WikiLeaks Dump Reveals CIA Malware For Tracking Windows Devices Via WiFi Networks

WikiLeaks has published the documentation manual for an alleged CIA tool that can track users of Wi-Fi-capable Windows devices based on the Extended Service Set (ESS) data of nearby Wi-Fi networks. According to the tool's 42-page manual, the tool's name is ELSA. Bleeping Computer has an image embedded in its report that explains how the tool works. There are six steps that summarize the ELSA operation. Bleeping Computer reports: Step 1: CIA operative configures ELSA implant (malware) based on a target's environment. This is done using a tool called the "PATCHER wizard," which generates the ELSA payload, a simple DLL file.
Step 2: CIA operative deploys ELSA implant on target's Wi-Fi-enabled Windows machine. Because ELSA is an implant (malware), the CIA operator will likely have to use other CIA hacking tools and exploits to place the malware on a victim's PC.
Step 3: The implant begins collecting Wi-Fi access point information based on the schedule set by the operator. Data collection can happen even if the user is disconnected from a Wi-Fi network.
Step 4: When the target user connects to the Internet, ELSA will take the collected Wi-Fi data and query a third-party database for geolocation information.
Step 5: The CIA operative connects to the target's computer and fetches the ELSA log. This is done via the tools that allowed the operator to place ELSA on his system, or through other tools.
Step 6: The operator decrypts the log and performs further analysis on their target. Optionally, he can use the collected WiFi data to query alternate EES geo-location databases, if he feels they provide a better accuracy.

No linux hacks?

[fabriciom]

CIA don't waste their time with linux?

Re:No linux hacks?

[omnichad]

Neither do most criminals....Not a coincidence.

Re:No linux hacks?

[Big+Hairy+Ian]

Wait for Wikileaks to publish how the CIA/NSA etc hack web servers there will be as lot of Linux Hacks there. However they are far more interested in tracking individuals which will largely mean Desktop & Mobile hacks

Re:No linux hacks?

[ArchieBunker]

Not when they have a 98% chance of hitting a Windows machine.

Re:No linux hacks?

[Opportunist]

Apparently not if you consider privacy important.

Re:No linux hacks?

[WankerWeasel]

We'e been selling software that exploits a hole in Linux which allows us to pull all kinds of fun information and elevate user privileges. It's been sold to government agencies since around 2008. Hasn't been patched and won't be unless they fundamentally change the way the OS functions. The truth is that they're far more interested in hacking individual devices like phones and laptops, than the servers Linux typically runs on. Servers are easy to get a warrant for and the companies that own them must cooperate. Getting individuals to is far more difficult.

Re:No linux hacks?

[GameboyRMH]

Thanks for being an evil cyber-mercenary...just kidding, actually fuck you.

Re:No linux hacks?

[Rockoon]

Seems to me that most of the phones that arent running a Linux are running a BSD.

The low hanging fruit is always tricking users into installing your malware. There is no security through obscurity in cell phones now, which at least temporarily lowers the value of Linux and BSD kernel exploits.

Re: No linux hacks?

[TheOuterLinux]

If they can't play video games or Skype, which should be a terrifying thought to have a Window$ run camera starring at you, then they bitch. IT bitches because Window$ keeps them employed. Log on to a social network on Window$? Fuuuuuuu@&$....that. If it's free it must suck is the typical Micro$oft user motto. Freemium and FOSS are not the same thing. Some donate blood, others donate software; it's that simple. Unfortunately, most open source is going towards web development instead of the desktop. I know belittling doesn't help, but you can only throw so many obvious reasons to switch to Linux in all the M$ users' faces before it starts to look like a pandemic case of severe denial. It's kind of like a cult that slowly sips the Kool-Aid instead of all at once, only to join another for a different flavor of the same poison. Most of my computers are old as hell and they all run Linux with the latest 32-bit version of the kernel (some are PAE to get 4GB+ access) with up to date software I didn't have to pay a dime for. If I tried to run Window$ instead, they'd all be nothing but diseased-ridden paperweights, just something to heat up the room during the Winter and pray they stay out of my router.

