Wikileaks dump reveals how the CIA can track your exact location

W

How many people specifically know where you are right now? Some friends and family? Your coworkers, maybe? If you’re using a Windows laptop or PC you could add another group to the list: the CIA. Read more: WikiLeaks drops ‘Grasshopper’ documents, part four of its CIA Vault 7 files

New documents released on Wednesday as part of WikiLeaks’ series of CIA hacking revelations detail a method the agency uses to geolocate computers and the people using them. The agency infects target devices with malware that can then check which public Wi-Fi networks a given computer can connect to at a given moment, as well as the signal strengths of those networks. From there, the malware compares the list of available Wi-Fi options to databases of public Wi-Fi networks to figure out roughly where the device is.

The leaked documents detailing the project, which is known as ELSA, date back to 2013, and specifically address laptops and PCs running Windows 7. But experts say that the technique is straightforward enough that the CIA could have a version of it for every Windows release. “This technique has been done and known about for a long time,” says Alex McGeorge, the head of threat intelligence at the security firm Immunity. “It’s like give me all the information from the radios on your [device] to try to get a better fix on your location.”

ELSA only works on Wi-Fi-enabled workstations, but that’s…pretty much everything at this point. The specific process involves installing malware on a target computer, using that to access the victim device’s Wi-Fi sensor to check for nearby public Wi-Fi points, logging each one’s MAC address and Extended Service Set Identifier (the fingerprints of a Wi-Fi network), and then checking those identifiers against publicly available Wi-Fi databases maintained by Google and Microsoft. By combining this location data with signal strength readings, the malware can calculate the device’s approximate longitude and latitude at a given time. It then encrypts this data and stores it until a CIA agent can work to exfiltrate it. ELSA also includes a removal process so the CIA can cover its tracks. Read more: Encryption explained: how apps and sites keep your private data safe (and why that’s important)

While the underlying concepts are commonly enough known, pulling it off requires quite a bit of sophistication. The technique requires exploit tools (methods for taking advantage of unpatched bugs in computer software) to give the CIA access to the target device in the first place. And at the point where the agency can install ELSA malware on the device, they presumably also have access to do a host of other aspects of the computer in question. You can see how gathering location data might be a frequent priority, though, and the ELSA strategy is practical because it doesn’t require any specialized capabilities like GPS or a wireless chip. It can even work when the target device isn’t actually connected to the internet. As long as the Wi-Fi sensor is enabled, the malware can still record which Wi-Fi networks are in range and when, and store the information for later processing.

Researchers note that the Wi-Fi databases maintained by Google and Microsoft have expanded and improved since 2013, so it’s likely that the capability has only gotten more accurate over time. It might also have been possible for companies like Google and Microsoft to figure out who the CIA investigates into if they can glean any unique qualities of the database queries the malware would send. But now that technical details of the capability have leaked, the CIA will presumably revise it–if the agency hasn’t already over the last four years.

“If you had asked me before, ‘Does the CIA have some spy software shit that would do this?,’ I would have said yeah, of course,” McGeorge says. And now the world knows for sure.

About the author

Adeline Darrow

Whisked between bustling London and windswept Yorkshire moors, Adeline crafts stories that blend charming eccentricity with a touch of suspense. When not wrangling fictional characters, they can be found haunting antique bookstores or getting lost in the wilds with a good map

By Adeline Darrow

Categories

Get in touch

Content and images available on this website is supplied by contributors. As such we do not hold or accept liability for the content, views or references used. For any complaints please contact adelinedarrow@gmail.com. Use of this website signifies your agreement to our terms of use. We do our best to ensure that all information on the Website is accurate. If you find any inaccurate information on the Website please us know by sending an email to adelinedarrow@gmail.com and we will correct it, where we agree, as soon as practicable. We do not accept liability for any user-generated or user submitted content – if there are any copyright violations please notify us at adelinedarrow@gmail.com – any media used will be removed providing proof of content ownership can be provided. For any DMCA requests under the digital millennium copyright act
Please contact: adelinedarrow@gmail.com with the subject DMCA Request.