Leaked secret documents have revealed that the CIA has been targeting and compromising home, office, and public wireless routers for years in an effort to carry out clandestine surveillance.
The documents, which could not be immediately verified, are part of an ongoing series of leaks released by the website WikiLeaks, revealing the work of the CIA’s elite hacking unit, dubbed the Engineering Development Group.
Among the dozens of files are user and installation guides, manuals, and other “secret”-marked maps and charts that reveal several hacking tool suites, which allow the agency to conduct targeted exploitation of networks and computers.
One of the tools, dubbed CherryBlossom, allows the agency to monitor the internet activity of a target, redirect their browser, scan for email addresses and phone numbers, and other software exploits.
(Image: supplied)
Routers remain a prime target for intelligence agencies and hackers alike because of they act as a central port of call for an entire network. What makes routers such an attractive target is that they are more often than not riddled with security flaws that make exploitation easy.
According to one 2010-dated document, the CIA had by mid-2012 developed implants “for roughly 25 different devices from 10 different manufacturers,” including Asus, Belkin, D-Link, Linksys, and Netgear.
“In general, once a make, model, and hardware version of a device is supported, it is straightforward to implant any later firmware versions, or international firmware versions, so long as the device has not changed its underlying hardware or operating system,” said the document.
It’s not clear if the implants are still working today or if they were retired.
ZDNET INVESTIGATIONS
US government pushed tech firms to hand over source code
At the US border, expect discrimination, detention, searches, and interrogation
Leaked: TSA documents reveal New York airport’s wave of security lapses
Meet the shadowy tech brokers that deliver your data to the NSA
Trump aides’ use of encrypted messaging may violate records law
An unsecured database leaves off-the-grid energy customers exposed
Inside the global terror watchlist that secretly shadows millions
Security flaws in Pentagon servers “likely” under attack by hackers
Revealed: How one Amazon Kindle scam made millions of dollars
US government subcontractor leaks confidential military personnel data