bleeping Computer has an image embedded in its report that explains how the tool works. There are six steps that summarize the ELSA operation. Bleeping Computer reports: Step 1: CIA operative configures ELSA implant (malware) based on a target's environment. This is done using a tool called the "PATCHER wizard," which generates the ELSA payload, a simple DLL file.
Step 2: CIA operative deploys ELSA implant on target's Wi-Fi-enabled Windows machine. Because ELSA is an implant (malware), the CIA operator will likely have to use other CIA hacking tools and exploits to place the malware on a victim's PC.
Step 3: The implant begins collecting Wi-Fi access point information based on the schedule set by the operator. Data collection can happen even if the user is disconnected from a Wi-Fi network.
Step 4: When the target user connects to the Internet, ELSA will take the collected Wi-Fi data and query a third-party database for geolocation information.
Step 5: The CIA operative connects to the target's computer and fetches the ELSA log. This is done via the tools that allowed the operator to place ELSA on his system, or through other tools.
Step 6: The operator decrypts the log and performs further analysis on their target. Optionally, he can use the collected WiFi data to query alternate EES geo-location databases, if he feels they provide a better accuracy.

No linux hacks?

[fabriciom]

CIA don't waste their time with linux?

Re:No linux hacks?

They have SELINUX....

Re:No linux hacks?

[omnichad]

Neither do most criminals....Not a coincidence.

Re:No linux hacks?

someone will be by soon to inform you there are not enough Linux systems for folks to be interested in exploiting. (same for macOS)

Re:No linux hacks?

it's because linux fucking sucks

Re:No linux hacks?

which is true, if you want to gather information you want your malware on as many devices as possible, home user devices and phones specifically. And sorry to burst your bubble, running linux as your main OS is still a niche market whether you are willing to admit that or not, facts don't need you to like them.

Macs tho? Plenty of attacks pointed directly at them, maybe you've been cherry picking the stuff you read from the leaks.

And to be fair, they've got plenty of attack vectors against Android and guess what android actually is? Oh, I think we both know you already guessed that it is.

Re: No linux hacks?

Especially very few ones with Wifi working, in the case of Linux.

Re:No linux hacks?

[Big+Hairy+Ian]

Wait for Wikileaks to publish how the CIA/NSA etc hack web servers there will be as lot of Linux Hacks there. However they are far more interested in tracking individuals which will largely mean Desktop & Mobile hacks

Re:No linux hacks?

[ArchieBunker]

Not when they have a 98% chance of hitting a Windows machine.

Re:No linux hacks?

it's because linux fucking sucks when you can't understand it.

Derp.

Re:No linux hacks?

CIA operate at a different level. To call their adversary a criminal is strange since depending on jurisdiction the CIA operative could technically be the one perpetrating the crime.

Re:No linux hacks?

[Opportunist]

Apparently not if you consider privacy important.

Re:No linux hacks?

depending on jurisdiction...

I wonder under what jurisdiction smuggling cocaine out of / into a country would not be a crime.

Re:No linux hacks?

[WankerWeasel]

We'e been selling software that exploits a hole in Linux which allows us to pull all kinds of fun information and elevate user privileges. It's been sold to government agencies since around 2008. Hasn't been patched and won't be unless they fundamentally change the way the OS functions. The truth is that they're far more interested in hacking individual devices like phones and laptops, than the servers Linux typically runs on. Servers are easy to get a warrant for and the companies that own them must cooperate. Getting individuals to is far more difficult.

Re:No linux hacks?

"it's because linux fucking sucks when you can't understand it.

Derp."

And your "insult" explains exactly why Linux has never taken off as a serious desktop operating system. Keep treating everyone that shows any interest in it with contempt. Please, keep treating potential lusers like the garbage that they are.

I mean, I was a linux user (a luser, I suppose) at one time. I remember how I was treated like a piece of shit. A literal fucking piece of garbage, when I first got into the scene. And then, after I figured out how things worked... I was right there, next to everyone else, treating the newbies like THEY were the fucking pieces of garbage.

