WikiLeaks CIA Vault 7: Elsa & Outlaw Country

WikiLeaks CIA Vault 7: Elsa & Outlaw Country
0 comments, 05/07/2017, by , in Technology

WikiLeaks releases two more CIA Vault 7 drops on consecutive days: Elsa on Wednesday June 28, 2017 and Outlaw Country on Thursday the 29th.

Elsa

28 June, 2017 (Texas). WikiLeaks publishes documents from the ELSA project of the CIA. ELSA is a geo-location malware for WiFi-enabled devices like laptops running the Microsoft Windows operating system. Once persistently installed on a target machine using separate CIA exploits, the malware scans visible WiFi access points and records the ESS identifier, MAC address and signal strength at regular intervals. To perform the data collection the target machine does not have to be online or connected to an access point; it only needs to be running with an enabled WiFi device. If it is connected to the internet, the malware automatically tries to use public geo-location databases from Google or Microsoft to resolve the position of the device and stores the longitude and latitude data along with the timestamp. The collected access point/geo-location information is stored in encrypted form on the device for later exfiltration. The malware itself does not beacon this data to a CIA back-end; instead the operator must actively retrieve the log file from the device – again using separate CIA exploits and backdoors.

The ELSA project allows the customization of the implant to match the target environment and operational objectives like sampling interval, maximum size of the logfile and invocation/persistence method. Additional back-end software (again using public geo-location databases from Google and Microsoft) converts unprocessed access point information from exfiltrated logfiles to geo-location data to create a tracking profile of the target device.

Leaked Documents

ELSA User Manual

Outlaw Country

June 29th 2017 (Texas). WikiLeaks publishes documents from the OutlawCountry project of the CIA that targets computers running the Linux operating system. OutlawCountry allows for the redirection of all outbound network traffic on the target computer to CIA controlled machines for ex- and infiltration purposes. The malware consists of a kernel module that creates a hidden netfilter table on a Linux target; with knowledge of the table name, an operator can create rules that take precedence over existing netfilter/IP tables’ rules and are concealed from a user or even system administrator.

The installation and persistence method of the malware is not described in detail in the document; an operator will have to rely on the available CIA exploits and backdoors to inject the kernel module into a target operating system. OutlawCountry v1.0 contains one kernel module for 64-bit CentOS/RHEL 6.x; this module will only work with default kernels. Also, OutlawCountry v1.0 only supports adding covert DNAT rules to the PREROUTING chain.

Leaked Documents

OutlawCountry v1.0 User Manual

OutlawCountry v1.0 Test Plan

Editor’s Note:

We humbly seek your support and ask for your generosity in helping us to continue to report to you on news and information you’ll not be getting with the lamestream propaganda media. All our authors have a passion for getting their information out to the general public.

SHARE: To get the word out please copy the article URL to post and comment on your social media platforms. Citizen journalists like myself are under assault by the federal government for they passed anti-Free Speech and Censorship law in the NDAA bill that was signed into law in the dead of night on Christmas Eve, 2016 by Islam Emperor Obama. Free Speech is under attack and NDAA has legalized censorship by Google, Facebook, Twitter, YouTube, Vimeo and most internet platforms because all are globalists and leftists. The establishment republicans are just as dangerous as the democrats, for both are Tyrants! Near all internet hosts suppress and censors articles and videos that do not toe the leftist, globalist and totalitarian line.

COMMENTS: I disabled comments on my articles because the spam was obscene. Each article I wrote was getting around 500 spam comments daily. We have anti-spam software but these spammers spend tons of money to bypass. I guess the Google algorithm does not suppress or censor spam attacks, only prevents them from being seen on key word searches. This site and my articles are SEO optimized but to no avail when trying to out-maneuver the spammers and censor algorithms.

DONATIONS:  I am not salaried or compensated for writing and I am fine with that for my passion is distribution of information. I am a Patriot and NewsHawk Network is also. They are a new media site that started in 2017 and I am honored to write for them. They have no income and we row the same boat Passion together. If you like my writing please contribute by going to DONATE. NHN has an income sharing program that is proportionately distributed to authors based upon their overall contribution. Please give as you are able. I have provided a PayPal link below.

REWARDS PROGRAM: We have a rewards program set up to reward all who wish to help us financially. Please visit us at Patreon.com/NHN for details.

Support us monthly on Patreon.com/NHN      $1 minimum. Tier program of rewards

Support us with a one-time or annual contribution at DONATE.                     $12 MINIMUM

View us on Vid.me/newshawknetwork                         Alternative to YouTube, so far no censoring

FakeBook Alternative: http://Minds.com                    Join Minds.com; its FREE and unlike Facebook UNCENSORED

Twitter Alternative: http://Gab.ai/NHN                      Join Gab, its FREE and unlike Twitter UNCENSORED

About admin

Any article submitted to NHN from a freelance author or news wire service is published on the NHN website by a staff writer/editor. Author by-line and profiles are included in the article if provided by author.