Today, June 28th 2017, WikiLeaks distributes records from the ELSA venture of the CIA. ELSA is a geo-area malware for WiFi-empowered gadgets like tablets running the Micorosoft Windows working framework. Once constantly introduced on an objective machine utilizing separate CIA abuses, the malware examines noticeable WiFi get to focuses and records the ESS identifier, MAC address and flag quality at standard interims. To play out the information accumulation the objective machine does not need to be on the web or associated with a get to point; it just should be running with an empowered WiFi gadget. In the event that it is associated with the web, the malware consequently tries to utilize open geo-area databases from Google or Microsoft to determine the position of the gadget and stores the longitude and scope information alongside the timestamp. The gathered get to point/geo-area data is put away in scrambled frame on the gadget for later exfiltration. The malware itself does not guide this information to a CIA back-end; rather the administrator should effectively recover the log document from the gadget – again utilizing separate CIA endeavors and secondary passages.
The ELSA extend enables the customization of the embed to coordinate the objective condition and operational goals like inspecting interim, most extreme size of the logfile and summon/determination technique. Extra back-end programming (again utilizing open geo-area databases from Google and Microsoft) changes over natural get to point data from exfiltrated logfiles to geo-area information to make a following profile of the objective gadget.
Download Elsa user manual here
Don’t forget to like us on Facebook and subscribe our newsletter for latest update.