Re:No linux hacks?

[Marxist+Hacker+42]

Worse than that, they spent how much on a CLIENT SIDE version of a basic MAC Address/Tracert sniffer?

Re:No linux hacks?

[AHuxley]

Improvise, Aquaman with Dancefloor that are OS ready. The automated multi-platform malware like Hive, Cutthroat and Swindle.

Re:No linux hacks?

[AHuxley]

Another Linux effort is Outlaw Country.

Not much here

As spying tools go, this one is pretty minor. It doesn't do anything unless you already have root access to the target computer. If you have access to the target computer, you can already probably find out pretty much everything you need anyway.

Re:Not much here

[omnichad]

If you have access to the target computer, you can already probably find out pretty much everything you need anyway.

People have lives outside their computers. This is for tracking criminals' location without using GPS, which is information that isn't already stored on a target computer.

Re:Not much here

[omnichad]

They use these tools on any old criminals, not just cybercriminals. Physical access is something you can get with a warrant (and probably without) and most criminals' computers are not hardened against this kind of injection (no encryption).

Re:Not much here

[Opportunist]

Good that they're with the government, or this might be illegal.

Re:Not much here

[Rockoon]

This is for tracking criminals' location without using GPS

Good thing its not for tracking a suspects location because a suspect might accidentally have rights. These folks have apparently already been convicted so.....

Re:Not much here

[Rockoon]

wait wuh?

Does windows 10 really collect your wifi passwords and send them off? No wonder I am not running it.

Re:Not much here

[AHuxley]

Re "tracking criminals"
Other tools mentioned in the past are automated i.e. the Automated Implant Branch (AIB) with names like Medusa, Swindle, HIVE.

Re:Not much here

[tinkerton]

CIA is not really an intelligence organisation.
A small part of the CIA is gathering intelligence.If you look where the money goes it's foreign operations. The operations arm runs the CIA.

The CIA get most of their money from the US government so I guess the main function of the intelligence department is to make sure the operations arm gets good funding.

So it's basically what Android and iOS do.

Except those come factory-installed on mobile devices.

So, just what every cellphone already does

How is this different from location services on Android or the Iphone? You -know- those are uploaded to Google and Apple regularly.

Re:So, just what every cellphone already does

[omnichad]

People already know about switching between burner phones and turning the phones off if they don't want tracked. Those people may not be as careful with a laptop.

Re:So, just what every cellphone already does

[GameboyRMH]

My first thought. The NSA would probably like to thank Google for compiling this "geo-wifi" information for them with their wardriving vehicles!

Step 7:

[Z80a]

CIA operative performs a man in the middle attack on the currently playing youtube/twitch video stream and replaces it by let it go.

Re:Step 7:

[squiggleslash]

Funny you should say that, there's a video on exactly how they'd do that - it's the expression of determination that always gets me when I see this.

Re:Third Party Geolocation Database

[Archangel+Michael]

Geolocation is easy.

https://en.wikipedia.org/wiki/...

The Geolocation of your wifi is already well known. I know where you are, by what APs are nearby. Often, within a few meters. On your Android Phone, there is even a setting that allows better GPS Geolocation by pairing it with Wifi Signals.

Location outside of the US is just as easy as being inside. And yes, the internet works outside the US too!

Already outdated

With the new Windows Telemetry Apparatus, Redmond collects all this information with no additional exploitation. Additionally, the telemetry is harder to defend from than this "malware".

This is why radios need HW on/off switches

[davidwr]

This is why radios and, for that matter, sensors, need hardware on/off switches.

Turn off the radios and sensors such as motion sensors, compasses, microphones, and cameras when not in use and you make it very very difficult if not impossible to track your location.

