Wikileaks today published a handbook for a CIA tool that can remotely capture streaming video and store them on the disk for further analysis.
The tool name is CouchPotato and is described in one manual which dates back to 14 February of 2014.
According to the manual, CIA agents can use it from a command line box. So start the tool by giving the URL of a streaming video in the RTSP or H.264 format that interest them and the location they want to store the file on their disk.
RTSP and H.264 format files are often used by IP-based surveillance cameras for video stream over the Internet or within a closed network.
CouchPotato seems to be a tool that can be used without violating the victim's network if the CIA agent can discover the URLs of the video streams.
CouchPotato can store streaming on disk in classic AVI video format or as JPEG images if the tool operator wants to save space.
In the latter case, CouchPotato can analyze, detect, and store streaming images that have significant changes from the previous photo, thus capturing only images that have been moved to an object.
The CouchPotato according to the manual that it published Wikileaks, uses the FFmpeg utility for the video capture process. The user manual, however, seems to warn of a major drawback of the tool: High CPU resource usage. CIA trials reveal that CouchPotato uses from 50% to 70% of the resources used by the machine.
The current leak is part of a larger series called Vault 7.
Please be reminded that Wikileaks is releasing documents in the Vault 7 series from 7 2017 March, expounding more and more Coca-Cola tools.
Year Zero: CIA exploits popular hardware and software.
Weeping Angel: the spy tool that the service uses to penetrate smart TVs, turning them into disguised microphones.
Dark Matter: exploits targeting iPhones and Mac.
Marble: ο Source Code a secret anti-forensic framework. It is essentially an obfuscator used by the CIA to hide the real source of malware.
Grasshopper: a framework that allows the information service to easily create custom malicious software to violate Microsoft Windows and bypass any virus protection.
Archimedes: a MitM attack tool allegedly created by the CIA for targeting computers within a local area network (LAN).
Scribbles: a software designed to add 'web beacons' to classified documents, to enable the control of leaks by secret services.
Athena:is designed to be able to gain complete control over infected Windows computers, allowing the CIA to perform many operations on the target machine, such as deleting data or installing malware, stealing data and sending it to servers of CIA.
CherryBlossom: a tool that tracks the online activity of a target, redirects the browser, crawls e-mail addresses and phone numbers, and more through the router.
Brutal Kangaroo:tool that can be used to infect air-gapped computers with malware.
ELSA: Windows malware used by the CIA to identify the location of a particular user using his computer's Wi-Fi.
OutlawCountry: Linux malware that the CIA uses to determine the location of a particular user using its computer's Wi-Fi.
BothanSpy - Gyrfalcon: for SSH authentication theft from Windows and Linux respectively
HighRise: the CIA tool for tracking and redirecting SMS messages to a remote server.
Achilles, Aeris and SeaPea: spyware and transportof data from MacOS and Linux systems
Dumbo: blocks cameras, microphones, and surveillance software.
CouchPotato: CIA tool for stealing streaming video from IP Webcams