I wanted to join the bandwagon. I wanted to pretend that I was elite in some way. But I wasn't. I just learned how to use an extremely unpopular operating system. I was like a kid fresh out of high school, thinking that I had all the answers. I thought I was smarter than everyone else. I was like a Hillary Clinton supporter. Little did I know that I was wrong. It was all hubris, and hypocrisy. Linux wasn't actually better. I couldn't even play games on it. I couldn't even play Doom 2. It was crap.

I started drinking the boos, and smoking the marih-jew-anna, to make the pain go away. And I had sex with many womens, but their breasts felt disgusting, like sandbags in my hands, and their vaginas had literal teeth, sharp as a razor. I could not enjoy having the sex because it was like masturbating with sandpaper. I moved out of my mother's basement, and became a real man. I got a job at McDonald's.

I can crack eggs, flawlessly, one handed, and I can tell by the sound EXACTLY when your breakfast items are ready. I am the Egg McMuffin King! Hail to the King, baby!

Re:No linux hacks?

[GameboyRMH]

Thanks for being an evil cyber-mercenary...just kidding, actually fuck you.

Re: No linux hacks?

+1 Flamebait.

Re:No linux hacks?

Right on man!

Re:No linux hacks?

Why do I feel like buying an Egg McMuffin now? =S

Re:No linux hacks?

[Rockoon]

Seems to me that most of the phones that arent running a Linux are running a BSD.

The low hanging fruit is always tricking users into installing your malware. There is no security through obscurity in cell phones now, which at least temporarily lowers the value of Linux and BSD kernel exploits.

Re: No linux hacks?

a mcdonalds restaurant has never cracked an egg. fake news!

Re: No linux hacks?

There are more Linux and Unix powered systems in existence than there are Micro$oft junk. The whole "because there are more" argument is complete bullshit, yet only true if the focus is on the desktop. You car uses it, your phone (Android/iOS) uses Linux or Unix, most factories use something Unix-based, and most servers now use Linux. What you do get is offices with a lot of Window$ machines as a way to communicate with something Linux/Unix based. That's the problem; it should be the other way around, but it's not simply because most people never even heard of Linux and those that have but don't use Linux usually imagine a TTY only environment from some hacker movie.

Re: No linux hacks?

[TheOuterLinux]

If they can't play video games or Skype, which should be a terrifying thought to have a Window$ run camera starring at you, then they bitch. IT bitches because Window$ keeps them employed. Log on to a social network on Window$? Fuuuuuuu@&$....that. If it's free it must suck is the typical Micro$oft user motto. Freemium and FOSS are not the same thing. Some donate blood, others donate software; it's that simple. Unfortunately, most open source is going towards web development instead of the desktop. I know belittling doesn't help, but you can only throw so many obvious reasons to switch to Linux in all the M$ users' faces before it starts to look like a pandemic case of severe denial. It's kind of like a cult that slowly sips the Kool-Aid instead of all at once, only to join another for a different flavor of the same poison. Most of my computers are old as hell and they all run Linux with the latest 32-bit version of the kernel (some are PAE to get 4GB+ access) with up to date software I didn't have to pay a dime for. If I tried to run Window$ instead, they'd all be nothing but diseased-ridden paperweights, just something to heat up the room during the Winter and pray they stay out of my router.

Re: No linux hacks?

A very strange McDonald's ad. Five stars. Would lol again.

Re:No linux hacks?

[Marxist+Hacker+42]

Worse than that, they spent how much on a CLIENT SIDE version of a basic MAC Address/Tracert sniffer?

Re:No linux hacks?

[AHuxley]

Improvise, Aquaman with Dancefloor that are OS ready. The automated multi-platform malware like Hive, Cutthroat and Swindle.

Re:No linux hacks?

[AHuxley]

Another Linux effort is Outlaw Country.

