Days pass and Vault 7, the portal where WikiLeaks publishes information on the nearly 9,000 CIA filtered documents, continues to be filled with new information. Thanks to them we have been able to find tools like BrutalKangaroo, or the software that the CIA used to avoid leaks.
Today thanks to Wired we have known a new feature of one of these tools of the CIA, in particular one that can geolocalize to any Windows user. The most conspiracy may have thought that it does not matter, because they know anyway use the system you use. And maybe they’re right.
Returning with this geolocation technique, to use it, the agency would infect target devices with malware that can check public WiFi networks to which a computer can connect at any time, as well as its signal strengths.
From there the malware compares the list of available WiFi networks with a database of such networks, through which it can determine where the device is. These leaks are part of a malware known as ELSA, which would have started operating in 2013. However, from the middle they point out that the technique could have had a ready version for each version of Windows.
This is how ELSA works
ELSA only works with workstations with wireless capabilities. Today it can be any device. The process for it to work involves installing malware on a target computer, using it to access the WiFi sensor on the victim’s device to check public WiFi networks.
Then it registers the MAC addresses and the ESSI of each one, to then cross them with the database of public networks that we mentioned previously, that maintains Google and Microsoft. By combining this location data with signal strength readings, the malware can calculate the approximate latitude and longitude of the device at any time.
Once he has extracted the data he is interested in, he numbers them until a CIA agent picks them up. ELSA also includes a process of elimination, so the agency can easily cover their tracks. Like everything that has been filtering until now, it is a fascinating work of engineering.