Wikileaks has released new files part of the Vault 7 series it claims it obtained from the CIA. The files dumped online yesterday reveal details about the inner workings of a biometrics system developed by the CIA, and which the agency has provided to various liaison services, such as the DHS, FBI, and NSA.

Documents details a tool named ExpressLane that the CIA uses to ensure that fellow liaison agencies share the collected biometrics with the CIA.

ExpressLane used to keep US liaison agencies in check

According to the files, the CIA designed its biometrics database in such a way that the entire system ceases to work after six months if a CIA operative doesn’t visit the liaison agency to install an update.

This update does not take place. The CIA operative that visits these liaison agencies inserts a USB device that runs the ExpressLane tool.

This app shows a splash screen that mimics an update status bar. In reality, ExpressLane collects all the new biometrics data recorded since the last visit. In addition, ExpressLane also prolongs the biometrics database kill date with another six months or any custom period of time.

ExpressLane setup
Fake update window

ExpressLane’s purpose is to make sure that other US agencies play fair with the CIA and share all the data they collect, otherwise, the CIA bricks its remote biometrics databases.

ExpressLane works together with another tool called ExitRamp, which is used to extract the biometrics data from the ExpressLane USB.

Tool co-developed with US company

According to the leaked documents, ExpressLane was developed for the CIA’s Directorate of Science and Technology (DST) and was used by two of its departments — the Office of Technical Services (OTS) and Identity Intelligence Center (I2C).

WikiLeaks claims that ExpressLane was co-developed together with US biometrics vendor CrossMatch, who is also known to provide other types of biometrics solutions to US law enforcement agencies. This is the same company that in 2011 claimed the US used one of its tools to identify and locate Osama Bin Laden.

Today's dump is part of a larger series called Vault 7 contains documents WikiLeaks claims were stolen from the CIA by hackers and insiders. You can follow the rest of our WikiLeaks Vault 7 coverage here. Below is a list of the most notable WikiLeaks "Vault 7" dumps:

Weeping Angel - tool to hack Samsung smart TVs
Fine Dining - a collection of fake, malware-laced apps
Grasshopper - a builder for Windows malware
DarkSeaSkies - tools for hacking iPhones and Macs
Scribble - beaconing system for Office documents
Archimedes - a tool for performing MitM attacks
AfterMidnight and Assassin - malware frameworks for Windows
Athena - a malware framework co-developed with a US company
Pandemic - a tool for replacing legitimate files with malware
CherryBlossom - a tool for hacking SOHO WiFi routers
Brutal Kangaroo - a tool for hacking air-gapped networks
ELSA - malware for geo-tracking Windows users
OutlawCountry - CIA tool for hacking Linux systems
BothanSpy & Gyrfalcon - CIA malware for stealing SSH logins
HighRise - Android app for intercepting & redirecting SMS data
Achilles, Aeris, & SeaPea - tools for hacking Mac & POSIX systems
Dumbo - tool to disable webcams and microphones
CouchPotato - tool to capture remote video streams