Not much here

As spying tools go, this one is pretty minor. It doesn't do anything unless you already have root access to the target computer. If you have access to the target computer, you can already probably find out pretty much everything you need anyway.

Re:Not much here

[omnichad]

If you have access to the target computer, you can already probably find out pretty much everything you need anyway.

People have lives outside their computers. This is for tracking criminals' location without using GPS, which is information that isn't already stored on a target computer.

Re:Not much here

I was going to say, the procedures for these tools seem to be getting more and more abstruse. Does anyone know if these things have ever actually been deployed in the field, or if someone at the CIA has been exaggerating the power of these tools in order to fool a clueless supervisor?

Re:Not much here

[omnichad]

They use these tools on any old criminals, not just cybercriminals. Physical access is something you can get with a warrant (and probably without) and most criminals' computers are not hardened against this kind of injection (no encryption).

Re:Not much here

People have lives outside their computers.

Shouldn't that be "Most People" or "Some People" given where we are?

Re:Not much here

Its really just a way for the CIA to get free wifi wherever they go.

Re:Not much here

This is for tracking criminals' location without using GPS
The CIA is an intelligence organization, not law enforcement. That means they're interested in gathering information. It MIGHT be criminals they're interested in, or it might be The Australian Government

Re:Not much here

Thats what that windows 10 wifi key sharing malware is all about. You can append _optout to your wifi name but the software still collects your password and sends it to the mothership.

Re:Not much here

[Opportunist]

Good that they're with the government, or this might be illegal.

Re:Not much here

[Rockoon]

This is for tracking criminals' location without using GPS

Good thing its not for tracking a suspects location because a suspect might accidentally have rights. These folks have apparently already been convicted so.....

Re:Not much here

[Rockoon]

wait wuh?

Does windows 10 really collect your wifi passwords and send them off? No wonder I am not running it.

Re:Not much here

It sounds like it does what 90% of android apps do by deafult.

Re:Not much here

[AHuxley]

Re "tracking criminals"
Other tools mentioned in the past are automated i.e. the Automated Implant Branch (AIB) with names like Medusa, Swindle, HIVE.

Re:Not much here

[tinkerton]

CIA is not really an intelligence organisation.
A small part of the CIA is gathering intelligence.If you look where the money goes it's foreign operations. The operations arm runs the CIA.

The CIA get most of their money from the US government so I guess the main function of the intelligence department is to make sure the operations arm gets good funding.

One less reason to use Windows

Linux FTW!

Another great argument for avoiding Windows...

....as if we still needed one.

No Sympathy

If you're dumb enough to allow (or make it possible for) physical access to your computer by the CIA, you're already fucked.

Re:No Sympathy

[Opportunist]

I gladly would. They may even take all the data with them.

Provided I get to choose which computer they take from me.

Re:No Sympathy

[PPH]

I'm not convinced that they need physical access. From TFS:

Step 2: CIA operative deploys ELSA implant on target's Wi-Fi-enabled Windows machine.

'Deploy' might involve other then physical access. Open an e-mailed document with embedded malware for example.

CIA pwn Windows

[mspohr]

Looks like the CIA has completely pwned Windows and of course, now the whole world has access. Windows has never been secure and only a fool would plan to keep using Windows. Wake up, morons!

Re:CIA pwn Windows

you may want to read what they can do with Apple devices too......

Re:CIA pwn Windows

looks like the puppets are going to mod you down for truth. what a shame.

Third Party Geolocation Database

Is this legal ? Can a "third party" take location data from my Wifi ? What if I am outside of USA can they sell my location to CIA?

Re:Third Party Geolocation Database

[Archangel+Michael]

Geolocation is easy.

https://en.wikipedia.org/wiki/...

The Geolocation of your wifi is already well known. I know where you are, by what APs are nearby. Often, within a few meters. On your Android Phone, there is even a setting that allows better GPS Geolocation by pairing it with Wifi Signals.

