Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

The CIA Uses Bogus Software Upgrade to Steal Data from the FBI, DHS and NSA

August 30, 2017

Cynical as I am, I was still astonished to read the August 25^th report from ZDNet recounting the latest Vault 7 release from WikiLeaks. Apparently, the CIA didn’t trust its security service partners to share biometric information with it, so it created a bogus software upgrade to steal the data.

The data-stealing Trojan was created as part of a CIA project called ExpressLane, a piece of software installed by CIA Office of Technical Service (OTS) agents under the guise of upgrading the CIA’s biometric collection system. This biometric system was installed at the ‘liaison services’ or partners such as the NSA, Department of Homeland Security, and the FBI, according to WikiLeaks.

The CIA installed the biometric system at partner offices around the world and expected them to voluntarily share biometric data with the CIA. But in case they didn’t, the OTS agents installed ExpressLane to “verify that this data is also being shared with the Agency.” It also had a feature to cut off the liaison’s access to the system if it didn’t provide the CIA with access.

One CIA document noted, “The systems are provided to Liaison with the expectation for sharing of the biometric takes collected on the systems. Some of these biometric systems have already been given to the Liaison services. OTS/i2c plans to revisit these sites with the cover of upgrading the biometric software to perform a collection against the biometric takes.”

To enable OTS agents to install the Trojan in the presence of partner agents, ExpressLane included a “splash screen with a progress bar” to look like an authentic Windows install. Sneaky but clever.

OTS agents would install the software with a USB stick and could set the installation time of the update as well as a kill date before visiting the target. Once installed, the Trojan collected relevant files and then stored them in a secret partition on a specially watermarked thumb drive that an OTS agent inserted during a subsequent maintenance visit.

Now, it’s unlikely this specific version of ExpressLane is still supported given that the documents are dated 2009 and describe functionality for Windows XP. But still, the spying on other agencies is remarkable – and I would be surprised if something much like this wasn’t still going on.

What a tangled web we weave . . .

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
https://www.senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

The CIA Uses Bogus Software Upgrade to Steal Data from the FBI, DHS and NSA

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer