3 August, 2017 WikiLeaks has published new documents about CIA Cyber Weapon called “Dumbo”, that target to Webcams and Corrupt Video Recordings by physical Accessibility Control.
Dumbo involves a USB thumb drive equipped with a Windows hacking tool that can identify installed webcams and microphones, either connected locally, wired or wirelessly via Bluetooth or Wi-Fi. Once identified, the Dumbo program allows the hacker to:
– Mute all microphones
– Disables all network adapters
– Suspends any processes using a camera recording device
– Selectively corrupted or delete recordings
Documents explain about the contents of the project:
“Dumbo is a capability to suspend processes utilizing webcams and corrupt any video recordings that could compromise a PAG deployment. The PAG (Physical Access Group) is a special branch within the CCI (Center for Cyber Intelligence); its task is to gain and exploit physical access to target computers in CIA field operations.”
“Dumbo can identify, control and manipulate monitoring and detection systems on a target computer running the Microsoft Windows operating sytem. It identifies installed devices like webcams and microphones, either locally or connected by wireless (Bluetooth, WiFi) or wired networks. All processes related to the detected devices (usually recording, monitoring or detection of video/audio/network streams) are also identified and can be stopped by the operator. By deleting or manipulating recordings the operator is aided in creating fake or destroying actual evidence of the intrusion operation.”
“Dumbo is run by the field agent directly from an USB stick; it requires administrator privileges to perform its task. It supports 32bit Windows XP, Windows Vista, and newer versions of Windows operating system. 64bit Windows XP, or Windows versions prior to XP are not supported.”
Previous CIA tools and documents Leaked:
Imperial – The CIA project Developed three hacking tools and implants designed to target computers running Apple Mac OS X and different flavours of Linux operating systems.
Raytheon – Raytheon Blackbird, the technologies for the Remote Development Branch (RDB) of the CIA by analysing malware attacks in the wild and giving recommendations to the CIA development teams for further investigation and PoC development for their own malware projects.
Highrise – an SMS messaging Android application designed for mobile devices running Android 4.0 to 4.3, that provides a communications channel between the HighRise field operator and the LP with a TLS/SSL secured internet communication.
BothanSpy – Two CIA project (BothanSpy and Gyrfalcon) that allowed the attacker to intercept and exfiltrate SSH (Secure Shell) credentials from targeted Windows and Linux operating systems using different attack vectors.
OutlawCountry – The project that targets computers running the Linux operating system allow hackers redirect all outbound network traffic on the targeted machine to CIA controlled computer systems for exfiltrate and infiltrate data.
Elsa – The CIA malware that tracks geo-location of targeted PCs and laptops running the Microsoft Windows operating system.
Brutal Kangaroo – A tool suite for Microsoft Windows that targets closed networks or air-gapped computer systems within an organization or enterprise without requiring any direct access.
Cherry Blossom – A framework, basically a remotely controllable firmware-based implant, used for spying on the Internet activity of the targeted systems by exploiting flaws in WiFi devices.
Pandemic – a CIA’s project that allowed the attacker to turn Windows file servers into covert attack machines that can silently infect other computers of interest inside a targeted network.
Athena – a spyware framework that has been designed to take full control over Windows PCs remotely, and works against every version of Microsoft’s Windows operating systems, from Windows XP to Windows 10.
AfterMidnight and Assassin – Two apparent CIA malware frameworks for the Windows platform that has been designed to monitor and report back activities of the infected remote host computer and execute malicious actions.
Archimedes – Man-in-the-Middle attack tool created by the CIA to target computers inside a Local Area Network (LAN). Scribbles – Software reportedly designed to embed ‘web beacons’ into confidential files and documents, allowing the attacker to track whistleblowers and insiders.
Grasshopper – A framework which allowed the attacker to easily create custom malware for breaking into Windows operating system and bypassing antivirus protection.
Marble – The source code of a secret anti-forensic framework, basically an obfuscator or a packer used by the spying attacker to hide the actual source of its malware.
Dark Matter – Revealed hacking exploits the CIA designed to target iPhones and Macs.
Year Zero – The first full part of the series includes several CIA hacking exploits for popular hardware and software (8,761 documents and files from an isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virgina).