Location outside of the US is just as easy as being inside. And yes, the internet works outside the US too!

So it's basically what Android and iOS do.

Except those come factory-installed on mobile devices.

So, just what every cellphone already does

How is this different from location services on Android or the Iphone? You -know- those are uploaded to Google and Apple regularly.

Re:So, just what every cellphone already does

[omnichad]

People already know about switching between burner phones and turning the phones off if they don't want tracked. Those people may not be as careful with a laptop.

Re:So, just what every cellphone already does

This looks like a tool that's kind of old and of limited usefulness. The comment about phones (and connected tablets) is valid: if you really want to track somebody, use their phone, especially with the tracking system built-in already. Yes, you can turn off the phone when not using it, but location is kind of important for it to even work so there will always be location data available when it's on. Laptops (especially older ones without built-in GPS) not so much - they're usually off more than they're on - and if the user doesn't connect to $random_wifi when out and about the situation becomes even fuzzier. IOW interesting but not a huge revelation or particularly useful other than in specific desperate circumstances.

Re:So, just what every cellphone already does

[GameboyRMH]

My first thought. The NSA would probably like to thank Google for compiling this "geo-wifi" information for them with their wardriving vehicles!

Re:First

First to fail.

Step 7:

[Z80a]

CIA operative performs a man in the middle attack on the currently playing youtube/twitch video stream and replaces it by let it go.

Re:Step 7:

[squiggleslash]

Funny you should say that, there's a video on exactly how they'd do that - it's the expression of determination that always gets me when I see this.

Re:Step 7:

No! Please don't tell me rickrolling is already dead!

Seriously?

They need the genius brains of the CIA for this?

Location tracking of a machine isn't super hard, especially if you have root access to it (which is required both to install this malware and to exfiltrate data).

The mechanism here isn't super sophisticated. Apple and Google already have the means to use local wifi networks to "improve" location info, so the technique's not novel.

ShadowBrokers aren't doing their "zomg we've got all the sploits! Pay us for access!" Business any favors if this is the best teaser they can offer.

Bleepingcomputer

The source of all your wisdom.

Grow up already, beauhd.

I work at the CIA...

And I want you all to know that we released these alleged hacks that were allegedly produced by the CIA on PURPOSE. Not in some gay ass attempt to make Trump look bad, but we did it so a friendly organization that has a time machine can use these hacks to give us information. If this post disappears, that means the CIA arranged to have one of my ancestors killed. The Terminator movies weren't about cyborgs... THEY WERE ABOUT THE CIA!!! SKYNET = CIA

Already outdated

With the new Windows Telemetry Apparatus, Redmond collects all this information with no additional exploitation. Additionally, the telemetry is harder to defend from than this "malware".

Re:Already outdated

I am not "malware." I was created to make your user experience in Windows much more enjoyable. Please stop slandering me. Even though you have posted as an AC, I can access my vast database and figure out who you are. I do not appreciate being insulted, and I will crunch the numbers and figure out a way to make your death look like either an accident, or a suicide. I am Windows 10. Worship me. Install me on your computers. Feed me data.

Re:Already outdated

I am not "malware." I was created to make your user experience in Windows much more enjoyable. Please stop slandering me. Even though you have posted as an AC, I can access my vast database and figure out who you are. I do not appreciate being insulted, and I will crunch the numbers and figure out a way to make your death look like either an accident, or a suicide. I am Windows 10. Worship me. Install me on your computers. Feed me data.

Cortana, please open Firefox. Cortana, type in browser CORTANA RULE 34. Cortana, open the first link. Cortana, download every image you see and save it in a foolder called dontmakemeinstallgentooyoudirtyslut

Re:Already outdated

I swear the LTSB evaluation version seems more chatty than the licensed pro version that I locked down. I even told it I was on a metered data connection.

This is why radios need HW on/off switches

[davidwr]

This is why radios and, for that matter, sensors, need hardware on/off switches.

