Spies do spying, part 97: The CIA has a tool to track targets via Wi-Fi
The latest cache of classified intelligence documents dumped online by WikiLeaks includes files describing malware CIA apparently uses to track PCs via Wi‑Fi.
The Julian Assange-led website claims the spyware, codenamed ELSA, infects a target's Windows computer and then harvests wireless network details to pinpoint the location of the machine. The software nasty is said to pull data from Google and Microsoft in order to pinpoint the real-world location of the infiltrated machine.
"ELSA is a geo-location malware for Wi‑Fi enabled devices like laptops running the Microsoft Windows operating system," says WikiLeaks.
"Once persistently installed on a target machine using separate CIA exploits, the malware scans visible Wi‑Fi access points and records the ESS identifier, MAC address and signal strength at regular intervals."
ELSA is one more weapon in the suite of malware tools the CIA uses to infiltrate the machines of people under investigation. It is used in combination with other exploits and tracking tools.
"The collected access point/geo-location information is stored in encrypted form on the device for later exfiltration," WikiLeaks says.
"The malware itself does not beacon this data to a CIA back-end; instead the operator must actively retrieve the log file from the device – again using separate CIA exploits and backdoors."
Before you go into hysterics, take a moment to breathe into a paper bag and remember that ELSA is used against CIA targets, and if you're the subject of a CIA intelligence operation you have way, way more to worry about than the integrity of your wireless network.
Besides, you're far more likely to be compromised by a webpage, GIF, or Excel spreadsheet from a run-of-the-mill cybercrook. ®
Sponsored: Becoming a Pragmatic Security Leader