In the ongoing Wikileaks Vault 7 series of leaks, there is a new leak called ExpressLane.
According to the documents released by Wikileaks, the CIA offers a partnership with other law enforcement and government agencies in which those partners can share biometric data such as fingerprints with the CIA.
The CIA does this by offering a predefined hardware, operating system and software to its liaison partners. It also supports these systems.
Since the program is voluntary, the CIA likely did not get all of the biometric data that each of the partner agencies had collected, so they decided to get creative.
Since they “support” these systems for their friends, they send a technician to update the system via flash drive. Only that update also installs the ExpressLane backdoor.
ExpressLane has two parts – the first part creates a hidden partition on the target system where the biometric data is captured. This partition is used as a holding pen for the data that they want to steal. The data is encrypted and compressed before being stored in the hidden partition.
The second part takes the data from the hidden partition and steals it by copying it to the flash drive the next time the technician comes to “maintain” the system.
This is only one of 21 disclosures that WikiLeaks has made in the Vault 7 series – likely with more to come.
If this turns out to be true and I suspect that it probably is true, then partners – especially those in other countries – are likely going to be less cooperative with the CIA and probably all other federal government law enforcement and justice agencies. In that sense, WikiLeaks is doing significant damage to the U.S. Government.
One might think that other governments should have assumed that the CIA is not trustworthy (after all, what the CIA was doing is likely NO DIFFERENT from what other countries likely do), but I am not sure that other U.S. Government agencies would have made that same assumption – until now.
For the CIA, this is yet another damaging blow. Probably not to their prestige (other than the fact that all of this stuff has become public). but rather to their operational ability as all of these tools become public.
SOME of the other leaks include:
- DUMBO – a tool to hack webcams and microphones
- IMPERIAL – a series of tools to hack Mac, Linux and Unix systems
- HIGHRISE – a tool to steal information from phones and exfiltrate it via SMS messages
- ELSA – A tool to harvest location information data of Windows laptops
- CHERRY BLOSSOM – A tool to monitor Internet activity on targeted systems by exploiting bugs in Wi-Fi devices
- WEEPING ANGEL – a tool to transform smart TVs into covert listening devices
And, many, many others.
What we don’t know yet is how many MORE leaked documents WikiLeaks will publish and where they are getting them from. Two likely candidates are rogue employees and nation state actors like Russia and China. The CIA has not, that I am aware of, given any indication of the source of the leaks, although I am sure they are trying hard to figure it out and may know already.
In my opinion, rogue employees seem less likely, but who knows. What is VERY SCARY is if the Russians or Chinese have infiltrated the CIA and are still there. I am pretty comfortable that the CIA is likely more concerned about this possibility than anyone and are probably working very hard to figure out if that is in fact what happened.
Of course, they may never tell us what they find unless they decide to prosecute someone for espionage.
Information for this post came from The Hacker News.