The WikiLeaks revealed new tools allegedly used by the CIA in its cyber operations. The new tools can stop surveillance cameras so law enforcement agents can carry out their missions without being caught on video.
A set of tools called Dumbo can not only block cameras, microphones, and surveillance software, but it can detect audio and video recordings and destroy files in a way that does not allow them to be recovered.
The manuals published by WikiLeaks were last updated in June of 2015 and reveal that Dumbo is in the 3.0 version, offering support for all versions of Windows that are available on the market, starting with Windows XP, although the versions of the 64 bits of this particular release are not supported.
"Το Dumbo είναι μια δυνατότητα αναστολής των διαδικασιών που χρησιμοποιούν κάμερες web και καταστροφής τυχόν εγγραφών βίντεο που θα μπορούσαν να θέσουν σε κίνδυνο την ανάπτυξη PAG. Το PAG (Physical Access Group) είναι ένα ειδικό τμήμα στο CCI (Center for Cyber Intelligence). Το καθήκον του είναι να αποκτάει physics πρόσβαση σε υπολογιστές-στόχους στις επιχειρήσεις της CIA," αναφέρει το WikiLeaks.
What is important to note is that compared to other malicious tools the CIA uses, Dumbo requires physical access to the victim's computer as the application is contained on a USB stick that should be connected to the machine.
Administrator rights are required not to be detected by security software, although from previous WikiLeaks revelations we learned that getting root privileges is something the information service can easily do.
Once introduced into a system, Dumbo offers tools to disrupt it operation of all connected monitoring devices and software, but also looks for additional devices that are part of the network. It searches for specific processes and records, offering access even to files that have been deleted but have left traces.
If the deactivation of the surveillance system does not work, CIA agents can cause BSOD to connect to the Windows system. So with the offline system surveillance cameras are useless.
Please be reminded that Wikileaks is releasing documents in the Vault 7 series from 7 2017 March, expounding more and more Coca-Cola tools.
Year Zero: CIA exploits popular hardware and software.
Weeping Angel: the spy tool that the service uses to penetrate smart TVs, turning them into disguised microphones.
Dark Matter: exploits targeting iPhones and Mac.
Marble: the source code of a secret anti-forensic framework. It is basically a obfuscator that CIA uses to hide the real source of malware.
Grasshopper: a framework that allows the information service to easily create custom malicious software to violate Microsoft Windows and bypass any virus protection.
Archimedes: a MitM attack tool allegedly created by the CIA for targeting computers within a local area network (LAN).
Scribbles: a software designed to add 'web beacons' to classified documents to allow intelligence to monitor leaks.
Athena:is designed to fully acquire full control over infected Windows computers, allowing the CIA to perform many functions on the target machine, such as deleting data or installing malicious software, data theft, and sending them to CIA servers.
CherryBlossom: a tool that tracks the online activity of a target, redirects the browser, crawls e-mail addresses and phone numbers, and more through the router.
Brutal Kangaroo:tool that can be used to infect air-gapped computers with malware.
ELSA: Windows malware used by the CIA to identify the location of a particular user using his computer's Wi-Fi.
OutlawCountry: Linux malware that the CIA uses to determine the location of a particular user using its computer's Wi-Fi.
BothanSpy - Gyrfalcon: for SSH authentication theft from Windows and Linux respectively
HighRise: the CIA's tracking and redirection tool messages SMS to a remote server.
Achilles, Aeris and SeaPea: malicious spyware and data transfer software from MacOS and Linux
Dumbo: blocks cameras, microphones, and surveillance software.