Re:This is why radios need HW on/off switches

[grep+-v+'.*'+*]

This is why radios and, for that matter, sensors, need hardware on/off switches.

I have a stereo with an OFF switch. It works great. It also has an OFF light. It works great, too. When the unit it OFF the light is ON, and vise versa -- damnedest thing I've ever seen. (Dumbest, too.)

I also miss actual Write Protect switches on USB media. Originally they had them, now at best it's a software mode. ("I promise I won't write anything else -- REALLY! Let me just write that down so I don't forget about it. OK, Done." Now let's re-enable writing. "But you told me not to earlier and that's still set. Oh well, updating that's no problem whatsoever, just like the rest of your read-only data.")

Just like the missing Berg jumpers that used to be on the motherboards to set options. If I want to upgrade/modify the BIOS, make it slightly hard and not let me reprogram the EEPROMs on the fly. Either the ROM went bad (unlikely) or something tried to update one of my computers a year ago. Botched the job horribly (luckily!) and I was able to recover from a non-POSTing system and reset the BIOS.

If I'd wanted full access to everything all of the time I'd just log in as root and stay there.

Re:This is why radios need HW on/off switches

[tlhIngan]

I also miss actual Write Protect switches on USB media. Originally they had them, now at best it's a software mode. ("I promise I won't write anything else -- REALLY! Let me just write that down so I don't forget about it. OK, Done." Now let's re-enable writing. "But you told me not to earlier and that's still set. Oh well, updating that's no problem whatsoever, just like the rest of your read-only data.")

They were always software switches. Because there's nothing physical you can hard wire to "write protect" the device. You can't do it to the flash chip because writing to the flash chip is a normal procedure in order to be able to read to it (you have to write commands and addresses to the chip).

Pre-USB days, you could hardware protect them by removing programming power - the old EEPROM chips required an external +12V supply in order to physically write to the array, so your write protect would simply ground the power pin. These days, program power is internally generated and internally controlled in order to program the chip optimally (the voltage required can be altered to keep the array at the optimal programming levels as well as to prevent excess wear).

Old-style BIOS chips could be write protected (Pentium era). Modern BIOS chips are LPC based.

Re:This is why radios need HW on/off switches

[Wolfrider]

> I also miss actual Write Protect switches on USB media

Kanguru has several USB3 thumbdrives available on Amazon with a physical hardware write protect switch. Standard disclaimer, just a satisfied customer.

Re:No Sympathy

[Opportunist]

I gladly would. They may even take all the data with them.

Provided I get to choose which computer they take from me.

Re:No Sympathy

[PPH]

I'm not convinced that they need physical access. From TFS:

Step 2: CIA operative deploys ELSA implant on target's Wi-Fi-enabled Windows machine.

'Deploy' might involve other then physical access. Open an e-mailed document with embedded malware for example.

target - not criminal

[gosand]

If you have access to the target computer, you can already probably find out pretty much everything you need anyway.

People have lives outside their computers. This is for tracking criminals' location without using GPS, which is information that isn't already stored on a target computer.

Who said anything about criminals?

Re:target - not criminal

[XXongo]

This is for tracking criminals' location without using GPS, which is information that isn't already stored on a target computer.

Who said anything about criminals?

The post you are replying to.

As the post prior to yours attempted to point out using sarcasm, the use of the word "criminals" has already rendered judgement on the people being tracked: they're not suspects, they're "criminals".

Re:target - not criminal

[gosand]

Your calling them "suspects" means that they are suspected of something.
My point is that this is done to whomever they like, they don't have to be even a suspect.

Call it like it is - they can gather information on whomever they want - a target. There's no need to imply good vs bad.

Re:target - not criminal

[XXongo]

Your calling them "suspects" means that they are suspected of something. My point is that this is done to whomever they like, they don't have to be even a suspect.

No, your point was "Who said anything about criminals?"

Your point did not mention the word "suspect".