For the last month, Wikileaks has been dumping documents supposedly showing how the CIA goes about spying on electronic devices. The last round revealed the agency’s tools for infecting Mac and iPhone devices, so in the interests of keeping the fanboys happy, it’s only time that we learn how Windows PCs get hacked.
The latest trove of documents, part of the broader Vault 7 series of leaks, revolves around “Grasshopper,” which purports to be the agency’s developer kit for getting into Windows PCs.
According to user manuals discovered by Ars Technica, Grasshopper is a software tool that lets agents build custom installers to target particular PCs. The tool has all the building blocks for an exploit based on a number of software vulnerabilities, which the CIA can pick and choose from as necessary:
The operator configures an installation executable to install one or more payloads using a variety of techniques. Each payload installer is built from individually configured components that implement part of the installation procedure.
The operator may designate that installation is contingent on the evaluation of the target environment. Target conditions are described using a custom rule language. The operator may configure the tool to output a log file during execution for later exfiltration.
Manuals for the software tools show that the CIA takes components from malware used by hackers to steal financial information, not just exploits discovered by its own personnel. Luckily for the CIA, today’s dump of documents is mostly user manuals and technical documentation, rather than code. Previous Vault 7 leaks have included software frameworks that make it easier to work out which hacks are the work of the CIA. Although a user manual for Grasshopper helps show the CIA’s process for attacks, it doesn’t give us the unique fingerprint in the same way as some other Vault 7 documents.