What Is Elsa? CIA Can Track Location Of Wi-Fi-Enabled Devices Using Windows
WikiLeaks released another batch of documents Wednesday that purportedly detail how the United States’ Central Intelligence Agency can track the location of a target using Wi-Fi enabled devices.
The newly released WikiLeaks files, dubbed Elsa, show how the CIA makes use of geo-location malware to collect information from the machine and keep tabs on their location as they move from connection to connection.
Read: WikiLeaks Document Dump: CIA Brutal Kangaroo Hack Breached Computers On Offline Networks
According to WikiLeaks, Elsa is developed specifically to infect machines running Microsoft Windows operating systems. According to the document, Elsa can execute on computers running 32-bit or 64-bit versions of Windows 7.
Once the malware has been installed on a target’s machine—which can be done remotely—the software records a number of identifying pieces of information about the machine including the MAC address associated with the device.
While the malware can gather this information without an internet connection, its real value to the CIA is what it finds when the computer is connected to the internet via Wi-Fi, as it allows the agency to track the location of the infected machine and therefore keep tabs on its target as they move from location to location.
The attack provides the CIA an alternative to GPS tracking, which is common in smartphones and tablets but less likely to be available on laptops. Any time the infected machine is connected to the internet, the CIA can determine its position.
Read: Government Spying: WikiLeaks 'Cherry Blossom' Documents Reveal CIA Hacks Wi-Fi Routers
Interestingly, the method pulls the geolocation data from third-party databases like Google or Microsoft that are designed to support location services in web browsers like Firefox, Chrome and Internet Explorer.
Each location recorded by the CIA’s malware is stamped with latitude, longitude and an accompanying timestamp. That information isn’t broadcast directly to the CIA but can be retrieved from the device via log files that can be extracted using other vulnerabilities, providing the CIA with a running list of the target’s exact location at an exact time.
It’s not clear if the vulnerability that allows the Elsa exploit to operate are still functional in recent versions of Windows. A change log attached to the document shows it was last updated in June 2012, prior to the release of Windows 8—though the document could be outdated and updates may have been issued for the malware.
The release is the latest from WikiLeaks as part of its Vault 7 series, which has focused on releasing leaked documents from the CIA detailing the government agency’s technical capabilities.
Previous leaks have shown the intelligence group’s ability to compromise Apple devices, Windows machines, launch malware attacks, obfuscate the origins of an attack to hide its tracks, compromise Wi-Fi routers to track a target’s activity online and attack air-gapped computer networks.
© Copyright IBTimes 2024. All rights reserved.