Security Market Segment LS
Friday, 30 June 2017 09:44

Vault 7: Windows 7 tool for wireless tracking detailed


Documents detailing malware for collecting data wirelessly with the aid of geolocation data has been released by WikiLeaks, as part of its Vault 7 CIA document dump.

The malware is known as Elsa and has to be installed using separate CIA exploits, according to the manual which was released on Wednesday. It runs on either 32-bit or 64-bit Windows 7.

It then scans visible Wi-Fi access points and periodically records the name of the connection, the MAC address and the signal strength.

The manual dates back to September 2013. It says: "Elsa provides pattern of life geolocation information by recording the details of Wi-Fi access points near the target machine and transmitting that metadata to third-party databases for resolution into latitude, longitude and an accuracy measure.

"These third-party databases exist to support location services in the Firefox, Chrome and Internet Explorer browsers according to the W3C specification. ELSA uses HTTPS connections to query these third-party services and saves its data into a 128-bit AES encrypted file."

The target machine does not need to be connected to an access point for the exploit to work; it only needs to be on and have its Wi-Fi device enabled.

When connected to the Internet, the malware stores geolocation data, collected from publicly available Microsoft and Google databases, along with timestamps.

Any collected data needs to be exfiltrated by an operator using other CIA exploits.

The first Vault 7 dump was on 7 March and it is claimed to be the biggest leak of CIA documents so far.


Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has high potential to be exposed to risk.

It only takes one awry email to expose an accounts payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 steps to improve your Business Cyber Security’ you will learn some simple steps you should be taking to prevent devastating malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you will learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments