Slashdot Mirror

← Back to Stories (view on slashdot.org)

WikiLeaks Reveals CIA Tool For Hacking Webcams, Microphones (thestack.com)

Posted by BeauHD on from the vault-7 dept.

An anonymous reader quotes a report from The Stack: WikiLeaks has released a new set of documents in the CIA Vault 7 leak, outlining the "Dumbo" hacking tool which allows control of webcams and microphones. The release explains that the tool is capable of completely suspending processes on webcams and corrupting video recordings. Dumbo's is tasked specifically with gaining and exploiting physical access to target computers used in CIA field operations, the release notes. According to WikiLeaks, the tool allows for the identification, control and manipulation of monitoring and detection systems, such as webcams and microphones, running the Microsoft Windows operating system. The technology first identifies all installed devices, whether they are connected locally, wirelessly, or across wired networks. Once Dumbo has detected all of these devices, it identifies all the related processes, which may include recording, monitoring or detection of video, audio and network streams. These operations can then be suspended by the operator. "By deleting or manipulating recordings the operator is aided in creating fake or destroying actual evidence of the intrusion operation," the release added. Dumbo does require direct access to the target computer and is run from a USB stick. The release states that it supports 32bit Windows XP, Windows Vista, and newer versions of Windows operating system. However, 64bit Windows XP and Windows versions prior to XP are not supported.

32 of 107 comments (clear)

  1. Wikileaks has no info on Trump's treason? by bit+trollent · · Score: 4, Interesting

    Interesting that Wikileaks is publicizing CIA documents while leaving their master Vladimir Putin, and his puppet Donald Trump unscathed.

    What - the FSB doesn't hack webcams?

    And of course, Wikileaks and Donald Trump are the only ones pretending that their puppet master Vladimir Putin didn't meddle in the US election.

    Ok - fine I'm shocked that the American spy agency has hacking capabilities... I mean, how else would we know that our "President" committed treason, aside from observing his complete subservience to Vladimir Putin and Russia's interests.

    1. Re:Wikileaks has no info on Trump's treason? by jodido · · Score: 1

      You mean like signing the Russia sanctions bill?

    2. Re:Wikileaks has no info on Trump's treason? by bit+trollent · · Score: 2

      Yeah, I mean like signing the Russia sanctions bill while opposing it, and making clear that he doesn't intend to enforce it.

      Trump only criticized the congress in his signing statement, not Russia who attack our country.

      Donald Trump is committing treason on a public and vast scale every day.

    3. Re:Wikileaks has no info on Trump's treason? by Anonymous Coward · · Score: 1

      The scary thing is how easily some Americans swallow Russian fake news stories, and become unwitting agents of the Russian government.

    4. Re:Wikileaks has no info on Trump's treason? by bit+trollent · · Score: 5, Informative

      Blaming "The Deep State" for catching Donald Trump blatantly committing treason is just pathetic. He sold America out to Russia, and he got caught. That's Trump's fault.

      Our security agencies are just doing their job protecting us from Russia's attacks on our country. It is not their fault that Donald Trump colludes with Russia's attacks on our country.

      It is not the job of the US government to ignore Donald Trump's obvious crimes and treasonous actions.

    5. Re:Wikileaks has no info on Trump's treason? by K.+S.+Kyosuke · · Score: 1

      What - the FSB doesn't hack webcams?

      Who cares about Russia? That's been a lost cause for centuries. Save what you can save. Also, whataboutism.

      --
      Ezekiel 23:20
    6. Re:Wikileaks has no info on Trump's treason? by gl4ss · · Score: 1

      because they don't have info on them or because fsb shit is plastered on the media already when it surfaces?

      because really it is. maybe not in the states but in other places it is.. fsb torture hotel etc - and also the suppression of said news inside russia is reported.

      you would know if you cared.

      however this tool.. eh.. a local program that scans for x processes and local mp4 files and kills them if it is run locally.

      super lame but I can see the PITCH that got them to pay money from this. btw the DUMBO in that deal was cia. it sounds like a cool concept if you don't stop to think about it for one bit.

      --
      world was created 5 seconds before this post as it is.
    7. Re: Wikileaks has no info on Trump's treason? by Reverend+Green · · Score: 1, Troll

      It is rather striking how the self-described "left" faction has become openly pro-war, and unashamed apologists for financial capitalism and systemic inequality.

      Indeed we live in interesting times.

    8. Re:Wikileaks has no info on Trump's treason? by BlueStrat · · Score: 1

      If 50% of people tell you there isn't a dinosaur in your room, but you see it clearly, you literally know it's true, who do you think is wrong? Think about this, FFS. Wake up!

