WikiLeaks Vault 7 Exposes CIA Using Fake Updates to Spy on Fellow U.S. Intel Agencies

In a new data dump, WikiLeaks reveals the CIA used fake updates to spy on fellow U.S. intelligence agencies. Using a tool known as ‘ExpressLane’, the CIA collected ‘biometrics’ from DHS, FBI, and NSA.

Bleeping Computer reports:

Wikileaks has released new files part of the Vault 7 series it claims it obtained from the CIA. The files dumped online yesterday reveal details about the inner workings of a biometrics system developed by the CIA, and which the agency has provided to various liaison services, such as the DHS, FBI, and NSA.

Documents details a tool named ExpressLane that the CIA uses to ensure that fellow liaison agencies share the collected biometrics with the CIA.

According to the files, the CIA designed its biometrics database in such a way that the entire system ceases to work after six months if a CIA operative doesn’t visit the liaison agency to install an update.

This update does not take place. The CIA operative that visits these liaison agencies inserts a USB device that runs the ExpressLane tool.

This app shows a splash screen that mimics an update status bar. In reality, ExpressLane collects all the new biometrics data recorded since the last visit.

At the start of August, WikiLeaks “downloaded” on the CIA, releasing documents detailing how America’s top spies use a tool called ‘Dumbo’ to take over webcams. 

Sputnik News reports:

“Dumbo is a capability to suspend processes utilizing webcams and corrupt any video recordings that could compromise a PAG deployment. The PAG (Physical Access Group) is a special branch within the CCI (Center for Cyber Intelligence); its task is to gain and exploit physical access to target computers in CIA field operations,” WikiLeaks said in a press release.

The tool allows for the identification, control and manipulation of the monitoring and detection systems, like webcams and microphones, on a target computer running the Microsoft Windows operating system. It requires a direct access to the computer as it is run from an USB stick.

“All processes related to the detected devices (usually recording, monitoring or detection of video/audio/network streams) are also identified and can be stopped by the operator. By deleting or manipulating recordings the operator is aided in creating fake or destroying actual evidence of the intrusion operation,” the press release specified.

Comments

As a privately owned web site, we reserve the right to edit or remove comments that contain spam, advertising, vulgarity, threats of violence, racism, anti-Semitism, or personal/abusive attacks on other users. The same applies to trolling, the use of multiple aliases, or just generally being a jerk. Enforcement of this policy is at the sole discretion of the site administrators and repeat offenders may be blocked or permanently banned without warning