Vault 7: BothanSpy

BIG BROTHER / SPYING / SURVEILLANCE / WHISTLEBLOWING, 10 July 2017

WikiLeaks – TRANSCEND Media Service

Today, July 6th 2017, WikiLeaks publishes documents from the BothanSpy and Gyrfalcon projects of the CIA. The implants described in both projects are designed to intercept and exfiltrate SSH credentials but work on different operating systems with different attack vectors.

BothanSpy is an implant that targets the SSH client program Xshell on the Microsoft Windows platform and steals user credentials for all active SSH sessions. These credentials are either username and password in case of password-authenticated SSH sessions or username, filename of private SSH key and key password if public key authentication is used. BothanSpy can exfiltrate the stolen credentials to a CIA-controlled server (so the implant never touches the disk on the target system) or save it in an enrypted file for later exfiltration by other means. BothanSpy is installed as a Shellterm 3.x extension on the target machine.

Gyrfalcon is an implant that targets the OpenSSH client on Linux platforms (centos,debian,rhel,suse,ubuntu). The implant can not only steal user credentials of active SSH sessions, but is also capable of collecting full or partial OpenSSH session traffic. All collected information is stored in an encrypted file for later exfiltration. It is installed and configured by using a CIA-developed root kit (JQC/KitV) on the target machine.

Leaked Documents:

BothanSpy 1.0

Gyrfalcon 2.0 User Guide

Gyrfalcon 1.0 User Manual

_____________________________________________

All Releases:

Vault 7: OutlawCountry – 29 Jun 2017

Vault 7: Elsa – 28 Jun 2017

Vault 7: Brutal Kangaroo – 22 Jun 2017

Vault 7: Cherry Blossom – 15 Jun 2017

Vault 7: Pandemic – 1 Jun 2017

Vault 7: Athena – 19 May 2017

Vault 7: AfterMidnight & Assassin Frameworks – 12 May 2017

Vault 7: Archimedes – 5 May 2017

Vault 7: Scribbles Project – 28 Apr 2017

Vault 7: Weeping Angel – 21 Apr 2017

Vault 7: Hive Project – 14 Apr 2017

Vault 7: Grasshopper Framework – 7 Apr 2017

Vault 7: Marble Framework – 31 Mar 2017

Vault 7: Project Dark Matter – 23 Mar 2017

Vault 7: CIA Hacking Tools Revealed – 7 Mar 2017

Go to Original – wikileaks.org

 

Share or download this article:


DISCLAIMER: In accordance with title 17 U.S.C. section 107, this material is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. TMS has no affiliation whatsoever with the originator of this article nor is TMS endorsed or sponsored by the originator. “GO TO ORIGINAL” links are provided as a convenience to our readers and allow for verification of authenticity. However, as originating pages are often updated by their originating host sites, the versions posted may not match the versions our readers view when clicking the “GO TO ORIGINAL” links. This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a ‘fair use’ of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml. If you wish to use copyrighted material from this site for purposes of your own that go beyond ‘fair use’, you must obtain permission from the copyright owner.


There are no comments so far.

Join the discussion!

We welcome debate and dissent, but personal — ad hominem — attacks (on authors, other users or any individual), abuse and defamatory language will not be tolerated. Nor will we tolerate attempts to deliberately disrupt discussions. We aim to maintain an inviting space to focus on intelligent interactions and debates.

 (please enter the four letters and numbers you see above, no spaces)