      Aw, c'mon! Who are you gonna believe? We, the ones who love you and feel your pain (while we pick your pockets clean, set you against each other like pit-bulls at an illegal dog-fighting event, seize your money without a crime being committed, and throw enormous numbers of you in prisons), or your lying, deceitful, eyes?

      Strat

      --
      Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
    9. Re:Wikileaks has no info on Trump's treason? by K.+S.+Kyosuke · · Score: 1

      "WikiLeaks has released a new set of documents in the CIA Vault 7 leak, outlining the "Dumbo" hacking tool which allows control of webcams and microphones. The release explains that the tool is capable of completely suspending processes on webcams and corrupting video recordings. Dumbo's is tasked specifically with gaining and exploiting physical access to target computers used in CIA field operations, the release notes. According to WikiLeaks, the tool allows for the identification, control and manipulation of monitoring and detection systems, such as webcams and microphones, running the Microsoft Windows operating system. The technology first identifies all installed devices, whether they are connected locally, wirelessly, or across wired networks. Once Dumbo has detected all of these devices, it identifies all the related processes, which may include recording, monitoring or detection of video, audio and network streams. These operations can then be suspended by the operator. "By deleting or manipulating recordings the operator is aided in creating fake or destroying actual evidence of the intrusion operation," the release added. Dumbo does require direct access to the target computer and is run from a USB stick. The release states that it supports 32bit Windows XP, Windows Vista, and newer versions of Windows operating system. However, 64bit Windows XP and Windows versions prior to XP are not supported."

      --
      Ezekiel 23:20
    10. Re:Wikileaks has no info on Trump's treason? by rayjay217 · · Score: 1

      oh yeah

  2. eh by butchersong · · Score: 4, Informative

    This doesn't seem terribly impressive. Local access required.. look at devices, suspend processes?

    1. Re:eh by AHuxley · · Score: 2

      MI6 and the CIA often has real humans to sneak in a USB stick. No changes on a trusted internal network.
      Data is collected and later collected by a human again.
      The other person, brand or nation still think their advanced firewall and internal network is totally secure.
      Different support for the different styles of the clandestine services. Some need network access, some has the human support role.
      Some network tools and AV products are getting too smart and report any and all changes.
      Local access is often the best way to avoid any traces and nothing new is detected down a network.

      --
      Domestic spying is now "Benign Information Gathering"
  3. Computers are insecure by 110010001000 · · Score: 2

    General purpose computers are insecure by design. They are meant to run software and software can be programmed to do anything. If you put anything of value on a general purpose computer you are foolish.

    1. Re:Computers are insecure by gl4ss · · Score: 1

      and if you're buying something that is a fucking bat file on an usb stick as a spy tool on 10000% markup then..

      look, this isn't that great of a tool, ground breaking or novel or anything like that. it's hollywood inspired and it has a singular actual purpose: to make whoever sold it to them money.

      what it would BETTER be doing would be to load up on the computer and look on the network chinese dvr boxes and hack them. because THAT IS ACTUALLY HOW 99% OF ALL SECURITY CAMS OPERATE NOWADAYS. nobody in the countries they want to attack bothers with installing dvr cards when dvr boxes are cheaper.

      for this tool to be of any use you would already need to have so specific knowledge of the people you attack that you might just as well turn off the dvr software running on the computer yourself.

      --
      world was created 5 seconds before this post as it is.
  4. They're not a hacking org by Anonymous Coward · · Score: 3, Informative

    > Interesting that Wikileaks is publicizing CIA documents while leaving their master Vladimir Putin, and his puppet Donald Trump unscathed.

    Wikileaks isn't a hacker organization, they can only leak things which people send to them which they can verify. Have you sent them any FSB docs lately?

  5. Distraction efforts by Smidge204 · · Score: 5, Interesting

    Mueller put together a grand jury for the ongoing Russia investigations. Later that same day, Wikileaks releases more dirt on the CIA.

    Honestly, how can anyone NOT at least suspect Wikileaks from being under Russia control at this point?
    =Smidge=

  6. Such an indignity! by Gravis+Zero · · Score: 4, Funny

    it supports 32bit Windows XP, Windows Vista, and newer versions of Windows operating system. However, 64bit Windows XP and Windows versions prior to XP are not supported.

    We wrote all those lame webcam drivers but nooOOOOoo, not even the CIA will support Linux! >:(

    --
    Anons need not reply. Questions end with a question mark.
  7. Maybe this is all just cover? by Anonymous Coward · · Score: 1

    The two possibilities are:

    The NSA, despite all its supposed math/crypto geniuses and elite computer programmers/hackers is actually a bunch of inept academics targetting the lowest common denominator of exploits and security systems.

    Or...

