The leaked documents show that the agency has tools that make it easy to create custom attacks.
WikiLeaks has stirred up some serious controversy and concern with its various Vault7 leaks, which have uncovered numerous CIA hacking projects. The organization isn’t done yet, apparently, as it continues to release information on methods used by the U.S. intelligence agency to break into target computer systems.
The most recent release involves what’s called “Grasshopper,” specifically a collection of software tools used by the CIA to attack Microsoft’s Windows platform. The tools are essentially building blocks that CIA agents can use to snap together custom attacks, as Ars Technica reports.
The WikiLeaks Grasshopper release includes a set of user guides that are not unlike those issued by commercial software developers. While not the tools themselves, the documents provide a solid overview of how the tools function and what potential targets might want to look for in determining if their own systems have been subject to CIA attack.
As one document describes:
“Grasshopper is a software tool used to build custom installers for target computers running the Microsoft Windows operating system. An operator uses the Grasshopper builder to construct a custom installation executable.
The operator configures an installation executable to install one or more payloads using a variety of techniques. Each payload installer is built from individually configured components that implement part of the installation procedure.
The operator may designate that installation is contingent on the evaluation of the target environment. Target conditions are described using a custom rule language. The operator may configure the tool to output a log file during execution for later exfiltration.”
Grasshopper includes a variety of tools and techniques for a wide range of hacking functions, including methods for evading antivirus software. The WikiLeaks release also highlights a few of the organizations that use tools like Grasshopper, such as the Advanced Engineering Division (AED) that develops the CIA’s implant code and the Remote Development Branch (RDB) that develops remote implants.
What’s perhaps most fascinating about Grasshopper is its apparent focus on being easy to use. The tools do a lot of the work for agents, such as evaluating systems to make sure the target system has the right configuration for the chosen attack.
It’s likely that WikiLeaks will continue to release this kind of information. Whether or not it makes hackers’ jobs easier by giving them hints as to what kinds of tools are most effective remains an open question. But there’s no doubt that the most recent information makes the CIA’s job more difficult, including the fact that it holds the agency up to some ridicule for allowing the information to leak in the first place.