Wikileaks, the controversial online data leaker which is known for exposing corruption within governments and corporations, has released a massive data dump which included some interesting news about what the CIA has been up to recently that demonstrates the CIA is intent on accessing all kinds of computer system.
Wiki Leaks has just published a new batch of the ongoing Vault 7 leak, this time detailing an alleged CIA project that allowed the agency to hack and remotely spy on computers running the Linux operating systems , also tracks geo-location of targeted PCs and laptops running the Microsoft Windows operating system.The CIA has been exploiting Windows systems for quite some time and it seems they want to have a peek inside the systems of the extremely private Linux user as well.For geo locating ELSA MALWARE is used for hacking and spying OUTLAWCOUNTRY MALWARE is used by CIA.
According to the leak, the CIA has targeted Linux users, with an exploit called “outlawcountry” that allows the CIA hackers to redirect all outbound network traffic on the targeted computer to CIA controlled computer systems for exfiltrate and infiltrate data for hacking and spying purposes however, is that this malware attack requires physical access to the system so that it can get elevated privileges, so if you’re running the system and it’s connected to the internet, you should be safe since it cannot run via an email attachment or like a lot of malware, download itself onto your system through ads in your browser.
Dubbed ELSA, the alleged CIA’s project for Geo -location consists of two main elements: the processing component (Operator Terminal) and the implant (Windows Target) which is typically being deployed on a target Windows host. The Elsa system first installs the malware on a targeted Wi-Fi-enabled machine using separate CIA exploits to gain persistent access on the device.
The malware then uses Wi-Fi hardware of the infected computer to scan nearby visible Wi-Fi access points (AP) and records their ESSID – stands for Extended Service Set Identifier (IEEE 802.11 wireless networking), MAC address and signal strength at regular intervals. In order to perform this data collection, the ELSA malware does not require the targeted computer to be connected to the Internet. Instead, it only requires the malware to be running on a device with Wi-Fi enabled.