    The NSA has allowed this information to be released to help cover up for their ACTUAL level of technical adeptness, a large percentage of which is tied to TrustZone, Intel ME, and AMD PSP, allowing them these same levels of bypasses, but without being tied to a specific operating system and making detection impossible since virtualization cannot sandbox it unlike the tricks that could be used to defeat their 'amateur' security system wiper/spoofer as depicted here.

    1. Re:Maybe this is all just cover? by Anonymous Coward · · Score: 1

      Or...

      They simply have agents working on assembly lines or in QA at computer manufacturers.

  8. Good news for all six of us still using XPx64! by ToTheStars · · Score: 3, Funny

    "However, 64bit Windows XP and Windows versions prior to XP are not supported." -- Of course, the same is true of most legitimate applications as well...

  9. Not supported my ass by Khyber · · Score: 1

    "64bit Windows XP and Windows versions prior to XP are not supported."

    Okay, This malware is known to work on Windows 2K3 Server - this should work on 64-bit XP by extension since it's almost-entirely the exact same codebase and kernel and driver model.

    This malware works on Windows XP 32-bit, which means that likely Windows 2000 is equally vulnerable as XP uses the Win2K Kernel and codebase (in fact they were both affected by almost all the exact same attacks. Anyone remember BLASTER?)

    This does not pass the smell test.

    --
    Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
    1. Re:Not supported my ass by Khyber · · Score: 1

      The WOW64 statement wouldn't apply to Windows 2000 supposedly not being supported while the malware supposedly works on XP 32-bit.

      --
      Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
  10. Re: Wikileaks, the ultimate MASTER of leaked data by geekymachoman · · Score: 1

    Title is ironic.
    The parent post treats wikileaks as a ultimate, exclusive holders of all spy knowledge in the world, like it was given to them same god teleported stone plates to Moses while nobody was looking, or whatever.

    So wikileaks is now sitting on all that data given by god and other supernatural forces, and choosing not to publish FSB capabilities of hacking cameras and other crap.

    Are you fucking kidding me right now ?

    If there were documents floating around about FSB hacking cameras (as I'm sure they do), they would be published if not by wikileaks then by somebody else.
    What, is EVERYBODY on Putin's payroll trying to destroy America ? Are you that brainwashed ?

    In reality, nobody outside of US gives a fuck about US.. it's the US that's pushing their dick in everybody elses business all the time.. talk about meddling in other countries election.

  11. panoptic by Reverend+Green · · Score: 1

    Freedom is obsolete - big brother is always watching. But we've all known this for more than a decade, right?

  12. 50 Cent Army by Reverend+Green · · Score: 1

    The pro-war shills are out in force today! One of the alphabet soup agencies must have signed a new contract for domestic disinformation propaganda.

    I wonder which information warfare mercenary company is running this sordid operation? I don't doubt it's "lawful", so we can't call them traitors or criminals. But it sure as fuck is unamerican.

    A message to the footsoldiers of this 50 Cent Army: blow the whistle! Let the public know how domestic media are being targeted by MIC contractors. Sunlight is a great disinfectant. Americans deserve to know the truth!

  13. Re: CIA's gone soft by Reverend+Green · · Score: 1

    The government is not a monolith. There are still good men, honorable Americans, inside the government - even within the CIA.

  14. I thought Wikileaks was for wrongdoing. by sabbede · · Score: 3, Insightful

    As in, "my boss is doing something wrong and the people need to know." Not for releasing the tools used by the CIA. What public benefit could there possibly be to putting the contents of James Bond's pockets on display? So far, I've only seen massive harm as malicious actors take these leaked tools and turn them into ransomware. Who should be sued for NotPetya, a Ukrainian firm that got hit, or Wikileaks for handing these exploits to the people who use them to hurt everyone?

  15. Re:Trump again ignores the Constitution by sabbede · · Score: 1

    What the hell are you talking about? Done what? Are you talking about a different article?

  16. When do we get a hardware indicator? by apoc.famine · · Score: 1

    I get that we all want the cheapest stuff, but it's seeming more and more obvious that there's a real need for hardwired LEDs adjacent to the recording devices on things. Hack all you want, but if power to the mic means power to the light, there is an indicator that it's being used. And while it's possible for a spy organization to crack a device open, wire the light up differently, and embed system hooks to turn it on only when legitimate programs are open and not their spy stuff, that's a very heavy lift compared to the current requirements.

    --
    Velociraptor = Distiraptor / Timeraptor
  17. Is this what paid trolls say, now? by Rujiel · · Score: 1

    Calling assange a rapist apparently got old for you guys, huh? The last several years of disinfo shilling still failed to make people ignore wikileaks.

  18. Now that the US can propagandize its own.. by Rujiel · · Score: 1

    Next, the trolls will just be bots posting programmatically contrived garbage. As for who pays for these sorts of activities, Glen Greenwald's piece (through The Intercept) on paid trolling is solid https://theintercept.com/2014/...