WikiLeaks has released today eight manuals from the CIA's Dumbo project, a tool that the Agency uses to disable webcams, microphones, and other surveillance software.

The purpose of this tool is to cripple audio and video surveillance on critical targets so that field agents can perform their missions.

The tool — named Dumbo — isn't malware but a Windows-only utility that agents carry around on a USB thumb drive. The agent inserts the tool in one of the target's computers and runs it. The tool uses the following GUI:





Dumbo corrupts the enemy's audio/video surveillance

Dumbo is designed to automatically detect installed devices like webcams and microphones, either locally or connected by wireless (Bluetooth, WiFi) or wired networks. The tool lets operators disable these devices.

In addition, Dumbo also detects any processes related to these devices and the processes of recording or monitoring software. Agents can use the tool to delete or corrupt these processes, and indirectly their recordings.

The latest manual is entitled Dumbo v3.0 and is dated June 25, 2015. According to the manual, Dumbo needs SYSTEM privileges in order to run. This implies that CIA agents must use dedicated exploits together with Dumbo in the case they don't have access to a SYSTEM-level account.

Dumbo can cause fake BSOD errors to hide itself

Dumbo also comes with two features that cause a Blue Screen of Death (BSOD) on 32-bit and 64-bit platforms so CIA operators can mask the tool's operation, hiding it as a system error.

Dumbo supports 32-bit Windows XP, Windows Vista, and newer versions of Windows operating system. 64-bit Windows XP or Windows versions prior to XP are not supported.

On XP, the Kaspersky antivirus detects and blocks the installation of the device driver necessary for Dumbo to function properly. Other (unspecified) antivirus software blocks Dumbo's files that cause the BSOD errors.

The Dumbo manual recommends that operatives disable antivirus software, even if this action might get recorded in system logs and may raise a sign of alarm with a targets' IT staff.

Today's dump is part of a larger series called Vault 7 contains documents WikiLeaks claims were stolen from the CIA by hackers and insiders. You can follow the rest of our WikiLeaks Vault 7 coverage here. Below is a list of the most notable WikiLeaks "Vault 7" dumps:

Weeping Angel - tool to hack Samsung smart TVs
Fine Dining - a collection of fake, malware-laced apps
Grasshopper - a builder for Windows malware
DarkSeaSkies - tools for hacking iPhones and Macs
Scribble - beaconing system for Office documents
Archimedes - a tool for performing MitM attacks
AfterMidnight and Assassin - malware frameworks for Windows
Athena - a malware framework co-developed with a US company
Pandemic - a tool for replacing legitimate files with malware
CherryBlossom - a tool for hacking SOHO WiFi routers
Brutal Kangaroo - a tool for hacking air-gapped networks
ELSA - malware for geo-tracking Windows users
OutlawCountry - CIA tool for hacking Linux systems
BothanSpy & Gyrfalcon - CIA malware for stealing SSH logins
HighRise - Android app for intercepting & redirecting SMS data
Achilles, Aeris, & SeaPea - tools for hacking Mac & POSIX systems

Related Articles:

HP PCs Getting WDF_VIOLATION BSOD After Installing Windows 10 Updates