SoylentNews is people
SoylentNews
Arthur T Knackerbracket has found the following story:
Home routers from 10 manufacturers, including Linksys, DLink, and Belkin, can be turned into covert listening posts that allow the Central Intelligence Agency to monitor and manipulate incoming and outgoing traffic and infect connected devices. That's according to secret documents posted Thursday by WikiLeaks.
The 175-page CherryBlossom user guide describes a Linux-based operating system that can run on a broad range of routers. Once installed, CherryBlossom turns the device into a "FlyTrap" that beacons a CIA-controlled server known as a "CherryTree." The beacon includes device status and security information that the CherryTree logs to a database. In response, the CherryTree sends the infected device a "Mission" consisting of specific tasks tailored to the target. CIA operators can use a "CherryWeb" browser-based user interface to view Flytrap status and security information, plan new missions, view mission-related data, and perform system administration tasks.
[...] All the communications between the FlyTrap and the CIA-controlled CherryTree, with the exception of copied network data, is encrypted and cryptographically authenticated. For extra stealth, the encrypted data masquerades as a browser cookie in an HTTP GET request for an image file. The CherryTree server then responds to the request with a corresponding binary image file.
CherryBlossom is the latest release in WikiLeaks Vault7 series, which the site purports was made possible when the "CIA lost control of the majority of its hacking arsenal." CIA officials have declined to confirm or deny the authenticity of the documents, but based on the number of pages and unique details exposed in the series, there is broad consensus among researchers that the documents are actual CIA materials.
-- submitted from IRC
(Score: 4, Funny) by bradley13 on Friday June 16 2017, @11:21AM (6 children)
Of course, we can be certain that the CIA was careful to get a warrant each and every time it wanted to use this software. We can be equally certain that they uninstalled the software when they were finished.
Everyone is somebody else's weirdo.
(Score: 1) by khallow on Friday June 16 2017, @11:51AM
(Score: 3, Funny) by kaszz on Friday June 16 2017, @12:07PM
Anonymous, hereby grants you a perpetual warrant to be used anytime you so deem necessary to use for deep no sunlight probing of any sunless CIA entry point you may find. For efficiency reasons you are relieved (not in the sun free zone) from any duty to remove any penetrative tool you deemed necessary or the effects of said object. This warrant does not imply any unnatural inclination nor does it limit any such inclination.
/Ûberpenatrative Uhrifficer!
No Commodore-2^6 communications chip were ever sacrificed for this cause. May your chips have many productive cycles!
(Score: 0) by Anonymous Coward on Friday June 16 2017, @01:49PM
You never know. They may have installed a ReadMe file containing a copy of the warrant ;-)
(Score: 2) by Snotnose on Friday June 16 2017, @02:33PM
If you read the doc you'll see the software can't be uninstalled. They have a kill command that, when received, de-activates flytrap. The kill command persists across reboots.
When the dust settled America realized it was saved by a porn star.
(Score: 2) by KGIII on Friday June 16 2017, @04:22PM
In theory, these would only be used against non-citizens who are outside of the border - with some exceptions with oversight.
Don't laugh. I said, "In theory." The CIA is, for the most part, not supposed to do covert activities on US soil.
"So long and thanks for all the fish."
(Score: 0) by Anonymous Coward on Friday June 16 2017, @07:51PM
They got a warrant every time it was required by our constitution. Seeing as the agency operates outside of US territory, that would be never.
As far as uninstallation goes, wouldn't you do that if you were trying to hide? The stuff probably self-destructs if you look at it funny.