WikiLeaks Releases Files on CIA Spying Geo-Location Malware for WiFi Devices
The WikiLeaks whistleblowing website published documents, showing how ELSA malware is allegedly used by US intelligence services to collect geolocation data from WiFi-enabled devices.
The WikiLeaks whistleblowing website on Wednesday released a new batch of CIA documents from the so-called Vault 7 project, showing how ELSA malware is allegedly used by US intelligence services to collect geolocation data from WiFi-enabled devices.
“Today, June 28th 2017, WikiLeaks publishes documents from the ELSA project of the CIA. ELSA is a geo-location malware for WiFi-enabled devices like laptops running the Micorosoft Windows operating system … If it [device] is connected to the internet, the malware automatically tries to use public geo-location databases from Google or Microsoft to resolve the position of the device and stores the longitude and latitude data along with the timestamp,” WikiLeaks said in a press release.
— WikiLeaks (@wikileaks) June 28, 2017
According to the statement, the malware, once it is persistently installed on a targeted device, does not have to be connected to the internet to continue collection of data.
“Additional back-end software (again using public geo-location databases from Google and Microsoft) converts unprocessed access point information from exfiltrated logfiles to geo-location data to create a tracking profile of the target device,” WikiLeaks said.
The whistleblowing platform released what appears to be the CIA’s user manual for the ELSA project as evidence.
WikiLeaks began releasing Vault 7 on March 7, with the first full part comprising 8,761 documents. The previous release took place on June 22 and was dedicated to the CIA “Brutal Kangaroo” hacking tool.