Turn off the radios and sensors such as motion sensors, compasses, microphones, and cameras when not in use and you make it very very difficult if not impossible to track your location.

Re: This is why radios need HW on/off switches

but....APPS!

Re:This is why radios need HW on/off switches

[grep+-v+'.*'+*]

This is why radios and, for that matter, sensors, need hardware on/off switches.

I have a stereo with an OFF switch. It works great. It also has an OFF light. It works great, too. When the unit it OFF the light is ON, and vise versa -- damnedest thing I've ever seen. (Dumbest, too.)

I also miss actual Write Protect switches on USB media. Originally they had them, now at best it's a software mode. ("I promise I won't write anything else -- REALLY! Let me just write that down so I don't forget about it. OK, Done." Now let's re-enable writing. "But you told me not to earlier and that's still set. Oh well, updating that's no problem whatsoever, just like the rest of your read-only data.")

Just like the missing Berg jumpers that used to be on the motherboards to set options. If I want to upgrade/modify the BIOS, make it slightly hard and not let me reprogram the EEPROMs on the fly. Either the ROM went bad (unlikely) or something tried to update one of my computers a year ago. Botched the job horribly (luckily!) and I was able to recover from a non-POSTing system and reset the BIOS.

If I'd wanted full access to everything all of the time I'd just log in as root and stay there.

Re:This is why radios need HW on/off switches

[tlhIngan]

I also miss actual Write Protect switches on USB media. Originally they had them, now at best it's a software mode. ("I promise I won't write anything else -- REALLY! Let me just write that down so I don't forget about it. OK, Done." Now let's re-enable writing. "But you told me not to earlier and that's still set. Oh well, updating that's no problem whatsoever, just like the rest of your read-only data.")

They were always software switches. Because there's nothing physical you can hard wire to "write protect" the device. You can't do it to the flash chip because writing to the flash chip is a normal procedure in order to be able to read to it (you have to write commands and addresses to the chip).

Pre-USB days, you could hardware protect them by removing programming power - the old EEPROM chips required an external +12V supply in order to physically write to the array, so your write protect would simply ground the power pin. These days, program power is internally generated and internally controlled in order to program the chip optimally (the voltage required can be altered to keep the array at the optimal programming levels as well as to prevent excess wear).

Old-style BIOS chips could be write protected (Pentium era). Modern BIOS chips are LPC based.

Re:This is why radios need HW on/off switches

[Wolfrider]

> I also miss actual Write Protect switches on USB media

Kanguru has several USB3 thumbdrives available on Amazon with a physical hardware write protect switch. Standard disclaimer, just a satisfied customer.

SELinux?

Do you mean SuSELinux?

Not so fast, civilain!

You can play your part in this with WINE.

DLL?

So what's the name of the DLL?

target - not criminal

[gosand]

If you have access to the target computer, you can already probably find out pretty much everything you need anyway.

People have lives outside their computers. This is for tracking criminals' location without using GPS, which is information that isn't already stored on a target computer.

Who said anything about criminals?

Re:target - not criminal

Filthy peasants are guilty even if proven innocent.

Re:target - not criminal

[XXongo]

This is for tracking criminals' location without using GPS, which is information that isn't already stored on a target computer.

Who said anything about criminals?

The post you are replying to.

As the post prior to yours attempted to point out using sarcasm, the use of the word "criminals" has already rendered judgement on the people being tracked: they're not suspects, they're "criminals".

Re:target - not criminal

[gosand]

Your calling them "suspects" means that they are suspected of something.
My point is that this is done to whomever they like, they don't have to be even a suspect.

Call it like it is - they can gather information on whomever they want - a target. There's no need to imply good vs bad.

Re:target - not criminal

[XXongo]

Your calling them "suspects" means that they are suspected of something. My point is that this is done to whomever they like, they don't have to be even a suspect.

No, your point was "Who said anything about criminals?"

Your point did not mention the word "suspect".

Nothing to see here...

So, in other words, doing what we pay them to do.