The Central Intelligence Agency (CIA) has been targeting wireless fidelity (WiFi) routers to conduct surveillance for several years, according to secret documents published by WikiLeaks on Friday. The latest release exposes CIA's network spying operation on the American public.
The new batch of documents is part of an ongoing series of leaks on secret files called Vault7, revealing the work of CIA's elite hacking unit called the Engineering Development Group in hacking WiFi routers and in using them as covert listening points as part of the agency's surveillance efforts.
The exposed files consist of a 175-page user manual dubbed as "Cherry Blossom" (CB). It includes installation guides, manuals and other documents that detail several hacking toolkits to exploit wireless networks. Infected routers are used to spy on the activity of internet-connected devices.
One document dated 2010 stated that the CIA, by 2012, supposedly planned to develop implants "for roughly 25 different devices from 10 different manufacturers" including Asus, Belkin, D-Link, Linksys, and Netgear. One of the implants is called a "Flytrap," a malicious firmware that can target laptops or phones based on IP and email addresses, chat user names and MAC addresses.
Flytrap sends the router's device status and security information to a CIA-controlled server which enables it to copy some or all of the user's internet traffic, email exchanges and private chat usernames. Spies can then monitor the internet activity of a target, scan for email addresses and phone numbers and compromise the device.
One significant fact about the documents is that these date back to 2007 when router hacking was less developed. This also means that, for at least a decade, the CIA has been spying on private homes, public spaces and businesses that use consumer antivirus software that doesn't track router malware.
Moreover, there is no evidence that that the router is being compromised. "The only thing is that everything you're doing on the internet is going through the CIA," said Matthew Hickey, a security researcher and founder of the firm Hacker House which analyzed the documents.