WikiLeaks Dump Reveals CIA Malware For Tracking Windows Devices Via WiFi Networks

WikiLeaks has published the documentation manual for an alleged CIA tool that can track users of Wi-Fi-capable Windows devices based on the Extended Service Set (ESS) data of nearby Wi-Fi networks. According to the tool's 42-page manual, the tool's name is ELSA. Bleeping Computer has an image embedded in its report that explains how the tool works. There are six steps that summarize the ELSA operation. Bleeping Computer reports: Step 1: CIA operative configures ELSA implant (malware) based on a target's environment. This is done using a tool called the "PATCHER wizard," which generates the ELSA payload, a simple DLL file.
Step 2: CIA operative deploys ELSA implant on target's Wi-Fi-enabled Windows machine. Because ELSA is an implant (malware), the CIA operator will likely have to use other CIA hacking tools and exploits to place the malware on a victim's PC.
Step 3: The implant begins collecting Wi-Fi access point information based on the schedule set by the operator. Data collection can happen even if the user is disconnected from a Wi-Fi network.
Step 4: When the target user connects to the Internet, ELSA will take the collected Wi-Fi data and query a third-party database for geolocation information.
Step 5: The CIA operative connects to the target's computer and fetches the ELSA log. This is done via the tools that allowed the operator to place ELSA on his system, or through other tools.
Step 6: The operator decrypts the log and performs further analysis on their target. Optionally, he can use the collected WiFi data to query alternate EES geo-location databases, if he feels they provide a better accuracy.

Re:Not much here

[omnichad]

If you have access to the target computer, you can already probably find out pretty much everything you need anyway.

People have lives outside their computers. This is for tracking criminals' location without using GPS, which is information that isn't already stored on a target computer.

Step 7:

[Z80a]

CIA operative performs a man in the middle attack on the currently playing youtube/twitch video stream and replaces it by let it go.

This is why radios need HW on/off switches

[davidwr]

This is why radios and, for that matter, sensors, need hardware on/off switches.

Turn off the radios and sensors such as motion sensors, compasses, microphones, and cameras when not in use and you make it very very difficult if not impossible to track your location.

Re:No linux hacks?

[WankerWeasel]

We'e been selling software that exploits a hole in Linux which allows us to pull all kinds of fun information and elevate user privileges. It's been sold to government agencies since around 2008. Hasn't been patched and won't be unless they fundamentally change the way the OS functions. The truth is that they're far more interested in hacking individual devices like phones and laptops, than the servers Linux typically runs on. Servers are easy to get a warrant for and the companies that own them must cooperate. Getting individuals to is far more difficult.

Re:No linux hacks?

[GameboyRMH]

Thanks for being an evil cyber-mercenary...just kidding, actually fuck you.

Re:Not much here

[Rockoon]

This is for tracking criminals' location without using GPS

Good thing its not for tracking a suspects location because a suspect might accidentally have rights. These folks have apparently already been convicted so.....