Wikileaks today published a handbook for a CIA tool that can remotely capture streaming video and store them on the disk for further analysis.
The tool name is CouchPotato and is described in one manual which dates back to 14 February of 2014.
According to the manual, CIA agents can use it from a command line box. So start the tool by giving the URL of a streaming video in the RTSP or H.264 format that interest them and the location they want to store the file on their disk.
RTSP and H.264 files are often used by IP surveillance cameras for video streaming over the Internet or within a closed network.
CouchPotato seems to be a tool that can be used without violating the victim's network if the CIA agent can discover the URLs of the video streams.
CouchPotato can store streaming on disk in classic AVI video format or as JPEG images if the tool operator wants to save space.
In the latter case, CouchPotato can analyze, detect, and store streaming images that have significant changes from the previous photo, thus capturing only images that have been moved to an object.
The CouchPotato according to the manual that it published Wikileaks, uses the FFmpeg utility for the video download process. However, the user manual seems to warn about a major drawback of the tool: High usage of basic CPU resources. CIA tests reveal that CouchPotato uses between 50% and up to 70% of the resources of the machine being used.
The current leak is part of a larger series called Vault 7.
Please be reminded that Wikileaks is releasing documents in the Vault 7 series from 7 2017 March, expounding more and more Coca-Cola tools.
Year Zero: CIA exploits popular hardware and software.
Weeping Angel: the tool espionages that the service uses to penetrate smart televisions, turning them into covert microphones.
Dark Matter: exploits targeting iPhones and Mac.
Marble: the source code of a secret anti-forensic framework. It is essentially an obfuscator used by the CIA to hide the real source malicioussoftware.
Grasshopper: a framework that allows the intelligence agency to easily create custom malware to compromise Microsoft Windows and bypass any protection from viruses.
Archimedes: a MitM attack tool allegedly created by the CIA for targeting computers within a local area network (LAN).
Scribbles: a software designed to add 'web beacons' to classified documents to allow intelligence to monitor leaks.
Athena:is designed to fully acquire full control over infected Windows computers, allowing the CIA to perform many functions on the target machine, such as deleting data or installing malicious software, data theft, and sending them to CIA servers.
CherryBlossom: a tool that tracks the online activity of a target, redirects the browser, crawls e-mail addresses and phone numbers, and more through the router.
Brutal Kangaroo:tool that can be used to infect air-gapped computers with malware.
ELSA: Windows malware used by the CIA to identify the location of a particular user using his computer's Wi-Fi.
OutlawCountry: Linux malware that the CIA uses to determine the location of a particular user using its computer's Wi-Fi.
BothanSpy - Gyrfalcon: for SSH authentication theft from Windows and Linux respectively
HighRise: the CIA tool for tracking and redirecting SMS messages to a remote server.
Achilles, Aeris and SeaPea: malicious spyware and data transfer software from MacOS and Linux
Dumbo: blocks cameras, microphones, and surveillance software.
CouchPotato: CIA tool for stealing streaming video from IP Webcams
